Secure Element in Hardware Wallets - page 6.

Rath_

legendary

Activity: 1876

Merit: 3131

Quote from: Max_Headroom on May 09, 2021, 10:03:07 AM

That sounds great, I maybe going to buy a Trezor because of it..
Any news about it?

A few days ago, Tropic Square confirmed that their chip is expected to be available somewhere in 2022 and there doesn't seem to be any major problems which could delay the release. Still, I would not expect a new Trezor hardware wallet before 2023.

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

List is updated with two new hardware wallets HyperMate G and HyperMate Pro, both of them are using the same Infineon secure element with EAL 6+ certification but exact model is not stated on their website.
HyperMate is company from China but Infineon is German semiconductor manufacturer and their secure elements are also used in other hardware wallets like Jubiterwallet, Keevo, Secux and Hashwallet.
HyperMate is using Infineon chip in combination with Nordic BLE Chip, and interesting thing is that OLED screen of their hardware devices is directly connected with Secure Element to avoid middleman attacks.

https://hyperpay.tech/hypermatepro/pro

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

New hardware wallet model CoolWallet Pro introduced new Secure Element J3R110 that has higher evaluation assurance level EAL6+ compared with their older model CoolWallet S, and this chip is often used in smart cards.
I don't see any big improvements or changes and this wallet still remains closed source, so I would look for other alternatives.

Max_Headroom

jr. member

Activity: 36

Merit: 10

Quote from: dkbit98 on May 09, 2021, 10:20:03 AM

but important thing is they have required funding of 4 million euros.

It reminds me professor Andrew S. Tanenbaum about European grants for developing a new tech Grin

Sounds like the market price in 2014 plus inflation

Andrew S. Tanenbaum: The Impact of MINIX (~ 6 minutes 50 seconds)
https://youtu.be/86_BkFsb4eI?t=386

Cheesy

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

Quote from: Max_Headroom on May 09, 2021, 10:03:07 AM

That sounds great, I maybe going to buy a Trezor because of it.. Grin

Any news about it? Information like what FPGA development board? what Hardware Description Language plataform etc..

Don't expect to see this new Trezor hardware wallet released before late 2022, and I listened to one podcast with Trezor team explaining that it's technically nearly impossible to make 100% open source chip so fast,
and final product will have to wait, but important thing is they have required funding of 4 million euros.
Maybe you can learn more about it from this podcast with Vlad Costea and Slush, and follow @tropicsquare twitter channel for more news:
https://bitcoin-takeover.com/s8-e8-slush-on-trezor-and-tropic-square/

Max_Headroom

jr. member

Activity: 36

Merit: 10

Quote

**Trezor is working on their own fully open source Secure Element chip and they started separate project for this purpose called Tropic Square.

That sounds great, I maybe going to buy a Trezor because of it.. Grin

Any news about it? Information like what FPGA development board? what Hardware Description Language plataform etc..

Just curious ..

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

List of secure elements is updated with new hardware wallet OneKey with HSC32I1 secure element, they claim it's EAL 6+ certified, however on hsec website I found this chip is EAL 4+ certified.
Interesting thing about this chip is that it is made for Huawei after United States imposed a ban on their devices, so Hongsi Electronics created fully compatible clone to replace ATSHA204A chip, using same SHA-256 algorithm with few more added.
OneKey wallet is using HSC32I1 as secondary chip used for holding secrets, along with their main STM32 chip.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

According to the article, TASSIC is expected to be used in Trezor devices, meaning the company is looking to completely change their security concept. Getting rid of the seed extraction vulnerability with physical access to Trezor hardware wallets will be achieved in this way. Only time will tell if the approach of having a publicly available codebase for the secure element was the right decision. I hope the chip will be tested thoroughly even if it means extending the ETA. We certainly don't need new bad press in the hardware wallet department. I also expect it to be a more expensive device compared to hardware wallets with older chips.

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

Quote from: Coin-Keeper on March 23, 2021, 02:47:41 PM

That really sounds good to me!

Yes and according to recent news Tropic Square received 4 million euros from Swiss company Auzera for creating first ever open source security chip TASSIC that should be released by the end of 2022.
This is a game changer for sure and I hope other manufacturers will follow them because it's always good to have healthy competition.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: bob123 on March 24, 2021, 08:49:36 AM

...
When we are talking about Chips or Microchips we are actually already talking about a set of components, all the time.

Exactly what I was thinking. Much like what I was saying is that someone took an established CPU design and then just added what you would normally see elsewhere on a board and combined it all onto 1 die package. Made for a smaller board and only put on what they needed.

-Dave

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: dkbit98 on March 22, 2021, 09:44:13 AM

This is impossible to have today as secure elements are simple and stupid with only one purpose, so we need to have two chips for this to work.

It is not impossible per se.
A single chip itself is a set of electronic circuits. And it is not abnormal for a chip to have several sub-components. It is very well imaginable that one of these sub-components can be a secure element itself.
That's like a "bigger" chip being made of "smaller chips". Nothing too uncommon.

When we are talking about Chips or Microchips we are actually already talking about a set of components, all the time.

Coin-Keeper

hero member

Activity: 758

Merit: 606

Quote

Good news is that Trezor team is making their own open source secure element that will be a gamechanger compared with all solutions we have at the moment.
There will be no need for secret NDAs and closed source bs.

That really sounds good to me!

