Secure Element in Hardware Wallets - page 8.

casperBGD

legendary

Activity: 2156

Merit: 1151

Nil Satis Nisi Optimum

Quote from: DaveF on January 04, 2021, 12:50:55 PM

~snip
I understand that there are some IP things that they might want to keep secret for as long as possible, putting time and money into R&D and such and then putting it out there so some fab in a country that does not care about IP can crank out a million units. Not good.

I also know it leads to less trust because we can't verify anything.

-Dave

it is a way of doing business, you have to sign a NDA to have access to proprietary technology
that brings us to another issue, why do we have to trust manufacturer, but trust is inevitable at some point when you are using third party provider services, and hardware wallet is a third party provider service

although it is here for 12 years, this technology is still young to change ways in technology industry, IMHO, and you have to put your trust in something, or manufacture your own hardware device Sad

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: witcher_sense on December 28, 2020, 09:40:40 AM

Quote from: dkbit98 on December 28, 2020, 08:12:23 AM

ColdCard Mk3: Microchip ATECC608A covered by epoxy, open source

I have some questions, not a tech-savvy person, just curious.

What part of Microchip ATECC608A is open source? As far as I know, Microchip has stopped publishing datasheets for their microchips after ATECC508A version, further versions are all NDA. Can I trust these secure elements if data is no longer available for everyone to see and check? How can I be sure that governments haven't forced Microchip to implement some backdoors to steal my crypto?

Found an old topic from Trezor explaining the reasons why they don't use secure elements https://blog.trezor.io/is-banking-grade-security-good-enough-for-your-bitcoins-284065561e9b

Kind of brings up an interesting point.
If I sign the NDA I get a lot more info on how it works. But there are things I cannot talk about.
Is that good or bad?

I understand that there are some IP things that they might want to keep secret for as long as possible, putting time and money into R&D and such and then putting it out there so some fab in a country that does not care about IP can crank out a million units. Not good.

I also know it leads to less trust because we can't verify anything.

-Dave

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: witcher_sense on January 04, 2021, 09:51:29 AM

...

Sure you can do that, but then you should also not trust any devices that exist today including smart phones, sim cards, SC cards, or payment cards that all have secure elements in them.
Secure elements are not exclusive only for hardware wallets.

witcher_sense

legendary

Activity: 2450

Merit: 4414

🔐BitcoinMessage.Tools🔑

Quote from: dkbit98 on January 04, 2021, 07:44:15 AM

They found something like that in one of the previous ledger nano x wallet exploits, that was later patched and fixed in firmware update, but they claim secure chip was not affected.
Even exposing other information like bitcoin balance and all addresses would not be considered good.
https://www.ledger.com/enhancing-the-ledger-nano-xs-security

Either way, even if a secure element cannot be easily compromised, it will not convince me that my funds are safe, in case I lose my Ledger hardware wallet. It certainly gives me more time to move my funds somewhere else, but I can achieve that with Trezor if the passphrase was used along with the seed phrase. So, I can't see a point in adding secure elements.

First, you, anyway, can't rely on them if hackers got physical access to your hardware.
And second, unlike open-source systems, in closed-source ones, you have to trust SE manufacturers that they have not colluded with malicious third-parties.

In short, secure elements are redundancy, which makes the system less trustless and more vulnerable. That goes against the principles of bitcoin.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: witcher_sense on January 04, 2021, 06:53:28 AM

Additionally, secure elements that are widely used in hardware wallets usually can't handle simple peripheral tasks: you can't control buttons, you can't establish a USB connection, you can't control display functions. That is the reason why secure elements require additional microcontrollers. These microcontrollers are for general purposes, which means they are more vulnerable, and they are not secure whatsoever. If hackers somehow managed to reflash these general-purpose controllers, that would potentially allow them to retrieve sensitive information from secure elements.

