Obfuscation

How we can evade, protest, and sabotage today's pervasive digital surveillance by deploying more data, not less—and why we should. With Obfuscation, Finn Brunton and Helen Nissenbaum mean to start a revolution. They are calling us not to the barricades but to our computers, offering us ways to fight today's pervasive digital surveillance—the collection of our data by governments, corporations, advertisers, and hackers. To the toolkit of privacy protecting techniques and projects, they propose adding obfuscation: the deliberate use of ambiguous, confusing, or misleading information to interfere with surveillance and data collection projects. Brunton and Nissenbaum provide tools and a rationale for evasion, noncompliance, refusal, even sabotage—especially for average users, those of us not in a position to opt out or exert control over data about ourselves. Obfuscation will teach users to push back, software developers to keep their user data safe, and policy makers to gather data without misusing it. Brunton and Nissenbaum present a guide to the forms and formats that obfuscation has taken and explain how to craft its implementation to suit the goal and the adversary. They describe a series of historical and contemporary examples, including radar chaff deployed by World War II pilots, Twitter bots that hobbled the social media strategy of popular protest movements, and software that can camouflage users' search queries and stymie online advertising. They go on to consider obfuscation in more general terms, discussing why obfuscation is necessary, whether it is justified, how it works, and how it can be integrated with other privacy practices and technologies.

Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses. Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews Looks at security tools like IDS/IPS that are often the only defense in protecting sensitive data and assets Evaluates Web application vulnerabilties from the attacker's perspective and explains how these very systems introduce new types of vulnerabilities Teaches how to secure your data, including info on browser quirks, new attacks and syntax tricks to add to your defenses against XSS, SQL injection, and more

How we can evade, protest, and sabotage today's pervasive digital surveillance by deploying more data, not less—and why we should. With Obfuscation, Finn Brunton and Helen Nissenbaum mean to start a revolution. They are calling us not to the barricades but to our computers, offering us ways to fight today's pervasive digital surveillance—the collection of our data by governments, corporations, advertisers, and hackers. To the toolkit of privacy protecting techniques and projects, they propose adding obfuscation: the deliberate use of ambiguous, confusing, or misleading information to interfere with surveillance and data collection projects. Brunton and Nissenbaum provide tools and a rationale for evasion, noncompliance, refusal, even sabotage—especially for average users, those of us not in a position to opt out or exert control over data about ourselves. Obfuscation will teach users to push back, software developers to keep their user data safe, and policy makers to gather data without misusing it. Brunton and Nissenbaum present a guide to the forms and formats that obfuscation has taken and explain how to craft its implementation to suit the goal and the adversary. They describe a series of historical and contemporary examples, including radar chaff deployed by World War II pilots, Twitter bots that hobbled the social media strategy of popular protest movements, and software that can camouflage users' search queries and stymie online advertising. They go on to consider obfuscation in more general terms, discussing why obfuscation is necessary, whether it is justified, how it works, and how it can be integrated with other privacy practices and technologies.

This book introduces readers to various threats faced during design and fabrication by today’s integrated circuits (ICs) and systems. The authors discuss key issues, including illegal manufacturing of ICs or “IC Overproduction,” insertion of malicious circuits, referred as “Hardware Trojans”, which cause in-field chip/system malfunction, and reverse engineering and piracy of hardware intellectual property (IP). The authors provide a timely discussion of these threats, along with techniques for IC protection based on hardware obfuscation, which makes reverse-engineering an IC design infeasible for adversaries and untrusted parties with any reasonable amount of resources. This exhaustive study includes a review of the hardware obfuscation methods developed at each level of abstraction (RTL, gate, and layout) for conventional IC manufacturing, new forms of obfuscation for emerging integration strategies (split manufacturing, 2.5D ICs, and 3D ICs), and on-chip infrastructure needed for secure exchange of obfuscation keys- arguably the most critical element of hardware obfuscation.

This book explains the development of cryptographic obfuscation, providing insight into the most important ideas and techniques. It will be a useful reference for researchers in cryptography and theoretical computer science.

“This book gives thorough, scholarly coverage of an area of growing importance in computer security and is a ‘must have’ for every researcher, student, and practicing professional in software protection.” —Mikhail Atallah, Distinguished Professor of Computer Science at Purdue University Theory, Techniques, and Tools for Fighting Software Piracy, Tampering, and Malicious Reverse Engineering The last decade has seen significant progress in the development of techniques for resisting software piracy and tampering. These techniques are indispensable for software developers seeking to protect vital intellectual property. Surreptitious Software is the first authoritative, comprehensive resource for researchers, developers, and students who want to understand these approaches, the level of security they afford, and the performance penalty they incur. Christian Collberg and Jasvir Nagra bring together techniques drawn from related areas of computer science, including cryptography, steganography, watermarking, software metrics, reverse engineering, and compiler optimization. Using extensive sample code, they show readers how to implement protection schemes ranging from code obfuscation and software fingerprinting to tamperproofing and birthmarking, and discuss the theoretical and practical limitations of these techniques. Coverage includes Mastering techniques that both attackers and defenders use to analyze programs Using code obfuscation to make software harder to analyze and understand Fingerprinting software to identify its author and to trace software pirates Tamperproofing software using guards that detect and respond to illegal modifications of code and data Strengthening content protection through dynamic watermarking and dynamic obfuscation Detecting code theft via software similarity analysis and birthmarking algorithms Using hardware techniques to defend software and media against piracy and tampering Detecting software tampering in distributed system Understanding the theoretical limits of code obfuscation

This book constitutes the thoroughly refereed post-conference proceedings of the 10th International Workshop on Digital-forensics and Watermarking (IWDW 2011) held in Atlantic City, NJ, USA, during October 23-26, 2011. The 37 revised full papers presented were carefully selected from 59 submissions. Conference papers are organized in 6 technical sessions, covering the topics of steganography and steganalysis, watermarking, visual cryptography, forensics, anti-forensics, fingerprinting, privacy and security.

This book presents original contributions on the theories and practices of emerging Internet, Data and Web technologies and their applications in businesses, engineering and academia. As a key feature, it addresses advances in the life-cycle exploitation of data generated by digital ecosystem technologies. The Internet has become the most proliferative platform for emerging large-scale computing paradigms. Among these, Data and Web technologies are two of the most prominent paradigms, manifesting in a variety of forms such as Data Centers, Cloud Computing, Mobile Cloud, Mobile Web Services, and so on. These technologies altogether create a digital ecosystem whose cornerstone is the data cycle, from capturing to processing, analysis and visualization. The need to investigate various research and development issues in this digital ecosystem has been made even more pressing by the ever-increasing demands of real-life applications, which are based on storing and processing large amounts of data. Given its scope, the book offers a valuable asset for all researchers, software developers, practitioners and students interested in the field of Data and Web technologies.