Dynamically Addressing the Gap of Software Application Protection without Hardware Security (2019)

By Rafie Shamsaasef & Aaron Anderson, CommScope

Hardware security may not always be available or feasible for applications running on platforms ranging from Original Equipment Manufacturer (OEM) devices to public cloud servers. To resolve this dilemma, a comprehensive software security solution is required that is easily applied and readily utilized by developers. This solution would address the security gap created by a growing demand for quickly deployable and securely protected applications. The authors will discuss newly developed advanced security technologies to provide practical protection against a wide range of attacks. These technologies deliver another layer of security to protect sensitive data and credentials.

With the exponential growth of video distribution to millions of subscribers, the processing and secure delivery of video is now more than ever essential to programmers, developers, and operators.

Utilizing a combination of innovative solutions such as white-box cryptography, software obfuscation and code signing, this flexible solution balances protection and performance while allowing customers to design, code and build to suit their needs. This is especially true in an end-to-end media content distribution system where attacks are often aimed at defeating conditional access or finding ways of exploiting services that are easier than circumventing cryptographic protection.

The design secures cryptographic algorithm implementations against intrusions such as secret-key, code lifting and side-channel attacks and allows the implementation of standard ciphers such as RSA, AES and ECC so that no intermediate key or data is exposed during cryptographic operations. The solution recognizes the threats of reverse engineering, debugger attachment and tampering attacks, and creates tools to further create a layer of security.

The authors provide insight into this comprehensive security solution and underlying technologies that protect software applications.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Securing Digital Content – Strengths And Weaknesses Of Software And Hardware Implementations
By Robin Wilson
2005
2019 Virtualized CPE Services Have Finally Arrived Via Service Delivery Platforms
By Ian Wheelock & Charles Cheevers, CommScope
2019
Security of Open Distributed Architectures: Yet Another SDN and NFV Security Paper
By Steve Goeringer, CableLabs; Dr. Indrajit Ray, Colorado State University
2017
Edge Compute and Software Life-Cycle Management: Creating Consumer Value and Flexibility
By Patrick Goemaere & Rajat Ghai, Technicolor
2018
The Evolution of Cable Network Security
By Matt Tooley, NCTA, Matt Carothers, Cox Communications, Michael Glenn, CableLabs, Michael O’Reirdan, Comcast, Chris Roosenraad, Time-Warner Cable, and Bill Sweeney, Comcast
2015
Openness And Secrecy In Security Systems: Polycipher Downloadable Conditional Access
By Tom Lookabaugh, PolyCipher and James Fahrny, Comcast Cable
2007
Advances In Content Management And Protection
By Wim Mooij, Mindport
2000
The Challenge of a Standard Software API
By Mark Eyer, Sony Electronics
2000
Bridging the Gap Between ETSI-NFV and Cloud Native Architecture
By YuLing Chen & Alon Bernstein, Cisco Systems Inc.
2017
Security And Savings: Going Digital And Getting Both
By Alec Main, Cloakware Corporation
2004
More Results >>