They found something like that in one of the previous ledger nano x wallet exploits, that was later patched and fixed in firmware update, but they claim secure chip was not affected.
Even exposing other information like bitcoin balance and all addresses would not be considered good.
https://www.ledger.com/enhancing-the-ledger-nano-xs-security

witcher_sense

legendary

Activity: 2450

Merit: 4414

🔐BitcoinMessage.Tools🔑

Quote from: Coin-Keeper on December 31, 2020, 04:49:08 PM

Let me remind members here that there has NEVER been an instance of that one controller weakness "in the wild" for Trezor T's. The "other guy" with a closed source controller/element has had numerous instances of theft happening with phished app's etc....

Additionally, secure elements that are widely used in hardware wallets usually can't handle simple peripheral tasks: you can't control buttons, you can't establish a USB connection, you can't control display functions. That is the reason why secure elements require additional microcontrollers. These microcontrollers are for general purposes, which means they are more vulnerable, and they are not secure whatsoever. If hackers somehow managed to reflash these general-purpose controllers, that would potentially allow them to retrieve sensitive information from secure elements.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: The Sceptical Chymist on January 02, 2021, 04:34:04 PM

A Raspberry Pi? Is that not just the same as storing your private key on a micro SD card?

Air gapped wallet, to be specific. I usually consider it as storing my private key on a micro SD card but with layers of encryption so that an adversary cannot crack it within a short period of time, if needed. Being able to sign the transactions offline will negate most malware attacks as the airgap will deter most malware. If not for the ease of signing, using a pen and pencil to write down the seed would have been sufficient.

The Sceptical Chymist

legendary

Activity: 3500

Merit: 6981

Top Crypto Casino

Quote from: dkbit98 on December 28, 2020, 09:10:28 AM

They don't want to ever change this, and that is why my open source wallets of choice would be ColdCard mk3, BitBox02 and CoboVault and not in that specific order.

I appreciate that recommendation and I found the OP here very informative, because I'm functionally computer illiterate (more or less). I love the Ledger devices, but that closed source code aspect does give me some doubts, though small ones.

Never heard of the above wallets, although ColdCard does ring a bell somewhere in my noggin. I'll have to check them out.

Quote from: ranochigo on January 02, 2021, 12:23:36 AM

Hardware wallets are expensive, the secure element is useful. If you want a cheaper but not as sophisticated alternative, use a RaspBerry Pi offline.

A Raspberry Pi? Is that not just the same as storing your private key on a micro SD card?

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: ?? on ??

Is it still true the trezor is not safe as i heard something like its open or closed source? Forgot which one meant safe.

Trezor is completely open source, which is good.. because the source code is open a.k.a. publicly available.
However, there is a hardware vulnerability.. Use a long and secure password and you are fine tho. It is "just" a physical attack vector which allows to extract the seed.

Quote from: ?? on ??

Someone said if someone had access to your ledger for a few minutes, they could do something to do it. Anyone can confirm this?

No.
This applies to the trezor without any password protection. That's the physical attack vector i referenced.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: bob123 on January 02, 2021, 08:51:19 AM

But one important attack vector is the online machine it is used with. While in theory there shouldn't be any way to compromise the device from an online pc, this shouldn't be completely ignored.
Especially phishing attacks can work pretty well. And a vulnerability in the microcontroller and/or secure element can make the hardware wallet insecure when used with a compromised PC (which it is made for).
This attack vector only applies to hardware wallets, but not to air-gapped wallets.

I wouldn't consider a hardware wallet as secure as an air-gapped wallet solution.

Definitely, I won't consider anything impossible when it comes to security. If the attacker can compromise the hardware wallet with a vulnerability in a secure element and without physical access, then it would be terrible. I hope that it wouldn't happen and it's probably why some hardware wallets are able to be run with an airgap as well. If that's the concern, then I guess that'll make it more equal.

Some APTs and malwares has demonstrated their ability to jump airgaps. Definitely possible and has been done but it's quite a lot of work, would've been easier to just compromise the OS itself. What I think could be a potential concern other than the sidechannel (I've mentioned that enough and I know secp256k1 mitigates some of it), is that despite the ability to encrypt the files, which should be viewed as a workaround other than a mitigation, there isn't any way to ensure that the files cannot be extracted from the device, I believe you can clone the HDD/SD card to try it again and again. As you've mentioned, the seeds are stored within the secure element and X failed attempts would brick it and render it unrecoverable in some HW wallets.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: ranochigo on January 02, 2021, 12:23:36 AM

I have quite a few discussions on it but I've never really had an argument that refuted my point that HW wallets are at the very least as secure as cold storage, when you consider all the possible attack vectors.

