{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:24:07Z","timestamp":1750220647788,"version":"3.41.0"},"reference-count":39,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2021,2,9]],"date-time":"2021-02-09T00:00:00Z","timestamp":1612828800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Archit. Code Optim."],"published-print":{"date-parts":[[2021,6,30]]},"abstract":"\n Program obfuscation is a widely used cryptographic software intellectual property (IP) protection technique against reverse engineering attacks in embedded systems. However, very few works have studied the impact of combining various obfuscation techniques on the obscurity (difficulty of reverse engineering) and performance (execution time) of obfuscated programs. In this article, we propose a Genetic Algorithm\u00a0(GA)-based framework that not only optimizes obscurity and performance of obfuscated cryptographic programs, but it also ensures very low timing side-channel leakage. Our proposed\n T<\/jats:bold>\n iming\n S<\/jats:bold>\n ide\n C<\/jats:bold>\n hannel\n S<\/jats:bold>\n ensitive\n P<\/jats:bold>\n rogram\n O<\/jats:bold>\n bfuscation\n O<\/jats:bold>\n ptimization\n F<\/jats:bold>\n ramework (TSC-SPOOF) determines the combination of obfuscation transformation functions that produce optimized obfuscated programs with preferred optimization parameters. In particular, TSC-SPOOF employs normalized compression distance (NCD) and channel capacity to measure obscurity and timing side-channel leakage, respectively. We also use RISC-V rocket core running on a Xilinx Zynq FPGA device as part of our framework to obtain realistic results. The experimental results clearly show that our proposed solution leads to cryptographic programs with lower execution time, higher obscurity, and lower timing side-channel leakage than unguided obfuscation.\n <\/jats:p>","DOI":"10.1145\/3443707","type":"journal-article","created":{"date-parts":[[2021,2,10]],"date-time":"2021-02-10T14:29:54Z","timestamp":1612967394000},"page":"1-20","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Cryptographic Software IP Protection without Compromising Performance or Timing Side-channel Leakage"],"prefix":"10.1145","volume":"18","author":[{"given":"Arnab Kumar","family":"Biswas","sequence":"first","affiliation":[{"name":"Electrical and Computer Engineering department, National University of Singapore, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2021,2,9]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Stunix C\/C++ Obfuscator. 2020. Retrieved from http:\/\/stunnix.com\/support\/doc\/cxxo\/cxx-obfus.shtml. Stunix C\/C++ Obfuscator. 2020. Retrieved from http:\/\/stunnix.com\/support\/doc\/cxxo\/cxx-obfus.shtml."},{"key":"e_1_2_1_2_1","unstructured":"Obfuscator-LLVM. 2020. Retrieved from https:\/\/github.com\/obfuscator-llvm\/obfuscator\/. Obfuscator-LLVM. 2020. Retrieved from https:\/\/github.com\/obfuscator-llvm\/obfuscator\/."},{"key":"e_1_2_1_3_1","unstructured":"Crypto-algorithms benchmark. 2020. Retrieved from https:\/\/github.com\/B-Con\/crypto-algorithms. Crypto-algorithms benchmark. 2020. Retrieved from https:\/\/github.com\/B-Con\/crypto-algorithms."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1972.1054753"},{"key":"e_1_2_1_5_1","volume-title":"Optimization","author":"Arora Rajesh Kumar","unstructured":"Rajesh Kumar Arora . 2009. Optimization ( 1 st ed.). Chapman and Hall\/CRCl . Rajesh Kumar Arora. 2009. Optimization (1st ed.). Chapman and Hall\/CRCl.","edition":"1"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2160158.2160159"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3023872"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1972.1054855"},{"volume-title":"A Tool for Estimating Information Leakage","author":"Chothia Tom","key":"e_1_2_1_9_1","unstructured":"Tom Chothia , Yusuke Kawamoto , and Chris Novakovic . 2013. A Tool for Estimating Information Leakage . Springer , 690--695. Tom Chothia, Yusuke Kawamoto, and Chris Novakovic. 2013. A Tool for Estimating Information Leakage. Springer, 690--695."},{"key":"e_1_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Tom Chothia Yusuke Kawamoto and Chris Novakovic. 2013. A tool for estimating information leakage. In Computer Aided Verification Natasha Sharygina and Helmut Veith (Eds.). Springer Berlin 690--695. Tom Chothia Yusuke Kawamoto and Chris Novakovic. 2013. A tool for estimating information leakage. In Computer Aided Verification Natasha Sharygina and Helmut Veith (Eds.). Springer Berlin 690--695.","DOI":"10.1007\/978-3-642-39799-8_47"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1219058"},{"key":"e_1_2_1_12_1","unstructured":"The Tigress C Obfuscator. 2020. Retrieved from https:\/\/tigress.wtf\/download.html. The Tigress C Obfuscator. 2020. Retrieved from https:\/\/tigress.wtf\/download.html."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.2005.844059"},{"key":"e_1_2_1_14_1","volume-title":"Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection","author":"Collberg Christian","year":"2009","unstructured":"Christian Collberg and Jasvir Nagra . 