A Low-Cost Attack on Branch-Based Software Watermarking Schemes

  • Gaurav Gupta
  • Josef Pieprzyk
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4283)


In 2005, Ginger Myles and Hongxia Jin proposed a software watermarking scheme based on converting jump instructions or unconditional branch statements (UBSs) by calls to a fingerprint branch function (FBF) that computes the correct target address of the UBS as a function of the generated fingerprint and integrity check. If the program is tampered with, the fingerprint and integrity checks change and the target address will not be computed correctly. In this paper, we present an attack based on tracking stack pointer modifications to break the scheme and provide implementation details. The key element of the attack is to remove the fingerprint and integrity check generating code from the program after disassociating the target address from the fingerprint and integrity value. Using the debugging tools that give vast control to the attacker to track stack pointer operations, we perform both subtractive and watermark replacement attacks. The major steps in the attack are automated resulting in a fast and low-cost attack.


software watermark unconditional branch breakpoint 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Collberg, C., Carter, E., Debray, S., Huntwork, A., Linn, C., Stepp, M.: Dynamic path-based software watermarking. In: Proceedings of Conference on Programming Language Design and Implementation, vol. 39, pp. 107–118 (June 2004)Google Scholar
  2. 2.
    Collberg, C.S., Huntwork, A., Carter, E., Townsend, G.: Graph Theoretic Software Watermarks: Implementation, Analysis, and Attacks. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 192–207. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Collberg, C., Kobourov, S., Carter, E., Thomborson, C.: Error-correcting graphs for software watermarking. In: Proceedings of 29th Workshop on Graph Theoretic Concepts in Computer Science, pp. 156–167 (2003)Google Scholar
  4. 4.
    Collberg, C., Thomborson, C.: Software watermarking: Models and dynamic embeddings. In: Proceedings of Principles of Programming Languages 1999, POPL 1999, pp. 311–324 (1999)Google Scholar
  5. 5.
    Collberg, C.S., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation - tools for software protection. IEEE Transactions on Software Engineering 28, 735–746 (2002)CrossRefGoogle Scholar
  6. 6.
    Fukushima, K., Sakurai, K.: A Software Fingerprinting Scheme for Java Using Classfiles Obfuscation. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 303–316. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Myles, G., Collberg, C.: Software watermarking through register allocation: Implementation, analysis, and attacks. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 274–293. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Myles, G., Jin, H.: Self-validating Branch-Based Software Watermarking. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 342–356. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Nagra, J., Thomborson, C.: Threading Software Watermarks. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 208–223. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Qu, G., Potkonjak, M.: Analysis of watermarking techniques for graph coloring problem. In: Proceedings of International Conference on Computer Aided Design, pp. 190–193 (1998)Google Scholar
  11. 11.
    Qu, G., Potkonjak, M.: Hiding signatures in graph coloring solutions. In: Pfitzmann, A. (ed.) IH 1999. LNCS, vol. 1768, pp. 348–367. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Sosonkin, M., Naumovich, G., Memon, N.: Obfuscation of design intent in object-oriented applications. In: Proceedings of 3rd ACM workshop on Digital Rights Management, pp. 142–153 (2003)Google Scholar
  13. 13.
    Thomborson, C., Nagra, J., Somaraju, R., He, C.: Tamper-proofing software watermarks. In: Proceedings of Australasian Information Security Workshop, vol. 32, pp. 27–36 (2004)Google Scholar
  14. 14.
    Venkatesan, R., Vazirani, V.V., Sinha, S.: A Graph Theoretic Approach to Software Watermarking. In: Moskowitz, I.S. (ed.) IH 2001. LNCS, vol. 2137, pp. 157–168. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Gaurav Gupta
    • 1
  • Josef Pieprzyk
    • 1
  1. 1.Centre for Advanced Computing – Algorithms and Cryptography, Department of Computing, Division of Information and Communication SciencesMacquarie UniversitySydneyAustralia

Personalised recommendations