Software Watermarking

The watermarking part of SandMark is a tool designed to help to protect programs from illegal copying and redistribution, i.e. Software Piracy. In the figure below Alice sells a copy of her program to Bob (a software pirate) who proceeds to resell the program to third parties, incurring a loss of revenue for Alice:

Watermarking does not prevent software from being pirated, but allows a pirated program to be traced back to the person who bought the original copy. SandMark uses watermarking techniques to embed a copyright notice (a watermark) into a program to identify the company who originally wrote it:

More importantly, watermarking allows a software vendor to embed a unique customer identification number (a fingerprint) into each distributed copy of her program to identify the customer who bought it:

The fingerprint can be a string (Customer #314), a credit card number, etc.

SandMark will allow you to ship to each customer a version of your Java program that has been individualized specifically to that customer, for example by embedding their credit card number into the program. If, at a later date, you obtain a pirated copy of your application you can extract its stored fingerprint. This will allow you to identify the customer who bought the copy from which the pirated copies originate.

In the example below, Alice watermarks and figerprints her program, and sells it to Sally. For example, W could be the string "Copyright 2000, Alice" and F could be the string "Customer=Sally".

Sally illegally resells her copy to Sue. Charles, Alice's lawyer, retrieves a copy of Sue's program, extracts the watermark and fingerprint from the copy, and can now argue that
  1. the program is the intellectual property of Alice, and
  2. the copy found in the possession of Sue was originally bought by Sally, who can now be tried for piracy.
SandMark provides a number of different software watermarking algorithms. Some have a high bit-rate (it is easy to embed a large fingerprint), some are very stealthy (the marks are difficult to detect), and some are highly resilient to attack (the marks are difficult to remove).

Fingerprinting a program leaves you open to collusive attacks. These attacks compare two differently fingerprinted programs to locate the watermark. To prevent collusive attacks, SandMark provides several types of code obfuscations that will scramble a fingerprinted program. However, some watermark algorithms are not resilient against some obfuscations. Hence, the obfuscations should either be run before watermarking, or be chosen carefully not to interfere with a particular watermark.