Mathematical Obfuscation Against Hackers Is Focus of New Cybersecurity Center

Researchers hope obfuscation methods will protect software from hackers

Photo: Jorg Greuel/Getty Images

Turning computer code into a kind of math puzzle may hold the key to protecting software from hackers. A consortium of universities developing the idea, called mathematical obfuscation, recently received a $5 million grant from the U.S. government as part of a broader cybersecurity initiative.

Researchers involved in the program, which received the obfuscated name of Center for Encrypted Functionalities, will work on encryption methods capable of masking or "obfuscating" the inner workings of computer programs. The goal is preventing any unwanted tampering with software by hackers looking for security flaws or trying to reverse engineer the program's capabilities.

Conventional programs require compilers that translate source code (which humans can understand) into machine code (which computers can execute). The obfuscation method adds extra steps to that translation process. It requires a special "obfuscating compiler" that breaks up the source code into encrypted chunks. 

This set of encrypted pieces form a kind of "mathematical jigsaw puzzle," as Amit Sahai, a professor of computer science at the University of California, Los Angeles, has described it. A verifier program would fit together the pieces to create a completed "puzzle" that tells the CPU how to produce the correct output. (See IEEE Spectrum’s “Scrambled Code Keeps Software Safe”.)

"We're doing a lot of the basic research on trying to understand how obfuscation works," said Susan Hohenberger, a professor of computer science at Johns Hopkins University, in a press release. "We're scrambling the code in a mathematical way so that you can run it, but you can't do anything but run it."

Researchers at UCLA and the University of Texas at Austin have already begun work with IBM Research on a version of mathematical obfuscation called indistinguishability obfuscation—a method for protecting code that could only be broken if attackers spent an impractical amount of time and resources. But the vast amount of computation required to create an obfuscated program means that this method is itself impractical today.

The new center, funded by the National Science Foundation, will attempt to change that. Participants include Johns Hopkins, UCLA, Stanford, UT Austin, and Columbia University. The effort represents just one small part of the NSF's $74.5 million Secure and Trustworthy Cyberspace initiative, which covers 225 cybersecurity projects.

The Tech Alert Newsletter

Receive latest technology science and technology news & analysis from IEEE Spectrum every Thursday.

About the Tech Talk blog

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.