An Obfuscated Implementation of RC4

Zahno, Roger; Youssef, Amr M.

doi:10.1007/978-3-642-31513-8_13

Roger Zahno⁴ &
Amr M. Youssef⁴

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 176))

1975 Accesses

Abstract

Because of its simplicity, ease of implementation, and speed, RC4 is one of the most widely used software oriented stream ciphers. It is used in several popular protocols such as SSL and it has also been integrated into many applications and software such as Microsoft Windows, Lotus Notes, Oracle Secure SQL and Skype.

In this paper, we present an obfuscated implementation for RC4. In addition to investigating different practical obfuscation techniques that are suitable for the cipher structure, we also perform a comparison between the performance of these different techniques. Our implementation provides a high degree of robustness against attacks from execution environments where the adversary has access to the software implementation such as in digital right management applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Menezes, A., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1996)
Google Scholar
Chow, S., Eisen, P.A., Johnson, H., van Oorschot, P.C.: White-Box Cryptography and an AES Implementation. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003)
Chapter Google Scholar
Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A White-Box DES Implementation for DRM Applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003)
Chapter Google Scholar
STUNNIX. C++ Obfuscator - Obfuscate C and C++ Code, http://www.stunnix.com/prod/cxxo/overview.shtml (accessed September 2011)
UPX: the Ultimate Packer for EXecutables, http://upx.sourceforge.net/ (accessed September 2011)
SecuriTeam. SecuriTeam - Shiva, ELF Encryption Tool, http://www.securiteam.com/tools/5XP041FA0U.html (accessed September 2011)
Collberg, C.S., Nagra, J.: Surreptitious Software: Obfuscation, Watermarking and Tamperproofing for Software Protection. Addison-Wesley (2010)
Google Scholar
Bergeron, J., Debbabi, M., Desharnais, J., Erhioui, M., Lavoie, Y., Tawbi, N.: Static detection of malicious code in executable programs. Int. J. of Req. Eng. (2001)
Google Scholar
Wang, C., Hill, J., Knight, J., Davidson, J.: Software Tamper Resistance: Obstructing Static Analysis of Programs. Technical Report CS-2000-12. Univ. of Virginia (2000)
Google Scholar
Reddit: the Front Page of the Internet. Skype’s Obfuscated RC4 Algorithm Was Leaked, so Its Discoverers Open Code for Review: Technology, http://www.reddit.com/r/technology/comments/cn4gn/skypes_obfuscated_rc4_algorithm_was_leaked_so_its/ (accessed September 2011)
Biondi, P., Desclau, F.: Silver Needle in the Skype, http://www.secdev.org/conf/skype_BHEU06.pdf (accessed September 2011)
Ogiso, T., Sakabe, Y., Soshi, M., Miyaji, A.: Software obfuscation on a theoretical basis and its implementation. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E86-A, 176–186 (2003)
Google Scholar
Collberg, C.S., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical Report 148, Department of Computer Science. University of Auckland (1997)
Google Scholar
Zhu, W., Thomborson, C.D., Wang, F.-Y.: Obfuscate arrays by homomorphic functions. In: GrC, pp. 770–773 (2006)
Google Scholar
Collberg, C.S., Thomborson, C.D., Low, D.: Manufacturing Cheap, Resilient and Stealthy Opaque Constructs. In: POPL, pp. 184–196 (1998)
Google Scholar
Park, J.-Y., Yi, O., Choi, J.-S.: Methods for practical whitebox cryptography. In: 2010 International Conference on Information and Communication Technology Convergence (ICTC), pp. 474–479 (November 2010)
Google Scholar
Link, H.E., Neumann, W.D.: Clarifying obfuscation: Improving the security of white-box encoding, cryptology eprint archive. In: Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC 2005), vol. I (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Quebec, Canada
Roger Zahno & Amr M. Youssef

Authors

Roger Zahno
View author publications
You can also search for this author in PubMed Google Scholar
Amr M. Youssef
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Roger Zahno .

Editor information

Editors and Affiliations

, Department of Computer Science, Jackson State University, John R. Lynch Street 1400, Jackson, 39217, USA
Natarajan Meghanathan
Wireilla Net Solutions PTY Ltd, Melbourne, Australia
Dhinaharan Nagamalai
Department of Computer Science & Eng., University of Calcutta, Calcutta, 700 073, India
Nabendu Chaki

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Zahno, R., Youssef, A.M. (2012). An Obfuscated Implementation of RC4. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol 176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31513-8_13

Download citation

DOI: https://doi.org/10.1007/978-3-642-31513-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31512-1
Online ISBN: 978-3-642-31513-8
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics