Author

Topic: Looking for feedback on supply chain attack solution (on-chain 2fa) (Read 193 times)

copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
I don't think there are many producers of cpus though: Microsoft, quallcomm and hauwei are the main producers of ARM chipsets... X86 is done mainly by Intel, amd but some couls have been outsourced to companies like fujitsu, hp, dell etc...

I think a lot of devices share a lot in common with each other and some manufacturers probably share printers, a couple of years ago they said only 3 companies would be able and happy to print trezor devices... If you're in Europe or the US then you're probably going to be using the same printer as the main trezor would so they may still be able to interfere with its production... This could all just be people over precautions though.

newbie
Activity: 5
Merit: 30
Actually it may already easily be solved by using a multisig of hardware with electrum in just a normal multisig.
Multi-device multi-sig is definitely the direction we should head as it helps a lot. You turn the risk into where their supply chains overlap. It's important to keep a few things in mind:

* All devices must be from different manufacturers. If you do 2 of 3 where two are form the same manufacturer you've lost the supply chain resistance entirely
* If two of the manufacturers use a component in common your supply chain resistance is decreased
* If two of the manufacturers use a secure element in common your supply resistance is gone entirely
* The chances of a similar *wafer producer* being used between any of the components is quite high
* If the same wafer producer is used for the secure elements your supply resistance is gone entirely
* Even if the secure elements are printed using different wafer producers, they may use the same wafer machines. It is not simple but a wafer making machine itself could be updated to modify the secure elements it prints to inject malicious circuits.
* Most importantly, you can never be certain these things aren't happening. On-chain 2FA however is easily verified by looking at the blockchain.

By using on-chain 2FA you're able to "stake" on unrelated supply chains in a way that can only increases security. Throw a key on the iPhone supply chain for instance, or Android. You could even do both, adding as many as you like. Each that you add increases your security. The attacker must infiltrate all of these supply chains to succeed and using existing large supply chains makes the attacker's task much more difficult.

So really these approaches should be combined. On-chain 2FA plus multi-device multi-sig is an awesome combination of security factors.

Multi-device multi-sig protects you against malicious hardware wallet software while on-chain 2FA protects you against malicious hardware wallet hardware.

Since you're depending on both electrum technologies Gmbh and hardware wallet producers like trezor and ledger to be in kahoots so its really unlikely your funds can be attacked... You can also input numbers to produce a seed and can verify it with a few different websites or an interpreted version of the code (interpreted as apposed to compiled, checking every function).
Creating your own seed phrases and importing them into your hardware wallets is much more secure than letting the devices generate them.

This assurance only works however if you never use the wallet to sign anything and only sign one transaction that withdrawl all the funds. After that the key you created should be considered tainted and never used again.

This is because of the chosen nonce attack.

On-chain 2FA does help mitigate some of the concerns of a chosen nonce attack.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
This solution is just targeting at solving the supply chain attack problem. It doesn't address other issues. Mitigating other attack vectors is very interesting! It just wasn't part of the scope of this paper.

Actually it may already easily be solved by using a multisig of hardware with electrum in just a normal multisig.

Since you're depending on both electrum technologies Gmbh and hardware wallet producers like trezor and ledger to be in kahoots so its really unlikely your funds can be attacked... You can also input numbers to produce a seed and can verify it with a few different websites or an interpreted version of the code (interpreted as apposed to compiled, checking every function).
newbie
Activity: 5
Merit: 30
I'd appreciate a diagram too... The text wall added to my headache a bit. You could Mar a lovely state machine/activity diagram.
Ah! An excellent idea. Thanks for reading it man!
newbie
Activity: 5
Merit: 30
Would the second signature be done on a different device or still the hardware wallet though? It wasn't really made clear.
Thanks for the feedback. It would need to be stored off the hardware device completely and never be allowed to touch the hardware device at any point*. Perhaps that could have been made clearer.

I don't dislike the idea I just think there's a lot of holes. For example a hardware wallet producer could just ask people for their other key to unlock their account and still take quite a lot...
This solution is just targeting at solving the supply chain attack problem. It doesn't address other issues. Mitigating other attack vectors is very interesting! It just wasn't part of the scope of this paper.

[edit, added this note]
* It can actually go into the device as long as the device is never used and then only used once withdrawing all funds. This is because of the "chosen nonce" attack, which allows a malicious wallet to hide data (ie an obscured private key) inside a signature nonce. I haven't vetted this article but I've skimmed it and it looks like a good intro into the subject: https://medium.com/cryptoadvance/hardware-wallets-can-be-hacked-but-this-is-fine-a6156bbd199
The simple solution is just to never send the key to the device at all which just solves the problem.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Would the second signature be done on a different device or still the hardware wallet though? It wasn't really made clear.

I don't dislike the idea I just think there's a lot of holes. For example a hardware wallet producer could just ask people for their other key to unlock their account and still take quite a lot... If your estimate of $50bn is on hardware then $10 million or higher could be taken that way... Just look at the electrum phishing attack.

If you're really worried about security you can keep a machine offline completely and connect to it only via a USB drive, Bluetooth or preferably nothing until you need to do a large spend with all or a lot of your funds... Hardware is used a lot of the time for purchases not fay to day as they can't handle more than a few hundred transactions without becoming extremely slow.

I'd appreciate a diagram too... The text wall added to my headache a bit. You could Mar a lovely state machine/activity diagram.
newbie
Activity: 5
Merit: 30
I put together a paper explaining my thoughts on solving the supply chain attack problem.

Would appreciate any thoughts or feedback people have.

http://www.koinkeep.com/articles/whitepaper

Thanks!
Jump to: