Topic: Secure Element in Hardware Wallets - page 2. (Read 3419 times)

Ledger has just changed its website stating that LNS PLUS models are EAL6+ certified

Not for the purpose to  dissuade you from your opinion but to tell you that not all is unambivalent in the project engineering involved into design of Tropic Square   I will cite Zach Herbert, the founder of Foundationdevices, known for their Passport HW, on this matter:

I am not a prophet to know the future.
Satoshi Labs exists for TEN long years, and they are specifically dedicated to hardware wallets and Bitcoin development, so YES I think they can outperform it for use case of cryptocurrency devices.
They will control everything about new Tropic Square chips with direct partnership with manufacturer, so it should work better for hardware wallets.

Do you anticipate that a secure element from a company that has never been involved in chip development( I mean  SatoshiLabs) could outperform OPTIGA Trust M developed by Infineon, a company with nearly a quarter-century history in this business?

In my opinion, it would likely require a few years of extensive field testing before Tropic Square, their long-awaited product, gains the trust of the cryptocommunity.

Interesting news coming up in world of secure elements in hardware wallets.
Trezor was announced for some time they are working in their own secure element, but this product is not production ready yet, so they came up with second best solution.

With new Trezor Safe 3 hardware wallet they introduced open source secure element Infineon OPTIGA Trust M!

 

Infenion is German based chip manufacturer and company was created back in 1999, so they have 24 long history in making microchips and security products.
For me it's important to say that company is based in Europe so it should be easier and faster for Trezor to buy all secure elements they need.

Infineon OPTIGA Trust M has open source code that can be verified on github and it has MIT license:
https://github.com/Infineon/optiga-trust-m

As stated on their website, use cases for this secure elements are  mutual authentication, secured communication, secured updates, key provisioning, life-cycle management, data store protection, power management,platform integrity protection, secured zero-touch provisioning.
Official website is showing more information and details about this product, and it is confirmed to be CC EAL6+ certified security controller :
https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-trust/optiga-trust-m-sls32aia/

Some other hardware wallet manufacturers previously used secure elements made by Infineon, but none of them used this exact model Infineon OPTIGA Trust M, but please correct me if I am wrong.
Jubiterwallet, HyperMate and Secux all use unknown Infineon chips, Keevo wallet used Infineon Optiga Trust-P, Hashwallet uses Infineon SLE78.

Overall I am happy with changes that Trezor made, and I am still waiting to see their own secure element, but sadly this will have to wait until 2025 or 2026 

I know, but I was a bit lazy to replace this and all my other images after imgur incident, even if I know there is nice tool to do everything much faster.
Anyway, image is replace now, but it's nothing special just random chip that is not really important for the context.

I don't really care about EAL numbers so much since nobody can verify this for closed source secure elements.
Hardware wallet can have highest possible EAL rating and it can still be total crap.

I can create my own trust rating but it means nothing, similar like difference between EAL7, EAL6 or EAL5.

Sounds like a scam to me, all this money just to get some ''certificate'' of security, and there is no guarantee someone wont exploit it, only guarantee is signed NDA aka silence.

The certification is quite expensive and time consuming. IIRC, EAL4 already costs >$200k (possibly a lot higher) and a year. Going any further than that, it would probably cost more and takes longer. From the business standpoint, it isn't very practical.

I would prefer if HW manufacturers don't release a new HW wallet that often; most are secure enough and it isn't IPhone where obsolesce is a big concern.

Updated to 2023/24.
I am not a fortune teller, and my predictions are based on Trezor posted articles, blogs, and tweets, and I don't know exact release date.

I didn't see any official news but I think they are working on new device with new secure element, last thing I saw is them receiving new chips from manufacturers.

Looking at the information in your table, I can see that you mentioned that Trezor plans to introduce a secure element during 2022. We are now in mid 2023 and it hasn't yet been released. Maybe you can make a quick update to that line and place a different date or use different wording?
When we are on the subject of Trezor's work on the new SE, as someone who follows that closer than me, is there anything new to report on that? Have they released new release dates or reports on their progress?

They have: https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Defeating-A-Secure-Element-With-Multiple-Laser-Fault-Injections.pdf.

ATECC608B is still vulnerable in the same fashion. However, it is very difficult to execute and requires specialized equipment and skills with little to no room for error.