When considering all possible attack vectors, you come to the conclusion that a hardware wallet has a larger attack surface than an air-gapped wallet.

You can pretty much break everything down to be relatively equal.
But one important attack vector is the online machine it is used with. While in theory there shouldn't be any way to compromise the device from an online pc, this shouldn't be completely ignored.
Especially phishing attacks can work pretty well. And a vulnerability in the microcontroller and/or secure element can make the hardware wallet insecure when used with a compromised PC (which it is made for).
This attack vector only applies to hardware wallets, but not to air-gapped wallets.

I wouldn't consider a hardware wallet as secure as an air-gapped wallet solution.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: ABCbits on January 01, 2021, 08:36:11 AM

Now that i know there are open-source secure element, why don't Ledger migrate from closed-source to open-source secure element? Do they find secure element they currently use is more secure than all open-source secure element?

Apparently it is a question of security. There was some talk that they would create a new open-sourced chip, but I don't know what happened with that. There is an old reddit post from one of their team members that mentions that Ledger feels that there are currently no open-sourced chips that can be compared with closed-source chips in terms of security.

Quote

I just meant that today there are no open-source chips that can offer the same level of security as the closed-source chips. However, it is Ledger's intention to open-source as much as possible, but existing constraints within the chip industry make this a slow process.

https://www.reddit.com/r/ledgerwallet/comments/a30lc4/a_closer_look_into_ledger_security_the_secure/

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: casperBGD on January 01, 2021, 03:55:35 PM

agree completely, but isn't that what hot wallets are for? to have wallet for your payments, that does not have all your funds in it
with fiat, you also do not hold all your funds, when you have to pay for bread and milk in the store

Depends on your needs, as with most stuff. Hardware wallets will undoubtedly protect you against physical and non-physical attacks. Plausible deniability baked into the device makes it a great device to be used to limit the losses from a $5 wrench attack. The bane is that you have to purchase a hardware wallet which depends on your holdings might be a big portion of your funds.

Quote from: casperBGD on January 01, 2021, 03:55:35 PM

thanks, that is what I thought as well, they are selling convenience, and that is ok, although if one has more funds, it is better to have several wallets, and use one or two for payments (or other type of hot wallet) and all the other store on the same way, as old laptop (for HODL purpose)

I have quite a few discussions on it but I've never really had an argument that refuted my point that HW wallets are at the very least as secure as cold storage, when you consider all the possible attack vectors. But I can stand by the fact that for most, they are considered as *equal* in terms of it's security.

Hardware wallets are expensive, the secure element is useful. If you want a cheaper but not as sophisticated alternative, use a RaspBerry Pi offline.

malevolent

legendary

Activity: 3472

Merit: 1722

Quote from: casperBGD on January 01, 2021, 03:55:35 PM

agree completely, but isn't that what hot wallets are for? to have wallet for your payments, that does not have all your funds in it
with fiat, you also do not hold all your funds, when you have to pay for bread and milk in the store

A different passphrase may be used to access long-term storage funds, or a different physical hardware wallet altogether. When making bigger payments away from home a hardware wallet will still be useful and more convenient.

casperBGD

legendary

Activity: 2156

Merit: 1151

Nil Satis Nisi Optimum

Quote from: malevolent on December 31, 2020, 09:47:32 PM

Quote from: casperBGD on December 29, 2020, 09:08:12 AM

what is a main Trezor advantage, in your opinion?

I can stick it in my pocket and connect it to my phone to pay someone when I'm away from home or abroad. A lot more convenient than taking a bigger device such as a laptop with me.

agree completely, but isn't that what hot wallets are for? to have wallet for your payments, that does not have all your funds in it
with fiat, you also do not hold all your funds, when you have to pay for bread and milk in the store

Quote from: bob123 on December 31, 2020, 12:11:40 PM

The difference is that your old laptop would be effectively an air-gapped wallet. This means it has to stay offline (not connected to any network) to be secure.
Together with encryption, that's a really solid setup. But the downside is that its not very convenient to use.

