Protecting software in embedded IoT units : The impact of code obfuscation

Abstract: Embedded Internet of Things (IoT) products are taking up a larger part of the market thanks to smaller, cheaper and more advanced components. For companies that spend time and resources on developing software for these products, it is important to keep that software secure to maintain the advantage gained. This can be done in multiple ways, each with its own advantages and disadvantages. One way is by utilizing code obfuscation to make the software more difficult to understand and therefore harder to reverse engineer. However, changing the code comes at a cost, this thesis aims to find out what that cost is. This is done by comparing two versions of code: the original code and its obfuscated version. These versions were compared with respect to execution time and readability. The results of the tests indicate a small increase in execution time for the obfuscated version, but it also showed a big increase in how difficult it was to read. This means that obfuscating code will have a small performance penalty, but is much more resilient to reverse engineering. It is also important no note that manually obfuscating code is not practical for a production environment, since a large part of the development time will be spent on obfuscating the code instead of improving it. Therefore, it is important to have an automated obfuscation tool.