Interstellar Security Model
This document defines the core security model of the Interstellar authentication and transaction authorization system. It is structured around a strong adversarial model that assumes the attacker has significant control over the mobile device and surrounding environment.
Security Philosophy
Interstellar's security model is built to operate under the assumption that the operating system can be compromised. Instead of relying on malware detection, Interstellar builds cryptographic assurances into every user interaction that matters—from authentication to transaction signing—creating a secure enclave for critical actions, even in a hostile runtime environment.
Key principle: Security must be verifiable, hardware-anchored, and human-auditable.
Security Layers
1. Secure Element-Based Proxy Key System
- A non-extractable private key is generated and stored inside the mobile device’s Secure Element (SE).
- All critical operations (authentication, transaction signing) are signed with this key.
- Biometric unlocking occurs inside the SE, never exposed to the OS.
Benefits:
- No user secrets stored in app memory or storage.
- Malware or rootkits cannot extract the private key.
2. On-Chain Key Attestation and Verification
- Each mobile SE proxy key is paired with a cryptographic attestation issued by the SE.
- The Interstellar blockchain verifies this attestation during registration and signing events.
Benefits:
- Only valid, hardware-bound devices can authenticate.
- Prevents impersonation or spoofed devices.
3. Dynamic Visual Cryptography Authentication (VCA)
- Transaction payload and one-time validation code are encoded as high-speed visual frames (60–120 fps).
- Frames are generated using garbled circuits on-chain.
- Only a human eye can reconstruct the content using persistence of vision.
Benefits:
- Prevents screen-scraping and overlay attacks.
- Protects transaction integrity from clipper malware and UI tampering.
4. TEE and MPC-backed Execution for Sensitive Logic
- Trusted Execution Environments run the core cryptographic functions (e.g., VCA rendering, MPC signing logic).
- Multi-Party Computation (MPC) distributes key management across multiple trusted nodes for higher-value accounts.
- Key shares are stored and processed within dedicated sidechains, ensuring isolation.
- Attacker would need to compromise multiple sidechain nodes and trick consensus mechanisms backed by Polkadot’s economic security model.
Benefits:
- No single device or actor can compromise a high-value key.
- Greatly mitigates side-channel risks.
- Makes targeted key theft economically unfeasible.
Core Defense Goals
| Security Objective | Interstellar Mechanism | Strength |
| Key Theft Resistance | SE-stored proxy key, inaccessible from OS or app memory | Very High |
| UI Integrity | Visual cryptography shares prevent overlay and spoofing | High |
| Device Impersonation Defense | SE attestation verified on-chain; only real devices are accepted | High |
| Payload Tampering Detection | Transaction details visually rendered via VCA, verifiable by the user | High |
| Side-channel Attack Resistance | TEE enclaves isolate logic; MPC distributes key shares across sidechains—requires compromise of multiple nodes + economic consensus violation | Medium |
Summary
The Interstellar security model operates on the assumption that the surrounding system is untrusted. By embedding authentication into hardware, decentralizing key operations, and leveraging human-only cryptographic display channels, it redefines what endpoint security means in a post-EDR era. It provides strong guarantees against a wide range of sophisticated mobile-based threats, ensuring trust without reliance on the mobile OS.