OBAKE Cryptanalysis:

Side Attacks


SIDE-ATTACK is a kind of attack whose goal is to vulnerabilize (or break or discover) a program or algorithm using a side-channel approach. One of the most well-known attacks is the SQL-Code Injection Attack, in which the attacker informs a piece of code instead of data (for example, the user's name) to require the execution of a database based on a logical premise. Note that the attacker does not break into the database server, nor does he gain access to the database program itself, but uses a side way to obtain the desired data/results. A good explanation of this attack can be seen here.


When talking about security software, many types of side attacks allow the attacker to gain control of the software or poison its functionality, such as, in the case of encryption software, to obtain the encryption keys or make the encryption weaker enough to be decrypted in a reasonable amount of time or to change the calculated keys to one planted and previously known to the attacker.


The OBAKE application (and its algorithm OBAKE-512) was planned to support these kind of attacks:








The OBAKE suite has several additional protections that prevent an attacker (or program) from malicously acting on critical information. As for the OBAKE-512 algorithm, any change in its code (if practicable) compromises its functionality due to a series of closely chained, integrity-critical processes.


See details here.


Therefore, this type of attack on the OBAKE application and the OBAKE-512 algorithm is impractical.


Bibliographic references


H.C.A. Tilborg et al., "Encyclopedia of Cryptography and Security", H. C. A. v. Tilborg Ed., SpringerScience+Business Media LLC, 2011.