Interesting. They had an article on how the laser fault injection is not practical and not likely to be exploited and dismissed their reports. Talk about twisting narratives.

Thank you for sharing this. NVK came after us pretty hard about using the 608a while they were shipping with the 608b, even going as far as pulling our investors and employees aside at conferences to tell them that we are shipping insecure "pwned" hardware.

I've always been very consistent in stating that no chip is perfectly secure, and that the 608b will likely be vulnerable to similar laser-based attacks (eg https://stacker.news/items/85239).

I think the most important thing is to not put all your eggs in one basket – don't rely 100% on a single chip for secure key storage and don't blindly trust an MCU or secure element.

Additionally, these laser based attacks require destroying the hardware wallet and the secure element chip itself, and they require higher-end lab equipment to perform. If you're someone who might be targeted because you're storing large amounts (hundreds of thousands or millions of dollars) of Bitcoin, consider using a passphrase and/or multisig.

Thanks for keeping us up to date with this change.
I updated this information in my table, but it should be noted that most people still use old ATECC608A version.

Oh no, it looks like we are going to see new version ATECC608C version coming out soon (this is just my speculation).
But seriously now, all secure elements have flaws and I think all other secure element chips are more closed and it's much harder to find security flaws in them because of signed NDA crap 
I never heard of anyone having success with exploiting even older ATECC608A chips in hardware wallets, but it's always better to upgrade if possible.

Research published in that paper claims that ATECC608B  can still be defeated with the laser beam. What would you say about this?

Quick update, all Passport units shipping from two weeks ago (and ongoing) now use the Microchip 608b secure element.

New wallet Keystone3 is ready to be released and they have interesting news and changes regarding secure elements.
Unlike in previous version where they didn't want to disclose everything, now they introduced upgraded secure element Microchip ATECC608B.
Same microchip is used in ColdCard Mk4, BitBox and Passport, OneKey, Cypherock X1, Husky are all using older version of this chip ATECC608A that had some security issues.

But this is just first part of the story, as Keystone3 uses additional secure element Maxim DS28S60 that works together with ATECC608B in safeguarding seed phrases.
ATECC608B provides hardware-level security and authorization, and Maxim DS28S60 ensures that trusted platform module is always in place.

Third secure element Maxim MAX32520 is used for securing fingerprint data, so I think this will be used only in Keystone3 Pro version.
Regular Keystone3 wallet will have only two secure elements, and that is perfectly fine if you don't like to use biometrics.



Thanks to this changes Keystone will now be able to store up to three seed phrases with different passwords, so there is no need to reset or have multiple devices anymore.
I think this will push other hardware wallet manufacturers to improve, and they will have hard time competing with Keystone prices.

We have very important announcement coming from Coolwallet hardware wallet, they decided to release their firmware and secure element chip as open source!
This was decide after recent ledger wallet debacle incident, and Coolwallet wants to have more transparency with their devices.
Secure element Coolwallet use has EAL6+ security and from my research they are using NXP chips in their devices, but we are waiting for official confirmation.
With slick card format, current prices of $99/$149, and being opensource I think Coolwallet will have lot of new customers soon:


Source blog post:
https://www.coolwallet.io/coolwallet-will-open-source-its-hardware-wallets-secure-element-chip-code/

Thank you ledger  

As long as they're still offering support through patches/updates of their older devices, I can see quite a high demand for devices which aren't too complicated, and don't come at a high price point. Although, if they were to reach end of life, and therefore no longer be supported, I can't see them being used as much. Hopefully, they just go the route of patching/updating all devices when severe issues need to be patched. They don't need to enhance the UI/UX or add functionality of it, they can do that with the newer devices.

2024 announced potentially, and then whenever they're ready to actually sell it.

Well, at least it will improve security, which is never superfluous and expands trezor's ability to create new devices.

If you want better prices, then need to wait for discount promotions. It is unlikely that they will underestimate the prices of hardware wallets. Perhaps for old devices that will be discontinued and stocks need to be sold from warehouses.

Since testing of the chip will last throughout 2023 (which will most likely be used in a new device), there will be no new announcements for the next couple of years.

Unfortunately, one of their spokespersons stated "considering that it costs almost the same as the previous one", Trezor doesn't expect it to have an impact on prices.
^{- It seems that at best, they could maintain the current prices.}