Secure Element in Hardware Wallets - page 4.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: dkbit98 on August 23, 2022, 01:26:58 PM

Adding some more information I found about upcoming Trezor prototype chip, and I didn't see this posted before or I missed it somehow.
Prototypes and the mass production of truly open integrated circuit chips are going to be made by UMC, a leading manufacturer of semiconductors from Taiwan.

UMC was already mentioned as the manufacturer of the chips in some earlier announcements. I remember the name either from sources you shared or maybe the Czech blog post that was posted on the forum a couple of weeks ago.

Quote from: dkbit98 on August 23, 2022, 01:26:58 PM

UMC headquarter is in Hsinchu, Taiwan, but good thing they are located in different locations in mainland China, as well as in Japan and Singapore.

UMC already operates out of two locations in China and if the US and China come to an agreement, maybe their Taiwanese headquarters will be called China in a few weeks or months as well.

dkbit98

legendary

Activity: 2212

Merit: 7064

Adding some more information I found about upcoming Trezor prototype chip, and I didn't see this posted before or I missed it somehow.
Prototypes and the mass production of truly open integrated circuit chips are going to be made by UMC, a leading manufacturer of semiconductors from Taiwan.
UMC headquarter is in Hsinchu, Taiwan, but good thing they are located in different locations in mainland China, as well as in Japan and Singapore.
https://bitcoinmagazine.com/business/tropic-square-launches-open-source-chip-prototype-for-bitcoin-hardware

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: JL0 on August 21, 2022, 12:17:36 PM

Thanks for the link to the Czech article. Using Google translate it's possible to understand what they are talking about. The article again confirms (similarly to older announcements) that the chip will not be entirely open-source. Google translates it as "a largely open" chip where the idea is to be able to verify and audit that it doesn't do anything it is not supposed to do and that it doesn't have additional components that could assist in supply chain attacks.

Quote

Tropic Square is preparing the so-called Secure Element (SE) chip, which is supposed to be largely open. Among other things, this will enable its auditability. It is supposed to verify, among other things, that the chip is manufactured exactly according to the design, and therefore that there has been no modification or addition of an implant in the supply chain (generally referred to as a supply chain attack).

Source: https://www.lupa.cz/aktuality/cesky-cip-tropic-square-jde-do-vyroby-vyrabet-se-bude-na-tchaj-wanu/?utm_source=rss&utm_medium=text&utm_campaign=rss

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Cricktor on August 21, 2022, 05:59:08 AM

Whenever Trezor's new device with TROPIC01 comes to market, I hope it won't be as expensive as their Trezor T is currently.

I doubt it's going to be cheaper, and with global inflation slowly turning into hyperinflation I would say this is almost impossible.
I expect prices for most hardware wallets and other electronic devices to go up in near future, especially with shortage of everything.

Quote from: JL0 on August 21, 2022, 12:17:36 PM

Co-founder of Trezor replied to a question

Hmmm... I expected device release in 2023, but time flies.
I think they could create some pre-order campaign in 2023 with special discount prices to collect more money/coins from people.
Would I pre-order this device? - Maybe, depending on price and specification I would consider purchasing it, but it's need to offer something really unique.

JL0

full member

Activity: 817

Merit: 158

Bitcoin the Digital Gold

Co-founder of Trezor replied to a question:

Quote

@Petr Flídr

Je nějaký odhad, kdy by mohl být první trezor s tímto čipem?

@slushcz

Realisticky 2024, hardware is hard :-).

Quote

@Petr Flídr

Any guess when the first trezor with this chip might be?

@slushcz

Realistically 2024, hardware is hard :-).

From his Czech speaking twitter account.

https://twitter.com/Lupacz/status/1552555325026443265?cxt=HHwWgoC9pfS15IsrAAAA
https://twitter.com/slushcz/status/1552909830691643393

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Quote from: dkbit98 on August 20, 2022, 04:28:28 PM

Please, do proper citations as it's not me but @SFR10 who wrote what you put into my "mouth". Thx in advance...

Whenever Trezor's new device with TROPIC01 comes to market, I hope it won't be as expensive as their Trezor T is currently.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: SFR10 on August 20, 2022, 03:10:20 AM

Am I correct in assuming that they altered their previous plans and chose to go with the "100%" open-source route or there are still some parts of it that don't fall into that category?

This is the first official announcement in which I see the mention of the term "transparent" secure element. In the past, they called it either open-source or "as open source as possible" which was evident from their early announcements. The latest info dkbit98 shared mentions they are against "closed products". So the idea is still to create a different type of component from the traditional closed-source chips, but probably not a fully open-source SE. "As open-source as possible" should still be the most correct definition based on what we have seen up till now.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: SFR10 on August 20, 2022, 03:10:20 AM

Am I correct in assuming that they altered their previous plans and chose to go with the "100%" open-source route or there are still some parts of it that don't fall into that category?

To be fair they claimed before that new secure element will be open source as much as possible, but let's wait and see what transparent exactly means.
So far Trezor proved they won't use any insecure or closed source chips with secret NDAs, and they could do it many times, but they don't make compromises like others.

