Validy Softnaos is a Proof Of Concept (POC) of Validy Technology (Patented)
You are faced with the piracy (illegal copy) of your software applications and/or the sabotage (attack against the integrity) of your IT systems. Validy SoftNaos combines a post-compiler with a secure co-processor which can put you back in control.
After transformation by Validy SoftNaos, your application is made up of a fine mix of unchanged instructions which are executed on the user's PC and transformed instructions that can only be executed by the secure co-processor which is in the form of a USB token.
Users retain full control over their computer, but your protected application can only run on a hybrid system of which you control one part. This principle is radically different from the one that dongles usually rely on.
Only the secret key, used to encrypt the transformed instructions, links the protected application to co-processors which hold this same key. This simplifies the management of applications updates and the distribution of the tokens to your clients.
Based only on published principles and on a secret cryptographic key held in the secure token, Validy SoftNaos gives you robust protection.
Validy Technology: a Short Introduction
The Problem
when users run a software application on their PC, they can observe, understand, and change both its code and its data
if the user is a cracker, this can lead to unlicensed use, altered behavior, or hijacking by malware
Secure Tokens
secure and tamper resistant processors have progressed and can now be used to hide a part of the application from crackers
but checking that a token is present, even in a roundabout way, or challenging it, even using cryptography, is not truly secure
Subtractive Protection
an effective protection scheme must subtract a part of the application to execute it inside the token
the challenge is to pick a part that is essential, hard to guess, and whose execution in the token does not ruin performance
Protection Time: Hiding Data
chosen fields or variables are relocated to the secure token
their value remain in the memory of the token at all time
host data structures keep pointers to locations in the token
Protection Time: Hiding Code
starting from loads and stores of relocated values, host instructions are selected and translated to the token instruction set
operations to exchange values with the token are inserted to ensure each host or token instruction can access its operands
Protection Time: Hiding Code cont'd
token instructions are combined with def-use chains derived from data flow analysis, ciphered, and embedded in place of the original host instructions
the token is generic except for the cryptographic key that must match the one used when protecting the application
At Runtime
values and ciphered instructions are forwarded to the token
instructions are unciphered, checked for consistency/correct data flow, then executed
computed values are returned when necessary
Reversing
to remove the protection, a cracker must infer the incoming flow of data from the outgoing flow of data and instructions
incoming values are the result of several kilo instructions operating each second on data accumulated over the lifetime of the application
all the exchanges with the token can be observed, but because they embed data flow information and are ciphered, token instructions are extremely difficult to change or remove without the token detecting it
Advantages
strong protection against software piracy without undue control of the user's machine or breach of privacy
low impact on the development and distribution of the software: protection is mostly automated, application updates can be produced after the tokens are in the field
integrity checks or accesses to token cryptographic resources (for authentication or signature) can be added and securely tied to other token instructions