Abstract
Because of its simplicity, ease of implementation, and speed, RC4 is one of the most widely used software oriented stream ciphers. It is used in several popular protocols such as SSL and it has also been integrated into many applications and software such as Microsoft Windows, Lotus Notes, Oracle Secure SQL and Skype.
In this paper, we present an obfuscated implementation for RC4. In addition to investigating different practical obfuscation techniques that are suitable for the cipher structure, we also perform a comparison between the performance of these different techniques. Our implementation provides a high degree of robustness against attacks from execution environments where the adversary has access to the software implementation such as in digital right management applications.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Menezes, A., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1996)
Chow, S., Eisen, P.A., Johnson, H., van Oorschot, P.C.: White-Box Cryptography and an AES Implementation. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003)
Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A White-Box DES Implementation for DRM Applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003)
STUNNIX. C++ Obfuscator - Obfuscate C and C++ Code, http://www.stunnix.com/prod/cxxo/overview.shtml (accessed September 2011)
UPX: the Ultimate Packer for EXecutables, http://upx.sourceforge.net/ (accessed September 2011)
SecuriTeam. SecuriTeam - Shiva, ELF Encryption Tool, http://www.securiteam.com/tools/5XP041FA0U.html (accessed September 2011)
Collberg, C.S., Nagra, J.: Surreptitious Software: Obfuscation, Watermarking and Tamperproofing for Software Protection. Addison-Wesley (2010)
Bergeron, J., Debbabi, M., Desharnais, J., Erhioui, M., Lavoie, Y., Tawbi, N.: Static detection of malicious code in executable programs. Int. J. of Req. Eng. (2001)
Wang, C., Hill, J., Knight, J., Davidson, J.: Software Tamper Resistance: Obstructing Static Analysis of Programs. Technical Report CS-2000-12. Univ. of Virginia (2000)
Reddit: the Front Page of the Internet. Skype’s Obfuscated RC4 Algorithm Was Leaked, so Its Discoverers Open Code for Review: Technology, http://www.reddit.com/r/technology/comments/cn4gn/skypes_obfuscated_rc4_algorithm_was_leaked_so_its/ (accessed September 2011)
Biondi, P., Desclau, F.: Silver Needle in the Skype, http://www.secdev.org/conf/skype_BHEU06.pdf (accessed September 2011)
Ogiso, T., Sakabe, Y., Soshi, M., Miyaji, A.: Software obfuscation on a theoretical basis and its implementation. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E86-A, 176–186 (2003)
Collberg, C.S., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical Report 148, Department of Computer Science. University of Auckland (1997)
Zhu, W., Thomborson, C.D., Wang, F.-Y.: Obfuscate arrays by homomorphic functions. In: GrC, pp. 770–773 (2006)
Collberg, C.S., Thomborson, C.D., Low, D.: Manufacturing Cheap, Resilient and Stealthy Opaque Constructs. In: POPL, pp. 184–196 (1998)
Park, J.-Y., Yi, O., Choi, J.-S.: Methods for practical whitebox cryptography. In: 2010 International Conference on Information and Communication Technology Convergence (ICTC), pp. 474–479 (November 2010)
Link, H.E., Neumann, W.D.: Clarifying obfuscation: Improving the security of white-box encoding, cryptology eprint archive. In: Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC 2005), vol. I (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zahno, R., Youssef, A.M. (2012). An Obfuscated Implementation of RC4. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol 176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31513-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-31513-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31512-1
Online ISBN: 978-3-642-31513-8
eBook Packages: EngineeringEngineering (R0)