Technology

Validy Softnaos is a Proof Of Concept (POC) of Validy Technology (Patented)

You are faced with the piracy (illegal copy) of your software applications and/or the sabotage (attack against the integrity) of your IT systems. Validy SoftNaos combines a post-compiler with a secure co-processor which can put you back in control.

After transformation by Validy SoftNaos, your application is made up of a fine mix of unchanged instructions which are executed on the user's PC and transformed instructions that can only be executed by the secure co-processor which is in the form of a USB token.


Users retain full control over their computer, but your protected application can only run on a hybrid system of which you control one part. This principle is radically different from the one that dongles usually rely on.

Only the secret key, used to encrypt the transformed instructions, links the protected application to co-processors which hold this same key. This simplifies the management of applications updates and the distribution of the tokens to your clients.

Based only on published principles and on a secret cryptographic key held in the secure token, Validy SoftNaos gives you robust protection.

Validy Technology: a Short Introduction

The Problem

when users run a software application on their PC, they can observe, understand, and change both its code and its data

if the user is a cracker, this can lead to unlicensed use, altered behavior, or hijacking by malware

Secure Tokens

secure and tamper resistant processors have progressed and can now be used to hide a part of the application from crackers

but checking that a token is present, even in a roundabout way, or challenging it, even using cryptography, is not truly secure

Subtractive Protection

an effective protection scheme must subtract a part of the application to execute it inside the token

the challenge is to pick a part that is essential, hard to guess, and whose execution in the token does not ruin performance

Protection Time: Hiding Data

chosen fields or variables are relocated to the secure token

their value remain in the memory of the token at all time

host data structures keep pointers to locations in the token

Protection Time: Hiding Code

starting from loads and stores of relocated values, host instructions are selected and translated to the token instruction set

operations to exchange values with the token are inserted to ensure each host or token instruction can access its operands

 

 

Protection Time: Hiding Code cont'd


token instructions are combined with def-use chains derived from data flow analysis, ciphered, and embedded in place of the original host instructions

the token is generic except for the cryptographic key that must match the one used when protecting the application

At Runtime

values and ciphered instructions are forwarded to the token

instructions are unciphered, checked for consistency/correct data flow, then executed

computed values are returned when necessary

Reversing

to remove the protection, a cracker must infer the incoming flow of data from the outgoing flow of data and instructions

incoming values are the result of several kilo instructions operating each second on data accumulated over the lifetime of the application

all the exchanges with the token can be observed, but because they embed data flow information and are ciphered, token instructions are extremely difficult to change or remove without the token detecting it

Advantages

strong protection against software piracy without undue control of the user's machine or breach of privacy

low impact on the development and distribution of the software: protection is mostly automated, application updates can be produced after the tokens are in the field

integrity checks or accesses to token cryptographic resources (for authentication or signature) can be added and securely tied to other token instructions