Quote from: Cricktor on August 17, 2022, 09:43:15 AM

The first product to showcase that secure element it's probably going to be their upcoming "Trezor Model R ^{[confirmed by Rusnak]}", but there's still no roadmap ^[AFAIK].
^{- I counted "26 open issues for this specific model" on the first two pages alone, so I doubt it could show up prior to the completion of this SE.}

Oh that's nice, first time I see this information about TrezoRRR... Wink

but sadly prusnak said it's wont be available any time soon (that was back in May).

SFR10

legendary

Activity: 2968

Merit: 3406

Crypto Swap Exchange

Quote from: dkbit98 on August 16, 2022, 07:44:36 AM

they are saying that first prototypes of their new transparent secure element is currently in production and they should receive them in the end of October 2022!

Am I correct in assuming that they altered their previous plans and chose to go with the "100%" open-source route or there are still some parts of it that don't fall into that category?

Quote from: Cricktor on August 17, 2022, 09:43:15 AM

Third, which products will use it and when will those be available? (Might take even longer, but I'd expect a new Trezor device to show up first.)

The first product to showcase that secure element it's probably going to be their upcoming "Trezor Model R ^{[confirmed by Rusnak]}", but there's still no roadmap ^[AFAIK].
^{- I counted "26 open issues for this specific model" on the first two pages alone, so I doubt it could show up prior to the completion of this SE.}

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: DaveF on August 17, 2022, 07:07:59 AM

From the tl;dr all the info on the TROPIC01 is it pin and / or instruction compatible with other secure elements to any degree?
For the wallets that are almost done now or will be done by the end of the year they are going to be using whatever you can get today.

I am not sure if it's going to be compatible with other secure elements, but it's going to be more secure and transparent, so that means no more hidden NDA's.
Current market is hungry for secure elements of any kind and I am sure they are going to have very good sales if they manage to pull this of in time, and use current global chip shortage.
Behind the scenes Trezor is 100% already working on new hardware wallet device that is going to be compatible with this secure element, that is the only way they can compete with ledger.
I will always choose open source hardware wallet with transparent secure element, instead of black box NDA closed source marketing propaganda devices.

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

First, the TROPIC01 has to materialize and be actually available. There's probably some light visible at the end of the tunnel now.
Second, does it work properly and is it actually secure as wanted/needed? This might take a while to probe...
Third, which products will use it and when will those be available? (Might take even longer, but I'd expect a new Trezor device to show up first.)

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: dkbit98 on August 16, 2022, 07:44:36 AM

New update is coming from Tropic Square and SatoshiLabs Trezor developers,
they are saying that first prototypes of their new transparent secure element is currently in production and they should receive them in the end of October 2022!
Plan is that Tropic Square chips (TROPIC01) should become global security standard for many devices, not just for hardware wallets.
They are testing this new chip and they plan to release testing results as soon as possible.
This means that we can expect new Trezor hardware wallets with secure element after that, maybe in early 2023.

Quote

We designed the chip to provide a high level of security at every layer, from the choice of algorithms to the actual implementation. We target resilience against side-channel attacks and resilience against attacks causing erroneous behavior – the so-called ‘fault injection.’ Transparent chips allow us to open up implementation details to the community, which helps strengthen security through finding and highlighting potential vulnerabilities.

https://www.linkedin.com/feed/update/urn:li:activity:6963468001845125120/

From the tl;dr all the info on the TROPIC01 is it pin and / or instruction compatible with other secure elements to any degree?
For the wallets that are almost done now or will be done by the end of the year they are going to be using whatever you can get today.
The next generation if it's pin / programming similar enough they might make it into them. If not it's going to be a while if there has been any work on them based on what you can get now. Could be wrong, just my view. Also, there is a strong sentiment in the security field to let the other guy test new things. We'll wait for gen 2.

-Dave

dkbit98

legendary

Activity: 2212

Merit: 7064

New update is coming from Tropic Square and SatoshiLabs Trezor developers,
they are saying that first prototypes of their new transparent secure element is currently in production and they should receive them in the end of October 2022!
Plan is that Tropic Square chips (TROPIC01) should become global security standard for many devices, not just for hardware wallets.
They are testing this new chip and they plan to release testing results as soon as possible.
This means that we can expect new Trezor hardware wallets with secure element after that, maybe in early 2023.

Quote

We designed the chip to provide a high level of security at every layer, from the choice of algorithms to the actual implementation. We target resilience against side-channel attacks and resilience against attacks causing erroneous behavior – the so-called ‘fault injection.’ Transparent chips allow us to open up implementation details to the community, which helps strengthen security through finding and highlighting potential vulnerabilities.

https://www.linkedin.com/feed/update/urn:li:activity:6963468001845125120/

Pmalek

legendary

Activity: 2730

Merit: 7065

According to a well-known hardware hacker, STM microcontrollers are vulnerable to fault injection on a hardware level. You can patch it up or apply a bandage solution (like dkbit98 said) on the firmware and on a software level, but you are still dealing with an unsafe hardware component. Unsafe in the right hands.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: JL0 on May 27, 2022, 01:23:08 PM

Are there other wallets that use such a procedure?

