Sunday, August 17, 2008

Progress on MOSREF..

As I have mentioned in the last few posts, MOSREF is being ported to the Wasp Virtual Machine. There have been a few changes in this new version, mostly the reduction of code complexity, and some improved handling of man in the middle attacks. Previously, each message had a hash used to detect transport compromise, but this did not prevent a permuted message header from tricking the Console or a Drone into waiting an indefinite amount of time for a ludicrous amount of data. The new model uses a two-tier checksum model; each message is composed of zero or more blocks. The message has its checksum, and each block has its own checksum. To increase the difficulty of spoofing valid blocks, the block sizes are randomly sized, which ensures that the offset of the third and successive CRCs are difficult to predict. Next up, getting the SOCKS 5 proxy working again and further code complexity reductions.