SOFTWARE WATERMARKING BY TIMING CODE
EXECUTION
Claudiu Chiru, Spiru Haret University Constanta , 32-34 Unirii Street
Păcuraru Raluca, Spiru Haret University Constanta , 32-34 Unirii Street
Abstract
Watermarking is a technique to embed a secret message into a cover message. The secret is usually a copyright
message. Using this method, intellectual property can be protected against theft and can be used to prove ownership. In
software watermarking the secret is a copyright notice embedded into a program. Later, the watermark can be retrieved
and allows to prove ownership.
This paper presents a new method of watermarking based on code execution timing. The watermarking method consists
in inserting a piece of code which generates a time sequence by doing some calculation. Using time measurements the
watermark verifier can extract the watermark.
Key words: watermarking, code execution timing, copyright protection
1. Timing attacks
Most of the time, by analyzing input and output, attackers try to find out some parts of the secret keys that
are used by the cryptographic algorithm. Modern attacking techniques use an alternate source of
information (side channel information) which makes the secret values less secure.
The side channel cryptanalysis uses a source of information based on the flow of data in form of
unintended output. The sources of information are: timings, power consumption or electromagnetic
radiation. Side channel cryptanalysis can be used against both symetric or asymetric cryptographic
algorithms.
secret key
cipher text
plain text
Symmetric
Cryptographic Algorithm
execution time
electromagnetic
radiation
power
consumption
Fig. 1.1. Side channel analysis
The execution time of an algorithm can reveal information about certain values used in calculations. If the
execution time is constant, regardless of the values used, then the obtained information has no relevance. If
the execution time is variable and depends on the values used in calculation, then by execution time
analysis one can extract useful information.
Example of an algorithm that generates a variable time sequence depending on a input value
The exponentiating square-and-multiply algorithm is:
1.x  1
2. for i=n-1 la 0 execute
3. x  x2 mod N
4. if di=1 then
5. xxM mod N
6. end_if
7. end_for
Fig. 1.2. The exponentiating square-and-multiply algorithm
The algorithm calculates the x = Md mod N value, having as inputs:



module N
exponent d = (dn-1 dn-2... d1d0)2
message M
From the algorithms analysis, we can see that at step 4 the if instruction is executed The if instruction
compares the value of a bit from exponent with 1. The step 5 will be executed only if the bits from
exponent are 1. The execution time of n iterations is influenced by the exponents value. By examining the
execution time, finally we can extract the exponent.
2. Watermarks
The watermark is a signal that can be added to the digital data (video, audio, static images) which can be
detected or extracted later. The extracted signal can offer some information about data that contained it.
The watermarking technique can be extended successfully over programs. In contrast with the watermarks
of the multimedia documents, where the inserting of a watermark is based on the redundancy of a
visualizing or auditing human system, in the case of the programs’ marking the restrictions are much
greater. The programs must be equivalent from the functionality's point of view. Colberg, in his paper
[Colb 99] refers to two types of watermarks: static and dynamic watermark. The static watermarks are
stored in the executable program at certain locations and are constituted from octet sequences which can be
identified. Dynamic watermarks are code sequences that generate a piece of information that can prove the
ownership of the program.
3. Watermarking by timing code execution
The proposed watermarking method consists of inserting a piece of code that executes in a variable time,
depending of the input data.
Input
value
Code sequence
Output
value
Execution
time
Code insertion is made using an if conditional (always true)
.
.
if(PT)
{
func(p,q,r,…)
}
or simply by inserting a piece of code anywhere in the program.
a)
We can use an algorithm like the previous one for generating a time sequence. In this case the
watermark can be extracted using the theory behind timing attacks.
b) The program uses N1, N2,…,Nn-k as input data and the inserted code sequence m sets N n-k+1, Nnk+2,…,Nn as input. Nn-k+1, Nn-k+2,…,Nn are secrete values. So the initial values are:
M 1  {N 1 , N 2 ,..., N 1, n  k 1 ,..., N 1, n }
M 2  {N 1 , N 2 ,..., N 2,n  k 1 ,..., N 2,n }
…….
M m  {N 1 , N 2 ,..., N m,n  k 1 ,..., N m,n }
The timings for the program execution before inserting the code are T=t1, t2,…,tm.
After program execution the time values for the m data sets are: Tw= t w1 , t w2 ,..., t wm .
S
The Tw and T sets will be partitioned into S partitions such that

S
Twi   ,
i 1

S
Twi  Tw ,
T
wi
n ,
i 1
i 1
S is the number of partitions, n the number of components.
Distorting the elements of a set is made by modifying the value of an element such that the metrics are
satisfied:
1. t i  t wi   1 , t i  Ti , t wi  TW i ,  1  R - acceptable distortion for a time element.
Ti
2.
 (t
i
 t wi ) 2   2 , t i  Ti , t wi  TW i ,  2  R - acceptable distortion for a set of time values.
i 1
Ti
3.
A subset is considered to be watermarked with a 0 value if 0 
 (t  t
i
wi )
2
 t1 , t1  R
i 1
Ti
4.
A subset is considered to be watermarked with a 1 value if t 2 
 (t  t
i
wi )
2
  2 , t2  R ,
i 1
0  t1  t 2   2 .
The subset elements will be distorted by adding values, smaller than
The steps for inserting a time watermark are:

Measure the execution time for the m data sets;

Partition the time data set;

Insert the code for the watermark;

such that 1 and 2 are true.

Compile and run the code;

Measure the execution time for the m data sets;

Partition the modified time data set;

Choose the input data set for the inserted code to obtain the correct time values according to the
watermark.
Watermark extraction:

Run the program using m data sets;

Measure the execution time for the m data sets;

Partition the time value set and extract the watermark using 3 and 4 relations.
It is recommended that you make the measurements on a computer with the same hardware and software
structure, in the same environment.
4. Conclusions
The watermarking scheme can be attacked by inserting other code sequences that can change the time
values. If the values are constant then the attack is ineffective. Another attack against the watermarking
scheme is locating and eliminating the inserted code. This attack is based on establishing the exact position
of the code.
Watermarking by code execution timing method is based on designing code sequences that have precise
timings that depend on input data.
5. References
[Colb99] Christian Collberg - Software watermarking: Models and Dynamic Embeddings POPL ’99 ,
Proceedings
[RS2001] Radu Sion, Mikhail Atallah, Sunil Prabhakar “On Watermarking Numeric Sets”, Purdue
University, 2001