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

Quote from: DaveF on March 22, 2021, 07:15:50 AM

Was thinking about something similar the other day and this probably unworkable thought came into my head.
And entire secure wallet on a single chip. Create some custom spun chip with everything you need on the one chip.

Would eliminate a few attack vectors, but might add some more.

Was watching a youtube video about a company that built a custom piece of hardware for medical data pad for harsh environments, was essentially a custom android tablet with a HDMI connector but EVERYTHING was in 1 chip. RAM / ROM / Flash Memory, CPU, video processor, etc all in the one chip.

Any thoughts?

This is impossible to have today as secure elements are simple and stupid with only one purpose, so we need to have two chips for this to work.
Some wallets like Trezor or Jade have only one chip but they don't have secure element.

Good news is that Trezor team is making their own open source secure element that will be a gamechanger compared with all solutions we have at the moment.
There will be no need for secret NDAs and closed source bs.

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: DaveF on March 22, 2021, 07:15:50 AM

And entire secure wallet on a single chip. Create some custom spun chip with everything you need on the one chip.

Would eliminate a few attack vectors, but might add some more.

Was watching a youtube video about a company that built a custom piece of hardware for medical data pad for harsh environments, was essentially a custom android tablet with a HDMI connector but EVERYTHING was in 1 chip. RAM / ROM / Flash Memory, CPU, video processor, etc all in the one chip.

Probably won't help much, if at all. There isn't any proprietary secure elements being produced by any hardware wallet manufacturers. Designing one and manufacturing them would probably make the cost of one skyrocket, not to mention that smashing that many components into a single chip isn't common at all.

Communication between secure element and the MCU should be encrypted and if anything were to be extracted. AFAIK, some MCUs actually wipe their memory on bootup, even if the user doesn't do a clean shutdown. Would be better to just use a SE that allows for transactions to be signed within that, so keys are never sent out of it.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: dkbit98 on March 21, 2021, 12:36:45 PM

...
When you sign a transaction on device with ATECC608A, secret needs to be moved to other stm32 memory chip, sign a transaction and then secret should be cleared from stm32 memory...

Was thinking about something similar the other day and this probably unworkable thought came into my head.
And entire secure wallet on a single chip. Create some custom spun chip with everything you need on the one chip.

Would eliminate a few attack vectors, but might add some more.

Was watching a youtube video about a company that built a custom piece of hardware for medical data pad for harsh environments, was essentially a custom android tablet with a HDMI connector but EVERYTHING was in 1 chip. RAM / ROM / Flash Memory, CPU, video processor, etc all in the one chip.

Any thoughts?

-Dave

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

One small update regarding secure element chip ATECC608A that is used in ColdCard, BitBox and Passport hardware wallets.

This secure element is mostly used by Amazon and it is good for their services, but let's say it is not very smart when we are talking about Bitcoin and it doesn't know how to create a Bitcoin signature.
When you sign a transaction on device with ATECC608A, secret needs to be moved to other stm32 memory chip, sign a transaction and then secret should be cleared from stm32 memory.
That means that secret is leaving secure element and this can in theory be abused by some attackers in future, but something like this has not done so far.

This can probably be applied to some Infineon secure element chips that Amazon uses, but I can't be totally sure about that.
There is a lot of room for improvements in using secure element chips in hardware wallets and I expect next few years will be very interesting for inovations.

HCP

legendary

Activity: 2086

Merit: 4314

Quote from: dkbit98 on March 03, 2021, 10:31:32 AM

Full source report is very interesting to read. (archive)

The ending slayed me!

Quote

... this device will be a viable alternative to the Ledger and Trezor, with a much nicer UI that seems likely to be further improved.

Which is a shame, because the one I have appears to be non-functional and in pieces.

Bwhahaha... Cheesy

I love the way people think "outside the box" (if you'll pardon the pun Wink

) like this:

Quote

I took my Vault to my local Veterinarian, and asked them to XRay it for me.

That's genius!

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

Interesting update regarding Cobo vault hardware wallet after I asked them to provide identification for their secure element, and they refused to do it.
Nick Johnson opened, bypassed their tamper protection mechanism and examined it's inside with secure element.
As main chip they are using Mediatek MT6850 but they lasered off identification marks from secure element chip in effort to hide this information from people!
Nick managed to enter criteria in supplier database and came up with potential candidate MAX36010-BSN-T as security supervisor from Maxim.

We can't be 100% certain, but I am updating information and adding this as probable secure element for Cobo vault.

Common Cobo, you can't hide things like this forever Cheesy

Full source report is very interesting to read. (archive)

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

Wookong Chinese hardware wallets also have secure element but it is currently one of the lowest graded EAL4+ chip from all known hardware wallets.
I could not find and verify what exactly microchip they are using but on their website they claim it is fully secured and not half secure like Ledger wallet, but not much data or explanation is provided.
Everything looks closed source in this case, and I would stay away from this product.

One more hardware wallet added is Hashwallet with EAL 6+ Infineon SLE78 secure element.
Similar Infinion chips manufacturer is used for Secux, Keevo and Jubiter hardware wallets.

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

Added one more hardware wallet ImKey that claims to have EAL 6+ Military-grade CC security chip, but I can't find much information about it and it's not possible to confirm exact chip model and manufacturers.
Looks like it is made in China and their twitter social media account is not active since 2019, and having secure element does not have to mean that hardware wallet is better or safer than other wallets.

Topic: Secure Element in Hardware Wallets - page 6. (Read 3075 times)