Interstellar Adversarial Model
This document outlines the global adversarial model for the Interstellar authentication scheme, which relies on decentralized cryptographic primitives, mobile hardware-secured environments, and dynamic visual cryptographic mechanisms.
The model assumes a powerful adversary capable of compromising mobile operating systems, deploying persistent malware (e.g., rootkits, banking trojans), intercepting communication channels, and launching real-time manipulation attacks.
Key Assumptions
- The adversary can compromise the mobile OS and inject malware with root access.
- The adversary can observe user interactions, network traffic, and screen content.
- The adversary can attempt overlay attacks, clipper malware, and phishing attempts.
- The adversary cannot break hardware-enforced secure enclaves (e.g., Secure Elements or TEEs).
- The adversary does not have access to Interstellar blockchain private keys or TEE execution logs.
Attack Vectors & Defenses
| Threat Vector | Attack Description | Interstellar Defense Mechanism | Mitigation Strength |
| Rooted Malware | Adversary gains root access and attempts to exfiltrate secrets. | Private keys are generated and stored in Secure Element; never accessible by OS. | Very High |
| Clipper Malware | Malware changes destination addresses in clipboard or overlays. | Transaction data is encoded into dynamic visual cryptographic shares only visible to human eyes. | High |
| Overlay Attacks | Fake UI screens trick users into approving false transactions. | Garbling and rapid frame refresh (60–120fps) prevent fake overlays from mimicking dynamic VCA output. | High |
| Man-in-the-Middle (MitM) | Interception or manipulation of transaction payloads during communication. | Transactions require on-device signing using a non-extractable proxy private key in SE; payloads validated visually. | High |
| Screen Recording / Scraping | Malware attempts to capture screen content during VCA session. | Each frame is cryptographically unique; cannot reconstruct one-time code from partial or delayed frames. | Medium |
| Phishing via Fake Apps | User installs a fake Interstellar app that mimics UI to harvest credentials. | Authentication is device-bound using SE attestation; fake apps cannot generate valid attestation or VCA output. | High |
Model Scope and Limitations
- Assumes hardware Secure Element (SE) or TEE are trusted anchors.
- Assumes the blockchain network honestly verifies VCA tokens and SE attestations.
- Does not address social engineering tactics outside of screen-level spoofing.
Summary
Interstellar’s authentication model is built with adversarial resistance in mind, designed to remain trustworthy even under OS-level compromise. By combining secure enclaves, decentralized key attestation, and visual cryptography bound to human cognition, Interstellar raises the bar against mobile-based Advanced Persistent Threats.