2009 . Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection ( 1 st ed.). Addison-Wesley Professional . Christian Collberg and Jasvir Nagra. 2009. Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection (1st ed.). Addison-Wesley Professional.","edition":"1"},{"key":"e_1_2_1_15_1","unstructured":"Christian S. Collberg Clark D. Thomborson and Douglas Low. 1997. A taxonomy of obfuscating transformations. Christian S. Collberg Clark D. Thomborson and Douglas Low. 1997. A taxonomy of obfuscating transformations."},{"volume-title":"Building a Side Channel Based Disassembler","author":"Eisenbarth Thomas","key":"e_1_2_1_16_1","unstructured":"Thomas Eisenbarth , Christof Paar , and Bj\u00f6rn Weghenkel . 2010. Building a Side Channel Based Disassembler . Springer Berlin , 78--99. Thomas Eisenbarth, Christof Paar, and Bj\u00f6rn Weghenkel. 2010. Building a Side Channel Based Disassembler. Springer Berlin, 78--99."},{"key":"e_1_2_1_17_1","unstructured":"I. Harvey. 1992. SAGA cross: The mechanics of recombination for species with variable-length genotype. In Parallel Problem Solving from Nature 2. North-Holland 269--278. I. Harvey. 1992. SAGA cross: The mechanics of recombination for species with variable-length genotype. In Parallel Problem Solving from Nature 2. North-Holland 269--278."},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of the 1st European Conference on Artificial Life. The MIT Press","author":"Harvey I.","year":"1992","unstructured":"I. Harvey . 1992 . Species adaptation genetic algorithm: The basis for a continuing SAGA . In Proceedings of the 1st European Conference on Artificial Life. The MIT Press , Cambridge, MA. I. Harvey. 1992. Species adaptation genetic algorithm: The basis for a continuing SAGA. In Proceedings of the 1st European Conference on Artificial Life. The MIT Press, Cambridge, MA."},{"volume-title":"Proceedings of the IEEE 35th International Conference on Distributed Computing Systems Workshops. 120--127","author":"Hataba M.","key":"e_1_2_1_19_1","unstructured":"M. Hataba , R. Elkhouly , and A. El-Mahdy . 2015. Diversified remote code execution using dynamic obfuscation of conditional branches . In Proceedings of the IEEE 35th International Conference on Distributed Computing Systems Workshops. 120--127 . M. Hataba, R. Elkhouly, and A. El-Mahdy. 2015. Diversified remote code execution using dynamic obfuscation of conditional branches. In Proceedings of the IEEE 35th International Conference on Distributed Computing Systems Workshops. 120--127."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/360825.360861"},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the International Conference on Networking Systems and Security (NSysS\u201915)","author":"Islam M. L.","year":"2015","unstructured":"M. L. Islam , N. Nurain , S. Shatabda , and M. S. Rahman . 2015. FGPGA: An efficient genetic approach for producing feasible graph partitions . In Proceedings of the International Conference on Networking Systems and Security (NSysS\u201915) . 1--8. DOI:https:\/\/doi.org\/10.1109\/NSysS. 2015 .7043513 M. L. Islam, N. Nurain, S. Shatabda, and M. S. Rahman. 2015. FGPGA: An efficient genetic approach for producing feasible graph partitions. In Proceedings of the International Conference on Networking Systems and Security (NSysS\u201915). 1--8. DOI:https:\/\/doi.org\/10.1109\/NSysS.2015.7043513"},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the IEEE\/ACM 1st International Workshop on Software Protection. 3--9. DOI:https:\/\/doi.org\/10","author":"Junod P.","year":"2015","unstructured":"P. Junod , J. Rinaldini , J. Wehrli , and J. Michielin . 2015. Obfuscator-LLVM\u2014Software protection for the masses . In Proceedings of the IEEE\/ACM 1st International Workshop on Software Protection. 3--9. DOI:https:\/\/doi.org\/10 .1109\/SPRO. 2015 .10 P. Junod, J. Rinaldini, J. Wehrli, and J. Michielin. 2015. Obfuscator-LLVM\u2014Software protection for the masses. In Proceedings of the IEEE\/ACM 1st International Workshop on Software Protection. 3--9. DOI:https:\/\/doi.org\/10.1109\/SPRO.2015.10"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48405-1_25"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.28"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24174-6_23"},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the 12th International Joint Conference on e-Business and Telecommunications (ICETE\u201915)","volume":"04","author":"Mohsen R.","unstructured":"R. Mohsen and A. M. Pinto . 2015. Algorithmic information theory for obfuscation security . In Proceedings of the 12th International Joint Conference on e-Business and Telecommunications (ICETE\u201915) , Vol. 04 . 76--87. R. Mohsen and A. M. Pinto. 2015. Algorithmic information theory for obfuscation security. In Proceedings of the 12th International Joint Conference on e-Business and Telecommunications (ICETE\u201915), Vol. 04. 