Application Licensing Using Mobile Agents

1
Application Licensing Using Mobile Agents

• Dr. Farhad A. Kamangar
• Nikhil M. Chakravarthy

2
Outline

• Software Licensing
• Problem Statement
• Proposed Solution
• Summery
• Future Work

3
Software Licensing

• Motivation.
• Revenue.
• U.S. Census bureau data in 2001.
• Revenue totaled 95.4 billion in 1999.
• Software information industry association
  (SIIA).
• Losses due to piracy at about 12 billion.
• Who is using it?
• Bin Laden used PGP?

4
Software Licensing

• License key.
• Available to the User, via printed or electronic
  media.
• Stored in software.
• Verification algorithm verifies the key.

5
Problem Statement

• License key is available to the user before
  installation.
• Leads to repeatable installation.
• Can analyze key to derive verification algorithm.
• Can analyze code to find stored key.

6
Current Scenario
7
Proposed Solution

• Design a licensing protocol which does not
  disclose the license key to the user.

8
Proposed Scenario
9
Protocol
10
Software Fragmentation

• Two piece jig saw
• One part on server (encrypted by key K)
• One part installed
• Watermarked
• Tamper proofed
• Obfuscated

11
Machine Signature

• Parameters
• Hardware
• Network card Mac address
• Hard drive
• Memory
• Video card
• Software
• Operating system
• Domain name / IP
• File stamps

12
Deriving the Key

• Generate machine signature (ms)
• Collect user information (ui)
• Send the two to the server. I (msui)
• Select generator (G) and verifier (V) pair
• Key is generated by G. K g(i)
• Verified by V. V(K) T

13
Patching

• Send Mobile Agent. MG, ui, V
• Generate machine signature (ms)
• Reconstruct the key. K G(uims)
• Decrypt the fragment
• Complete the jig saw
• Reply / Return (Optional)

14
Sequence
Get Fingerprint
15
Summery

• User does not have access to the key.
• Mobile Agent delivers the license key.
• Software is fragmented and delivered in two
  steps.
• Machine signature is generated.

16
Future Work

• Machine Signature
• Loosely / Tightly Coupled
• Holographic signatures
• Prototype using Aglets

17
Questions?

• kamangar_at_cse.uta.edu
• chakrava_at_cse.uta.edu

18
References

• Collberg, C.S., Thomborson, C., Watermarking,
  tamper-proofing, and obfuscation - tools for
  software protection'', Software Engineering,
  IEEE Transactions on , Volume 28 Issue 8 , Aug
  2002 Page(s) 735 746
• James W. Stamos and David K. Gifford, Remote
  Evaluation'', ACM Transactions on Programming
  Languages and Systems, 12(4) 537--565, October
  1990.
• Giovanni Vigna (Ed.), Mobile Agents and
  Security'', Lecture notes in computer science,
  Vol 1419, Springer, 1998, ISBN 3-540-64792-9.

19
References

• D. B. Lange, M. Oshima, Programming and
  Deploying Java Mobile Agents with Aglets'',
  Addison-Wesley, 1998.
• Bruce Schneier, Applied Cryptography
  Protocols, Algorithms, and Source Code in C 2nd
  Edition'', Publishers John Wiley Sons, Inc.
  ISBN 0-471-12845-7.