Maltese researcher's smart solution to software piracy

A recent study on software protection found that "half of the countries studied have a piracy rate of 62 per cent or higher". This clearly shows that software companies are encountering a huge problem trying to protect their commercial intellectual property and enforcing the licence agreements.

Nathan Gatt, 25, was attracted to read for Masters degree in Information Security at the Royal Holloway University of London (RHUL) because it is home to the world-renowned Information Security Group (ISG) and its Smart Card centre.

Conducting research under the supervision of the centre's director, Dr Keith Mayes, Mr Gatt has come up with an innovative software licence protection solution using mobile phone and smart card technology that he plans to present at the 17th USENIX Security Symposium to be held in San Jose, California, next July.

Software vendors currently seek to protect their software applications using various software- or hardware-based licence protection tokens. In fact, past research on licence protection tokens has always focused on the security aspect.

However, Mr Gatt noticed that the protection's success depended not only on its security features, but also on its usability, and that there was a research gap between security and usability evaluation of licence protection tokens. He resolved to address this gap by evaluating end-users' perception through questionnaires, and studying security by using 'attacker profiles' and an augmented 'attack tree model' that he created during research.

Mr Gatt's study found that users preferred to re-use their existing devices and supporting infrastructure, and new devices that not require complex user interaction. As a result of his research, Mr Gatt came up with a solution that could bridge the security and usability concerns of software vendors, end-users and service providers. Furthermore his proposed solution would also enable network operators to provide value-added services.

Dr Mayes sounds enthusiastic. He told The Sunday Times: "This was a high calibre M.Sc. research project on the topical subject of software licence protection. In this field there is always a difficult balance between security and usability. The work explored this balance and concluded that a mobile phone plus modern Universal Integrated Circuit Card (UICC) smart card platform could provide a secure yet convenient solution. This is a timely suggestion as future mobile phones should support Near Field Communication, enabling them to act as virtual licence tokens or as token readers. It is therefore reasonable to suggest that the mobile phone could become an essential component for software licence protection."

Mr Gatt's research was sponsored by the Malta Government Scholarship Scheme (MGSS) and co-funded by the UNESCO Fellowships Programme after the Maltese National Commission for UNESCO, headed by Prof. Charles Farrugia, decided to support his request for additional funding.

Asked for advice to other university students Mr Gatt said: "Aim high and believe in yourself. Everyone should be able to contribute to the existing body of knowledge and the MGSS is a stepping-stone in the right direction."

This and forthcoming articles on MGSS-sponsored research is presented with the collaboration of the National Commission for Higher Education.