OBAKE Cryptanalysis:

MITM

Attack


This is not an attack to the encryption algorithm, but targets the program that handles the encryption.


In this model, the attacker uses one of the methods of "side attack", i.e., he does not attack the data or the algorithm directly, but some component of the process, looking for vulnerabilities that allow him to intercept the original message or the key used.


The attack defined as "man-in-the-middle" therefore seeks to intercept the messages (or the exchange of the secret key) between the sender and recipient, establishing itself "between the two ends" of this communication, allowing it to access the information. This "man-on-the-middle" (a SOFTWARE, remember this!) can be understood in many ways:


  • Positioning itself between the keyboard and the encryption program, intercepting the keys typed;
  • Stand between the sender's computer and the receiver's computer, intercepting the keys that are exchanged and combined;
  • Stand between the encrypting program and the equipment's memory, searching for the keys generated;
  • Place itself between the operating system and the computer's video, in an attempt to capture the keys informed;
  • Place itself in the "router" equipment, intercepting all communications that pass through it;
  • Invade the cryptographic program, placing itself "in the middle" of the information processing routines;.

The OBAKE suite is prepared for this type of attack within the maximum achieved with current technology:


  • It works with digital certificates, which completely invalidates the MITM attack on typed passwords;
  • It offers a Secure Keyboard MITM-proof by software, in case the user prefers secret-key;
  • It has intrusion protection mechanisms, alerting the user if it detects an intrusion in his code;
  • It has RAM cleaning mechanisms that prevent the attacker from detecting keys by memory SEEK and even DUMP;
  • Has disk processing techniques that prevent or considerably mitigate the success of MITM attack;
  • It has other protection procedures that prevent the code-invasion, code-injection and other hijacking agents.

These methods raise the OBAKE-512 security high enough to resist this attack.


Bibliographic references


H.C.A. Tilborg et al., "Encyclopedia of Cryptography and Security", H. C. A. v. Tilborg Ed., SpringerScience+Business Media LLC, 2011.

Lookup-Table Attack, https://hashcat.net/wiki/doku.php?id=table_lookup_attack