A Trezor (or other hardware wallets) have the advantage of them being used togeter with an online PC without the risk of losing coins.
Security-wise its not as good as an air-gapped wallet, but convenience-wise it is so much more pleasant to use.

You can connect your hardware wallet to an infected device without worrying to have your coins stolen since physical confirmation (in form of a button press) is needed to sign transactions.
That's what all good hardware wallets have in common. A downside of trezor is the physical security which can be avoided by using proper password encryption (which is also necessary with an air-gapped wallet btw).

thanks, that is what I thought as well, they are selling convenience, and that is ok, although if one has more funds, it is better to have several wallets, and use one or two for payments (or other type of hot wallet) and all the other store on the same way, as old laptop (for HODL purpose)

igor72

legendary

Activity: 1848

Merit: 2033

Crypto Swap Exchange

Quote from: bob123 on December 29, 2020, 06:54:10 AM

Quote from: dkbit98 on December 28, 2020, 08:12:23 AM

What are the benefits of Secure Element in Hardware Wallets?

- Seed words never leave device but they stay in Secure Element
- Secure updates
- Generating 'random' numbers
- No tempering

The mnemonic code (which you are referring to as "seed words") are not stored on the secure element.
The actual seed is stored there. The mnemonic code is only used to generate the seed.

If that were true, it would be possible to add a passphrase only during the input/generation of those 12(24) words. But at least in Ledger I can add a passphrase whenever I want.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: ABCbits on January 01, 2021, 08:36:11 AM

Now that i know there are open-source secure element, why don't Ledger migrate from closed-source to open-source secure element? Do they find secure element they currently use is more secure than all open-source secure element?

Ledger is using ST31H320 and ST33J2M0 secure elements that are EAL6+ level of security but in combination with their normal STM32F042K chip overall security is downgraded back to EAL5+
Some Hardware like Ngrave are promising EAL7+ secure element, but as far as I know only ATECC608A is mostly open source and it can be found even in M5Stack Core2 ESP32 AWS Development Kit.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: Pmalek on December 28, 2020, 08:56:11 AM

It seems that Ledger has no intention of making the secure element fully open-source.

Now that i know there are open-source secure element, why don't Ledger migrate from closed-source to open-source secure element? Do they find secure element they currently use is more secure than all open-source secure element?

malevolent

legendary

Activity: 3472

Merit: 1722

Thanks for the list, OP, for some reason I thought all Secure Elements were closed source.

Quote from: casperBGD on December 29, 2020, 09:08:12 AM

what is a main Trezor advantage, in your opinion?

I can stick it in my pocket and connect it to my phone to pay someone when I'm away from home or abroad. A lot more convenient than taking a bigger device such as a laptop with me.

Coin-Keeper

hero member

Activity: 761

Merit: 606

Quote

witcher_sense : Found an old topic from Trezor explaining the reasons why they don't use secure elements https://blog.trezor.io/is-banking-grade-security-good-enough-for-your-bitcoins-284065561e9b

Great read and accurate as hell.

Spot on! I did OpSec for a living and I will take full open source hands down. There is an amazingly high probability that there are engineered backdoors in any close source "secure element" chip being mandated by Gov agencies. Tin foil hat, maybe, but the risks have shown to be entirely too prevalent for a wise person to assume them. BTC is moving to around 30K per coin so the incentive is there!

Here is my spin. Yep, my Trezor T's don't have a secure element chip. So I KNOW how they tick and so do all the other coders that care to "hit" them with everything they have in their tool belt. Along comes Trezor and GitHub and now SD encrypt completely removes the known weakness of the current Trezor T controller. Its GONE fully, so man up and learn how to use your device. Its safe and fully open source. For those that insist on continuing with closed source elements in their devices you have been warned, LOL. Let me remind members here that there has NEVER been an instance of that one controller weakness "in the wild" for Trezor T's. The "other guy" with a closed source controller/element has had numerous instances of theft happening with phished app's etc....

Topic: Secure Element in Hardware Wallets - page 8. (Read 3419 times)