76--87."},{"volume-title":"Foundations and Practice of Security","author":"Mohsen Rabih","key":"e_1_2_1_29_1","unstructured":"Rabih Mohsen and Alexandre Miranda Pinto . 2016. Evaluating obfuscation security: A quantitative approach . In Foundations and Practice of Security . Springer International Publishing , 174--192. Rabih Mohsen and Alexandre Miranda Pinto. 2016. Evaluating obfuscation security: A quantitative approach. In Foundations and Practice of Security. Springer International Publishing, 174--192."},{"volume-title":"E-Business and Telecommunications","author":"Mohsen Rabih","key":"e_1_2_1_30_1","unstructured":"Rabih Mohsen and Alexandre Miranda Pinto . 2016. Theoretical foundation for code obfuscation security: A Kolmogorov complexity approach . In E-Business and Telecommunications . Springer International Publishing , 245--269. Rabih Mohsen and Alexandre Miranda Pinto. 2016. Theoretical foundation for code obfuscation security: A Kolmogorov complexity approach. In E-Business and Telecommunications. Springer International Publishing, 245--269."},{"volume-title":"Proceedings of the IEEE 7th International Conference on Cloud Computing. 979--981","author":"Nandina V.","key":"e_1_2_1_31_1","unstructured":"V. Nandina , J. M. Luna , C. C. Lamb , G. L. Heileman , and C. T. Abdallah . 2014. Provisioning security and performance optimization for dynamic cloud environments . In Proceedings of the IEEE 7th International Conference on Cloud Computing. 979--981 . V. Nandina, J. M. Luna, C. C. Lamb, G. L. Heileman, and C. T. Abdallah. 2014. Provisioning security and performance optimization for dynamic cloud environments. In Proceedings of the IEEE 7th International Conference on Cloud Computing. 979--981."},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23349"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/TETC.2015.2398824"},{"key":"e_1_2_1_34_1","volume-title":"Proceedings of the 24th USENIX Security Symposium (USENIX Security\u201915)","author":"Rane Ashay","year":"2015","unstructured":"Ashay Rane , Calvin Lin , and Mohit Tiwari . 2015 . Raccoon: Closing digital side-channels through obfuscated execution . In Proceedings of the 24th USENIX Security Symposium (USENIX Security\u201915) . USENIX Association, Washington, D.C., 431--446. Ashay Rane, Calvin Lin, and Mohit Tiwari. 2015. Raccoon: Closing digital side-channels through obfuscated execution. In Proceedings of the 24th USENIX Security Symposium (USENIX Security\u201915). USENIX Association, Washington, D.C., 431--446."},{"volume-title":"Proceedings of the Design, Automation Test in Europe Conference Exhibition (DATE\u201917)","author":"Reparaz O.","key":"e_1_2_1_35_1","unstructured":"O. Reparaz , J. Balasch , and I. Verbauwhede . 2017. Dude, is my code constant time? In Proceedings of the Design, Automation Test in Europe Conference Exhibition (DATE\u201917) . 1697--1702. O. Reparaz, J. Balasch, and I. Verbauwhede. 2017. Dude, is my code constant time? In Proceedings of the Design, Automation Test in Europe Conference Exhibition (DATE\u201917). 1697--1702."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/359340.359342"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2886012"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jcss.2010.06.018"},{"key":"e_1_2_1_39_1","volume-title":"Proceedings of the USENIX Annual Technical Conference (USENIX ATC\u201917)","author":"Xu Meng","year":"2017","unstructured":"Meng Xu , Kangjie Lu , Taesoo Kim , and Wenke Lee . 2017 . Bunshin: Compositing security mechanisms through diversification . In Proceedings of the USENIX Annual Technical Conference (USENIX ATC\u201917) . USENIX Association, 271--283. Meng Xu, Kangjie Lu, Taesoo Kim, and Wenke Lee. 2017. Bunshin: Compositing security mechanisms through diversification. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC\u201917). USENIX Association, 271--283."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIE.2011.2178216"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2012.2209662"}],"container-title":["ACM Transactions on Architecture and Code Optimization"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3443707","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3443707","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:19Z","timestamp":1750197739000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3443707"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,2,9]]},"references-count":39,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2021,6,30]]}},"alternative-id":["10.1145\/3443707"],"URL":"https:\/\/doi.org\/10.1145\/3443707","relation":{},"ISSN":["1544-3566","1544-3973"],"issn-type":[{"type":"print","value":"1544-3566"},{"type":"electronic","value":"1544-3973"}],"subject":[],"published":{"date-parts":[[2021,2,9]]},"assertion":[{"value":"2020-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-12-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-02-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}