By the end of 2019 released statistics show, compared to 2018, the United States of bitcoins owners increased by 81%. There are currently 36.5 million Crypto currency holders across the United States. More and more people own cryptocurrencies, which makes the topic of “secure deposits” particularly important.
When we talk about secure deposits, an inescapable topic is hardware wallets. The security of the hardware wallet can be divided into two parts:
- Technical security. The security of this piece has been discussed by the Crypto currency community for many years, including how to defend against man-in-the-middle attacks, physical attacks (bypass attacks), supply chain attacks, etc., focusing on how to defend these attacks from a technical perspective.
- The second piece cannot be discussed without human error. Statistics show that due to human error, at least 4 million Bitcoins will never be used. If we look at the history of Bitcoin development, we will see a lot of improvements (BIP) to avoid human error. For example, in order to avoid managing too many private keys, HD wallets were created; for example, mnemonic words were created to prevent users from making human mistakes in the process of saving the master private key.
This article will discuss the nine major improvements in hardware wallet security from the two dimensions of technical security and human error.
The first role played by the hardware wallet is to make your private key “off-line”. If your private key is “offline”, the possibility of a remote attack on the hardware wallet by hackers is greatly reduced. But why the “offline” need to be quoted here, because the degree of “offline” is different between hardware wallets. Specifically, most hardware wallets are completely offline when not in use. But once in use, most hardware wallets will be connected to a networked mobile phone or computer via USB cable or Bluetooth. Although the connection time is very limited, the state of “indirect networking” at this time is very dangerous.
Therefore, “off-line” is actually a relative concept. The key to “off-line” lies in the communication between supporting apps (such as Ledger’s Ledger Live) and hardware wallets. There are currently four main communication methods-USB, Bluetooth, QR code and TF card. Two-dimensional code and TF card is a better way, because the link established by it is not a continuous communication connection, and all communication data is transparent and auditable. Thereby minimizing the attack surface.
Another advantage of two-dimensional code and TF card communication is that it is very easy to adapt the hardware wallet to the third-party wallet. Because both sides only need to follow the same data format, there is no need to consider the compatibility of USB and Bluetooth. This also allows the hardware wallet to simply play the role of a “signer”.
Overseas communities have been arguing over whether hardware wallets should use security chips. The square believes that it is impossible to resist physical attacks (bypass attacks) without the security chip, while the negative thinks that the security chip is a black box and cannot be trusted. However, the security chip is not exactly a black box, and the security chip is also verifiable to a certain extent.
How to verify the security chip?
The community seems to have formed a consensus on security chips over the years-security chips are not open source. But in fact, it depends on the negotiation ability between hardware wallet manufacturers and security chip manufacturers. Open source the chip design of the security chip and the underlying code requires high costs, but it is entirely possible to open source the firmware code of the security chip.
After the security chip firmware is open source, users can verify these key information:
- How to generate mnemonic words from random entropy, and then generate master private key
- Derivation of all private and public keys
- The private key signature process all takes place in the security chip
- Once the private key is generated, never leave the security chip
However, there are still three function points that users cannot verify by checking the code (these functions are implemented by the security chip manufacturer in the chip design or the underlying code):
- True random number generation (TRNG)
- Signature algorithm such as ECDSA
- How the security chip protects against physical attacks (bypass attacks)
But these three function points can be verified by users in other ways.
- True random number generation. Users can run FIPS 140-2 to verify its randomness. Trezor has also done related tests. In addition, in our later product updates, users will be allowed to roll dice to generate random entropy values, and then generate mnemonics and private keys, thereby “bypassing” the function of true random numbers, users do not need to trust the true randomness of the security chip Number generator.
- Signature algorithms such as ECDSA, this part of verification needs to rely on certain expertise, we can provide security chip development board for interested researchers to verify and publish relevant results.
- The security chip’s defense against physical attacks (bypass attacks), we can see from the history of the hardware wallet’s attack, although we cannot draw the conclusion that “the security chip can resist all physical attacks (bypass attacks)” The security capability of the security chip against physical attacks (bypass attacks) is far beyond. In addition, researchers can also apply to us for development boards for security chips to verify their defense capabilities against physical attacks (bypass attacks).
In summary, if the security chip implements open source firmware, all key operations and security can be verified or proven.
Partially Signed Bitcoin Transaction (PSBT) comes from BIP 174. From the official documentation of BIP 174, we can see that PSBT has two main usage scenarios:
- Mixed currency. Mixing coins can help users to better protect their privacy, not easily tracked by online analysis.
- Sign more across hardware wallets. PSBT is equivalent to unifying different hardware wallets and observing the “communication language” between wallets. Thus, cross-hardware multi-signature between different hardware wallets is realized. This can effectively avoid the security risks caused by the “single point of failure” of a hardware wallet. For future hardware wallets, supporting PSBT will become a must.
DIY Hardware Wallet (BYOH-Build your own hardware)
DIY hardware wallets are the ultimate way for many geek players to minimize trust in hardware wallet manufacturers.
In the past, the hardware wallet allowed users to DIY mainly by opening the hardware circuit design and all codes, so that the user could build a hardware wallet from scratch. But this statement will bring two problems:
- This method allows hackers to create a fake hardware wallet at a lower cost, and then sell the fake wallet or implement a supply chain attack, thereby stealing users’ Crypto assets. There have indeed been similar incidents in history.
