Dynamically Addressing the Gap of Software Application Protection without Hardware Security (2019)

By Rafie Shamsaasef & Aaron Anderson, CommScope

Hardware security may not always be available or feasible for applications running on platforms ranging from Original Equipment Manufacturer (OEM) devices to public cloud servers. To resolve this dilemma, a comprehensive software security solution is required that is easily applied and readily utilized by developers. This solution would address the security gap created by a growing demand for quickly deployable and securely protected applications. The authors will discuss newly developed advanced security technologies to provide practical protection against a wide range of attacks. These technologies deliver another layer of security to protect sensitive data and credentials.

With the exponential growth of video distribution to millions of subscribers, the processing and secure delivery of video is now more than ever essential to programmers, developers, and operators.

Utilizing a combination of innovative solutions such as white-box cryptography, software obfuscation and code signing, this flexible solution balances protection and performance while allowing customers to design, code and build to suit their needs. This is especially true in an end-to-end media content distribution system where attacks are often aimed at defeating conditional access or finding ways of exploiting services that are easier than circumventing cryptographic protection.

The design secures cryptographic algorithm implementations against intrusions such as secret-key, code lifting and side-channel attacks and allows the implementation of standard ciphers such as RSA, AES and ECC so that no intermediate key or data is exposed during cryptographic operations. The solution recognizes the threats of reverse engineering, debugger attachment and tampering attacks, and creates tools to further create a layer of security.

The authors provide insight into this comprehensive security solution and underlying technologies that protect software applications.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Bitcode Obfuscation - Protecting Software Without Source Code Access
By Rafie Shamsaasef, Lex Aaron Anderson; CommScope
Cloud-based Dynamic Executable Verification
By Rafie Shamsaasef, Aaron Anderson & Sasha Medvinsky, CommScope
5G Security & Protection Framework
By Vasu Dalal & Patrick Nta, NOKIA
Securing Digital Content – Strengths And Weaknesses Of Software And Hardware Implementations
By Robin Wilson
2019 Virtualized CPE Services Have Finally Arrived Via Service Delivery Platforms
By Ian Wheelock & Charles Cheevers, CommScope
Motivational Metrics for Security: Driving Progress Without Burning Bridges
By Matt Carothers, Cox Communications; Brad Boucher, Cox Communications
Security of Open Distributed Architectures: Yet Another SDN and NFV Security Paper
By Steve Goeringer, CableLabs; Dr. Indrajit Ray, Colorado State University
A Flexible and Scalable Architecture for Over-the-Air Credentials Provisioning
By Alexander Medvinsky, Dr. Tat Chan, Dr. Xin Qiu & Jason Pasion, CommScope
Advances In Content Management And Protection
By Wim Mooij, Mindport
Edge Compute and Software Life-Cycle Management: Creating Consumer Value and Flexibility
By Patrick Goemaere & Rajat Ghai, Technicolor
More Results >>