New Users
Home
Products Guide
Recommend Products
People
Hot Companies
Technology
Case Studies
Awards
About This Guide
Scientific and Engineering Software Vendor - Protection against piracy and theft
Background: Customer is the leading scientific and engineering software vendor in its market space. Our customer had over $19 billion in operating revenue (FY06), has over 65,000 employees worldwide and is operating in approximately 80 countries. Our customer’s real-time technology solutions enable its customers to translate acquired data into useful information, and then transform this information into knowledge for improved decision making-anytime, anywhere. This enables the company to deliver ‘just-in-time’. With over 20 global research and engineering facilities, our customer places a strong emphasis on developing innovative technology that adds value. In 2006, they invested over $600 million in R&D.
Challenges: A global leader in technology solutions to the scientific software industry, this company employs over 60,000 people and operates in more than 80 countries providing global gas exploration analysis and technology. With new levels of investment in their software (priced at over $100K per seat) the alarming increase in intellectual property piracy, the company required protection against piracy and theft. Leading software management license technology and internal software security techniques deployed within the application were no match for the professional hackers. Even before the company formally released their software to the the market, “zero day” hackers, software pirates that hack software the same day it is released, reversed engineered the application and published it for sale on numerous hacker websites. To avoid the loss of millions of dollars of revenue and erosion of the software’s price point, the company wanted to extend the time-to-hack from 15 minutes to years. The goal was to harden the software’s license management solution and other security sub-systems. The application was written in “mixed-mode” using a combination of native C, C++, and .NET for Windows-PC environment. Additional requirements included integration with a hardware dongle and the customer’s nightly build system. The chosen solution needed to offer broad platform coverage and hardening of licensing components. In addition, the solution had to be stable with little impact to the application’s performance and size. After researching many different solutions, Arxan was selected.
Challenges: A global leader in technology solutions to the scientific software industry, this company employs over 60,000 people and operates in more than 80 countries providing global gas exploration analysis and technology.
With new levels of investment in their software (priced at over $100K per seat) the alarming increase in intellectual property piracy, the company required protection against piracy and theft.
Leading software management license technology and internal software security techniques deployed within the application were no match for the professional hackers. Even before the company formally released their software to the the market, “zero day” hackers, software pirates that hack software the same day it is released, reversed engineered the application and published it for sale on numerous hacker websites.
To avoid the loss of millions of dollars of revenue and erosion of the software’s price point, the company wanted to extend the time-to-hack from 15 minutes to years. The goal was to harden the software’s license management solution and other security sub-systems. The application was written in “mixed-mode” using a combination of native C, C++, and .NET for Windows-PC environment. Additional requirements included integration with a hardware dongle and the customer’s nightly build system.
The chosen solution needed to offer broad platform coverage and hardening of licensing components. In addition, the solution had to be stable with little impact to the application’s performance and size. After researching many different solutions, Arxan was selected.
“High value scientific software, such as our customer’s award winning product, is ripe for hackers to exploit and distribute because it commands a premium price point and provides strong business benefit. Given the widely distributed use of this software, across widespread global locations, and in countries without strong IP enforcement policies, our customer was losing over half their revenues to piracy. They have deployed Arxan on their flagship application and it has withstood over five months of deployment in the wild. The customer has now expanded their use of Arxan across the enterprise to over 20 applications."
Mike Dager, CEO of Arxan Technologies, Inc.
Issues: Pirates circumvented the customer’s third party, best of breed license management in the following ways, listed in increasing order of difficulty: Find valid keys that can be reused Generally OEM or volume keys Determine method to generate valid keys Reverse engineer the key generation or validation routines Spoof the presence of valid licenses By cloning a license server By spoofing the presence of the dongle Bypass license management Tamper with decision making routines to always return true Excise decision making routines altogether Fully reverse engineer product Extract IP-rich routines and package into a counterfeit product
Issues: Pirates circumvented the customer’s third party, best of breed license management in the following ways, listed in increasing order of difficulty:
Solution provided by Arxan: Arxan worked closely with the customer to quickly identify the vulnerabilities in the two million lines of application code and develop a protection plan which would serve as the blueprint for applying Arxan’s patented Guard technology. Arxan’s solution intertwined the license management functionality and the application libraries with anti-tamper and self-healing Guards to fortify the company’s software and the license management application. This technique ensures the hacker is not able to decouple the license management solution from the company’s software. The newly protected applicaton was offered to a red team of third party “friendly” hackers. The 4 man red team attacked the hardened license management code for two weeks to no avail. The team received a one week extension and still was not able to defeat Arxan’s Guard protection. Three months later, the system is still impenetrable. Arxan’s active Guard defense system enabled the application to actively defend static threats and detect, and react to dynamic attacks. By embedding logic that not only prevents tampering but also detects it and initiates action in response, the application is empowered to act in its own defense. With the security blueprint tested and complete, all subsequent releases of the software will be protected automatically requiring no additional work or cost.
Solution provided by Arxan: Arxan worked closely with the customer to quickly identify the vulnerabilities in the two million lines of application code and develop a protection plan which would serve as the blueprint for applying Arxan’s patented Guard technology. Arxan’s solution intertwined the license management functionality and the application libraries with anti-tamper and self-healing Guards to fortify the company’s software and the license management application. This technique ensures the hacker is not able to decouple the license management solution from the company’s software. The newly protected applicaton was offered to a red team of third party “friendly” hackers. The 4 man red team attacked the hardened license management code for two weeks to no avail. The team received a one week extension and still was not able to defeat Arxan’s Guard protection. Three months later, the system is still impenetrable.
Arxan’s active Guard defense system enabled the application to actively defend static threats and detect, and react to dynamic attacks. By embedding logic that not only prevents tampering but also detects it and initiates action in response, the application is empowered to act in its own defense.
With the security blueprint tested and complete, all subsequent releases of the software will be protected automatically requiring no additional work or cost.
Summary: Arxan’s solution has withstood attacks in the wild for 5 months now as of July 2007. Recently expanded to 20 applications within the company, over 150 developers in 3 locations are all deploying Arxan’s trusted solution. Thanks to Arxan, the company’s award winning software is protected from IP theft, price erosion, and lost revenue.
Arxan Technologies, Inc. 6903 Rockledge Drive, Suite 910 Bethesda, MD 20817 Tel: 1-301-968-4290
Download the document From Info Security Products Guide site: CLICK HERE
Recommend this to others:
HOME |
ADVERTISE WITH US |
TELL US ABOUT YOURSELF |
UPDATED PRIVACY POLICY |
Copyright © 2007 Silicon Valley Communications - All rights reserved.
