Application Service Provider (ASP) is a business th at makes computer(based services (small and medium sized businesses) available to clients over a network. Th e usual ASP sells a large application to large enterprises, but also, provides a pay(as(you(go model for smaller clients. One of t he main problems with ASP is the insufficient secur ity to resist attacks and guarantee pay(as(you(go. Function hiding can be us ed to achieve protection for algorithms and assure charging clients on per(usage basis. Encryption functions that can be e xecuted without prior decryption (function hiding protocol) gives good solution to the problems of software protection. Fu nction hiding protocol faces a problem if the same encryption scheme is used for encrypting some data about the function an d also, the output of the encrypted function. In such case, an attacker could reveal the encrypted data easily thereby comprising its confidentiality. This paper aims to develop a software protection system based on function hiding protocol with softw are obfuscation that overcomes function hiding protocol problems. The suggested system is a multi(client system that allo ws charging clients on a per(usage basis (pay(as(yo u(go) and satisfies both confidentiality and integrity for the ASP and the c lient.

   [1]  Auvil D., Algebra for College Students , McGrawHill, USA, 1996.

[2]  Badger L., Kilpatrick D., Matt B., Reisse A., and Vleck T., “SelfProtecting Mobile Agents Obfuscation Techniques Evaluation Report,” Technical Report , NAI Labs, 2002.

[3]  Balakrishnan A. and Schulze C., “Code Obfuscation Literature Survey,” available at: http://pages.cs.wisc.edu/~arinib/writeup.pdf, last visited 2005.

[4]  Buchmann A., Introduction to Cryptography , Springer, Johannes, 2004.

[5]  Ceccato M., Penta M., Nagra J., Falcarin P., Ricca F., Torchiano M., and Tonella P., “Towards Experimental Evaluation of Code Obfuscation Techniques,” in Proceedings of the 4 th ACM Workshop on Quality of Protection , USA, pp. 3946, 2008.

[6]  Chen H. and Hou T., “Changing Data Type Method of Data Obfuscation on Java Software,” in Proceedings of International Computer Symposium , Taiwan, pp. 439442, 2004.

[7]  Chen H., Yuan L., Xi W., Zang B., Huang B., and Yew P., “Control Flow Obfuscation with Information Flow Tracking,” in Proceedings of the 42 nd Annual IEEE/ACM International Symposium on Micro(Architecture , USA, pp. 391400, 2009. 594 The International Arab Journal of Information Techn ology, Vol. 10, No. 6, November 2013

[8] Cho S., Chang H., and Cho Y., “Implementation of an Obfuscation Tool for C/C++ Source Code Protection on the XScale Architecture,” in Proceedings of Software Technologies for Embedded and Ubiquitous Systems , Berlin, vol. 5287, pp. 406416, 2008.

[9]  Chow S., Eisen P., Johnson H., and Oorschot P., “A WhiteBox DES Implementation for DRM Applications,” in Proceedings of the ACM Workshop on Security and Privacy in Digital Rights Management , Berlin, vol. 2696, pp. 115, 2002.

[10]  Farleigh J., A First Course in Abstract Algebra , AddisonWesley, USA, 2002.

[11]  Goldwasser S. and Micali S., “Probabilistic Encryption,” Journal of Computer and System Sciences , vol. 28, no. 2, pp. 270299, 1984.

[12]  Hacini S., Guessoum Z., and Boufaïda Z., “Using a TrustBased Environment Key for Mobile Agent Code Protection,” in Proceedings of World Academy of Science, Engineering and Technology , pp. 854859, 2008.

[13]  Melchor A., Gaborit P., and Herranz J., “Additively Homomorphic Encryption with T Operand Multiplications,” in Proceedings of the International Association for Cryptologic Research , pp. 138154, 2008.

[14]  Menezes A., Oorchot P., and Vanstone S., Handbook of Applied Cryptography , CRC Press, USA, 1996.

[15]  Sander T. and Tschudin C., “On Software Protection via Function Hiding,” in Proceedings of the 2 nd International Workshop IH’98 Portland Oregon , USA, vol. 1525, pp. 111123, 1998.

[16]  Sander T. and Tschudin C., “Toward Mobile Cryptography,” in Proceedings of Security & Privacy , California, pp. 215224, 1998.

[17]  Seroul R., Programming for Mathematicians , Springer, Paris, 2000.

[18]  Smith B., Campbell L., Cheah J., Lachmann A., Milstein S., Morgan D., Nartovich A., and Roelofs J., Application Service Provider Business Model: Implementation on the iSeries Server , International Business Machines Corporation, US, 2001.

[19]  Wei Y., and Ohzeki K., “Obfuscation Methods with Controlled Calculation Amounts and Table Function,” in Proceedings of the International Multi(Conference on Computer Science and Information Technology , Wisla, vol. 5, pp. 775 780, 2010.

[20]  Yamauchi H., Kanzaki Y., Monden A., Nakamura M., and Matsumoto K., “Software Obfuscation From Crackers’ View Point,” in Proceedings of the International Conference, Advances In Computer Science and Technology , Mexico, pp. 16, 2006.

[21]  Yamauchi H., Monden A., Nakamura M., Tamada H., Kanzaki Y., and Matsumoto K., “A GoalOriented Approach to Software Obfuscation,” International Journal of Computer Science and Network Security , vol. 8, no. 9, pp. 5971, 2008.