Neal Michie, Director of Product Management at PACE Anti-Piracy discusses how intellectual property in the form of algorithms deployed on the edge can be reverse engineered and stolen, and how a white-box solution can prevent this process from taking place.
New algorithms, increasingly AI and ML-based, are driving the large proportion of innovation in the media and entertainment space. Therefore, protecting the value being built means protecting those algorithms.
We see it time and again at PACE. A company with a brilliant innovative idea goes to market with its intellectual property (IP) properly protected and it reaps the rewards. We also regularly see the flip side, companies with equally brilliant ideas coming to us after their IP has been stolen and they are struggling to generate revenue.
The truth is that valuable algorithms are targeted by hackers and unscrupulous competitors alike. They are looking to gain from your developers’ hard work. Algorithms are reverse engineered to learn their secrets, or simply lifted wholesale and used in unlicensed deployments.
How does software IP get stolen?
To understand how software IP is stolen, it’s important to understand how it gets deployed.
Algorithms are turned into code which then gets compiled down to a machine executable format and deployed. When it is deployed to the edge (e.g. within a desktop application) it is at its most vulnerable.
The trouble is that the compiled code is not deployed into a nicely locked safe. Far from it. Code deployed at the edge, particularly onto open platforms, is easily accessed by hackers. That means they are able to access and lift those machine executable blocks of code.
While it’s compiled code, tools are available that allow developers to reverse engineer the code and get back to your algorithm: your valuable IP.
Unfortunately, this isn’t fiction. There are plenty of freely available tools and resources that explain how to do it. In many cases, those tools are the same as those used to develop the software in the first place!
Unprotected algorithms are a business risk
So, we understand that code effectively and efficiently documents our algorithms, and attackers can get to that documentation using reverse engineering. But what does that mean for our businesses?
In one word: risk. And, it’s not just a theoretical technical risk; it’s a real-world business risk.
We spend time and money developing IP because it brings us business benefits. Developing IP means we can do something no one else can. That means we can solve problems for our customers faster or more efficiently or simply better than the competition.
Successful engineering companies develop IP because it gives them a competitive advantage, they can do something no one else can; provides a monetisation opportunity, customers license IP because it gives them a competitive advantage; and increased valuation, having valuable IP makes companies more valuable.
The flip side is that if the IP is exposed and others can leverage your hard work without applying the same effort, then these benefits are lost.
Worse than that, you’ve spent engineering effort for zero net gain.
Gaining the business benefits we should
Ensuring that engineering spend gives the business benefits it should means protecting the IP produced. The only way to do that is to prevent IP theft in the first place because, once revealed, there isn’t an effective response that will hide our IP secrets again.
Given that the algorithms are executing at the edge and we can’t rely on the host software platform to prevent access to the code, we have to look at options to add the necessary security.
An increasingly popular option is to do everything within our own code, using a pure software solution called white-box cryptography, often referred to simply as white-box.
Introducing white-box for algorithm protection
White-box technology provides a means to run algorithms securely in a pure software environment. Well known in media and entertainment for protecting cryptographic operations such as digital rights management (DRM), PACE has extended the technology to protect any algorithm.
White-boxes protect algorithms by combining code and data, including any security keys, with a range of computational and mathematical techniques. Making the operation unintelligible to hackers, preventing them from extracting the secrets.
As it is a pure software approach, it is very easy to deploy and is very flexible in terms of the algorithms you can run within the white-box, even chaining together multiple algorithms so complex operations can be performed without ever exposing data in the clear.
While white-box technology doesn’t necessarily stop someone accessing your software, it does stop them from reverse engineering the crucial algorithms within it. This isn’t basic obfuscation that is traditionally blanket applied to your whole software package. With its nature of being very targeted, white-box technology can achieve far stronger levels of protection.
This prevents attackers from understanding or reusing your IP. This in turn means we can safely deploy our IP at the edge with much less risk to its value.
To learn more about protecting algorithms with white-box technology, visit PACE Anti-Piracy at IBC on stand 14.D11.
Read more: Fourier Audio’s transform.engine embeds iLok USB hardware to enhance security
No comments yet