Watermarking in Software Protection Techniques – An Overview

Software piracy substantively reduces the achievable revenue for software creators. Software pirates prefer to act from countries where legal support in prosecuting malign subjects is very poor to not satisfactory at all, so that the software provider remains often unable to enforce his license terms. Today, the best approach solving this problem is the integration of protection mechanisms in the software, with the intention to make the software as difficult to crack as possible.

Recently, more methods have been searched to protect software from piracy by inserting a secret message, the so called watermarking. This mark is hidden within the data of the software. The technique furnishes a reliably strong software protection because such watermark can only be abstracted easily by someone who possesses the secret key used for the building of the watermark. Still, a malevolent user could attack the license mechanism by manipulating it into inadmissible affirming the presence of a valid license, even if there is none effectively available. In this context, the recent developed methods seem to be reliably secure though.

Developers watermark a software by implanting unique identifiers to assert ownership to the rightful owner but also to track down the pirate after the illicit act. So, software watermarking itself also avoids piracy by scaring the user from copyright infringement by increasing the likelihood of getting caught. It must be stated that watermarking is not a simple technique. Most other existing anti-piracy techniques are easy to implement, although their effectiveness in preventing piracy is often questionable. In addition, nowdays, many applications are distributed in formats easy to reverse engineer – see Java bytecode and Microsoft Intermediate Language – so that also in the case of watermarking, the cracker could decompile or study the source code under disassembler and / or debugger to locate and remove all remains of the technique.

The general idea of ​​software watermarking is very similar to digital media watermarking in which a unique identifier is embedded in images, audio, or videos. The method is applied through the introduction of minor errors which are not noted by users. On the other hand, the watermark can not be applied in software through error causing techniques since software depends completely on an error free functionality.

So, software watermarking implants a unique identifier – called the watermark – into a program. If the identifier uniquely establishes the author of the program, then the identifier is a copyright notice. However, if the identifier uniquely identifies the legal purchaser of the program, then the watermark is a fingerprint. An important aspect of watermarking is the use of a secret key. Through the use of the key, the watermark is merged into the program, producing a – though slightly – different program. Still, the identity problem remains the same: a watermark can prove ownership but it can not point to the actual culprit of the illicit action. To add such characteristics to the watermark, it becomes a fingerprint: in fact, the fingerprint data is a watermark containing data from the individual customer.

Static watermarks are stored in the program binary itself but dynamic watermarks are created at runtime and stored in program memory. Static software watermarking is practiced for a longer time, the dynamic version was introduced more recently. The dynamic watermark is built – while it is executed – within the dynamically allocated data structures of a program. Still, an aggressor could apply reverse engineering to locate the watermark generating code. He might then get rid of the generating code, thus removing the watermark from the product as well. For such cases, the suggested use is the fingerprint, a special variant of watermark. Fingerprinting means each individual copy of the software is exclusively watermarked, so allowing an identification of each particular copy of a software product. In other words, by the method of fingerprinting, each copy of the software is individually watermarked, each containing data pointing to its customer instead of its developer.

Overall, watermarking and fingerprinting are very effective in fighting back software piracy. But the result is not perfect which makes additional protection techniques are most advisable. Combined with other known techniques, cracking such schemes becomes so time consuming that even the experienced cracker may choose for easier material.

Leave a Reply