I don't think anything similar was used in other currently available hardware wallets, and ColdCard was actually forced do invent this quick bandage solution after their older version Mk3 was recently hacked with extracted secret phrase and changed PIN.
If you ask me, I wouldn't use any of Coldcard devices, and all of them had big security flaws in past, so there is no reason to think anything better will happen with Mk4.
Mk2 had bad secure element that was revealed by ledger Donjon team, and most of Mk3 devices that exist today are all affected by their design flaw.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: JL0 on May 27, 2022, 01:23:08 PM

Quote from: dkbit98 on May 25, 2022, 10:34:25 AM

Secure element information updated for ColdCard Mk4 hardware wallet, that now have two secure elements SE1 Microchip ATECC608B and SE2 Maxim DS28C36B, along with STM32 main microcontroller.
They are using something called Pairing Secret, that means that secret is shared between three components, two secure elements and microprocessor.
If one of those chips get's compromised, wallet with secret will be safe, and they use trick PIN's for improving security of their devices.
ColdCard developers explained better in more details how Dual Secure Elements work on their github page:
https://raw.githubusercontent.com/Coldcard/firmware/master/docs/mk4-secure-elements.md

More information about second secure element they use - DeepCover Secure Authenticator Maxim DS28C36:
https://www.maximintegrated.com/en/products/embedded-security/secure-authenticators/DS28C36.html

Are there other wallets that use such a procedure?

The term "pairing secret" sounded familiar and I could swear I saw it somewhere before. Turns out that Coldcard's Mk2 hardware wallets use pairing secret as well, but only between one secure element and the microcontroller. Ledger's Donjon team successfully attacked the older ATECC508A secure element chip with laser beans back in 2020, but such an attack is not possible on the newer chip models.

JL0

full member

Activity: 817

Merit: 158

Bitcoin the Digital Gold

Quote from: dkbit98 on May 25, 2022, 10:34:25 AM

Secure element information updated for ColdCard Mk4 hardware wallet, that now have two secure elements SE1 Microchip ATECC608B and SE2 Maxim DS28C36B, along with STM32 main microcontroller.
They are using something called Pairing Secret, that means that secret is shared between three components, two secure elements and microprocessor.
If one of those chips get's compromised, wallet with secret will be safe, and they use trick PIN's for improving security of their devices.
ColdCard developers explained better in more details how Dual Secure Elements work on their github page:
https://raw.githubusercontent.com/Coldcard/firmware/master/docs/mk4-secure-elements.md

More information about second secure element they use - DeepCover Secure Authenticator Maxim DS28C36:
https://www.maximintegrated.com/en/products/embedded-security/secure-authenticators/DS28C36.html

Are there other wallets that use such a procedure?

I think it's very good what ColdCard does. So you don't have to fully trust the SE.

dkbit98

legendary

Activity: 2212

Merit: 7064

Secure element information updated for ColdCard Mk4 hardware wallet, that now have two secure elements SE1 Microchip ATECC608B and SE2 Maxim DS28C36B, along with STM32 main microcontroller.
They are using something called Pairing Secret, that means that secret is shared between three components, two secure elements and microprocessor.
If one of those chips get's compromised, wallet with secret will be safe, and they use trick PIN's for improving security of their devices.
ColdCard developers explained better in more details how Dual Secure Elements work on their github page:
https://raw.githubusercontent.com/Coldcard/firmware/master/docs/mk4-secure-elements.md

More information about second secure element they use - DeepCover Secure Authenticator Maxim DS28C36:
https://www.maximintegrated.com/en/products/embedded-security/secure-authenticators/DS28C36.html

dkbit98

legendary

Activity: 2212

Merit: 7064

Onekey hardware wallet team finally released security information about their device with more information about secure element they are using for latest model Onekey Mini.
This is well know microchip ATECC608A used in many other hardware wallets like Coldcard Mk3, Passport, Husky HDW20, in some M5stack Amazon AWS EPS32 device and it was previously used in Bitbox02.
Like i wrote before, microchip ATECC608A is not outdated and it has some flaws with low-Frequency I²C Issue that can cause data corruption and device responding incorrectly.
This was all fixed and updated in new version ATECC608B that is used only in Bitbox02 hardware wallet so far.

Onekey also talked about certification (EAL6 for secure element), random number generator they use, and about Ultrasonic Welding used to reduce risks of tampering with device.
Third party firmware can't be installed on their device because of use of security chip protection.
https://onekey.so/security

malevolent

legendary

Activity: 3472

Merit: 1722

Quote from: dkbit98 on December 29, 2021, 08:52:15 AM

I have a feeling it's not mature enough, and bigger one hardware wallet manufacturer gets it increases the risk.
It's enough to shop how mature and pro company is when all private customer information is leaked online Tongue

But that's nothing to do security flaws with hardware, software, RNGs, etc. that non-technical users would have a difficult time protecting themselves against. Irresponsible behaviour of mature companies in other fields that results in leaks of customer info is also not an uncommon occurrence. (although an argument could be made that if they were sloppy with PI they might have been sloppy elsewhere, too)

Topic: Secure Element in Hardware Wallets - page 4. (Read 3443 times)