A group of cybersecurity and computer science experts backed by the Defense Advanced Research Projects Agency began a long-term encryption research effort last month that could one day prevent hackers from being able to reverse engineer and steal software.
The goal of DARPA’s Safeware program is to develop technology that can cryptographically obscure software code, making it impossible for cybercriminals or competitors to reverse-engineer stolen software. The researchers are about one month into a four year effort, but officials said the fundamental nature of the research being conducted means practical capabilities and products are likely 10 to 20 years away.
Kurt Rohloff, an encryption expert and professor at the New Jersey Institute of Technology, is currently leading the DARPA-funded team, which includes two MIT professors, a University of California San Diego professor, and defense contractor Raytheon BBN Technologies.
“This is right now pie-in-the-sky research,” Rohloff explained, during an interview with MeriTalk. “Up until now, most have used basic hacks to do obscuration. The problem with the initial capability was that it was very slow,” he said, “It was very, very hard to get the programs to run in any kind of reasonable time.”
But a mathematical breakthrough that occurred two years ago showed it is theoretically possible to perform cryptographic obfuscation of programs. And it’s this new capabiltiity that Rohloff and his team are exploring.
The immediate research focus is on lattice-based cryptography. Also known as post-quantum encryption – lattice-based encryption is resistant to even the massive power of a quantum computing device. “A big part of my research is focused on building an open-source library to develop and provide lattice crypto technology. We’re getting pretty close to our first release,” Rohloff said.
It’s precisely because of the long-term nature of the research that DARPA is involved, according to Rohloff. “There’s historically a 20-year lag between mathematical breakthroughs and actual consumer use of encryption technology,” he said, pointing as an example to the development of public key encryption in the 1970s and its eventual use in the 1990s.
But there are other potential uses of the technology in the network security realm. Criminal hackers typically begin their attacks by simply looking for vulnerabilities and weaknesses. One example that Rohloff uses is the exploitation of printer drivers.
“Printer drivers are often written by folks whose main business is to build hardware and don’t have a lot of experience in cybersecurity,” he said. “And these printer drivers are often installed at the last minute and aren’t updated that often. And because they provide a network interface, they are used as vectors of attack for adversaries to get into a network.”
But Rohloff’s research may one day provide an additional layer of security that could help prevent those vulnerabilities from even being discovered. “One of the possibilities for encrypted obfuscation technology is if an adversary or cybercriminal were to get their hands on a printer driver – which is pretty easy to do – they wouldn’t be able to decompile the printer driver to look at the inner workings of it to see how it can be used to get into a network,” he said.
Still, the effort remains “fundamental research,” Rohloff cautioned. “Being able to do this in a real-time environment is a very, very long-term vision. One of the challenges that we’re facing is that obfuscation technology provides a relatively different compute model. So we’re still trying to figure out what are the optimal ways of designing the algorithms so they can be deployed efficiently,” he said.
“There are some things that we think we can do really well, like signature matching. But there are some things that we think will probably be quite challenging,” he said. “There’s a lot of gray space. A big part of the research right now is trying to figure out what we can actually get running.”