- This method has extremely high requirements on the technical capabilities of users. Users need to have both hardware and software research and development capabilities to complete the DIY.
A better solution is to sell the security chip development board to users. In this way, hackers are prevented from attacking users through wallet fraud. Second, only the ability of software development is required, and users can use the security chip development board to build their own hardware wallets.
The above four promotion points are mainly explained from the perspective of technical safety. The recently popular hardware wallet ColdCard in overseas markets has led the hardware wallet industry to take a big step forward in terms of TF card data transmission and PSBT support.
Unfortunately, in the years since the birth of hardware wallets, hardware wallet manufacturers have often focused most of their attention on technical security. Such as the robustness of the code, such as the use of security chips. The entire industry has paid very little attention to the “user experience” of hardware wallets. But it is often the shortcomings of the user experience, which has led to human error and caused coin loss. Today, hardware wallets are no longer products that geek users will use. Ordinary users have begun to use hardware wallets. When designing hardware wallets, we must also take human errors into consideration to create a better user experience, so as to avoid Users lose coins.
Before discussing in-depth human errors, it is necessary to emphasize that “human errors” is a relative concept, which often cannot be applied to both ordinary users and professional users. There are some product improvements aimed at “human error” that may reduce the customizability of wallet products for professional users. For the simplest example, the wallet for professional users will allow users to manually select UTXO, but in order to reduce the complexity of the product and avoid the human mistakes of ordinary users, the function of manually selecting UTXO should be abandoned. The following details how to improve the hardware wallet to reduce the probability of human error to avoid losing coins.
Touch the big screen
I believe that users who have used the current mainstream hardware wallets have experienced the bad experience of small buttons and small screens. This shortcoming in experience magnifies the possibility of human error. From the point of input of Passphrase, because the display effect of the small screen is poor, and the character input experience is also very poor, so the existing hardware wallets let users only enter the Passphrase once, so that once the user enters If you make a mistake, you may transfer the coin to the wrong address and lose the coin. With a large screen, the input experience is better, and after the information is more complete, the system can ask the user to enter the passphrase twice. If the input matches twice, the hidden wallet is entered. If the input does not match, the system reports an error. Thereby avoiding human error.
In addition, the large touch screen can also avoid some attack surface. such as. When you receive money, you can directly show the QR code of the money collection address on your hardware wallet to the other party. Because the supporting App is networked, its currency collection address is prone to attacks, so when charging a large amount of Crypto currency, it is safer to directly use the currency collection address on the hardware wallet.
These improvements may not pose a threat to professional users, but as mentioned earlier, more and more users have Crypto currency, and hardware wallets are no longer just for professional users, but also need to consider the use scenarios of ordinary users. .
Protection against untrusted firmware
Open source code is extremely important for decentralized applications and products, but open source code also often brings new attack surfaces. At present, some hardware wallets allow users to modify the open source code by themselves, compile it into an upgrade package, and then burn it into the hardware wallet. This gives geek users more room to modify their hardware wallets themselves, but it also opens the door for hacker attacks: hackers can actively reach out to the white users who ask questions on the Internet and trick the white users into installing firmware upgrade packages that have been tampered with by hackers. (Even though there will be a prompt during the upgrade process, there is still a certain probability that hackers will deceive successfully), and then be stolen.
To reduce this risk exposure, any commercially available hardware wallet should only allow users to install officially signed firmware upgrade packages. Doing so does not necessarily hurt the user experience of geek users. The Geek version of the product can be launched at the same time, allowing users to customize the firmware upload, even if the product does not come with a working firmware, the user must burn it to use the product normally, so as to avoid ordinary users from mistakenly purchasing the Geek version Products increase their own security risks, and further, allow users to replace the public key of the verification upgrade package in the hardware wallet, so that the hardware wallet in the user’s hand only recognizes the firmware upgrade package signed by the user.
Since the electronic products we use everyday (especially mobile phones) have become “quick consumer products”, users usually replace the products in 1-2 years, so the battery life has not been a big problem. Battery manufacturers generally also design batteries based on a service life of 1-2 years. However, the usage scenarios of hardware wallets are very different from mobile phones. Often, users may have to store them for years or even decades, and even some users may seal the hardware wallet in a safe or bank safe for months or even years. Will operate the hardware wallet once.
In this scenario, to prevent battery leakage from damaging the hardware wallet body, a modular removable battery becomes a must. At the same time, vomiting support for ordinary dry battery power supply can avoid the embarrassment of users failing to operate the hardware wallet for months or years, resulting in battery failure and unable to transfer currency at a critical moment.
At present, mainstream hardware wallets mainly use computer-side apps as supporting apps, such as Ledger Live or Trezor web-side apps. However, compared to mobile apps, computer apps will bring greater risk exposure:
- The mobile apps all run in a sandbox environment. Apps are not allowed to read data from each other.
- The product of the mobile terminal defaults to system global encryption, which is often not the case on the computer side.
- The user rights of the mobile terminal are often strongly restricted. Unlike the computer terminal, users can even bypass some security protection settings through command-line tools.
In addition to the above three points, in addition, ordinary users are not good at distinguishing phishing links. Therefore, when downloading the App on the computer, ordinary users are more vulnerable to phishing attacks and download the wrong supporting App software, resulting in lost coins.
Author of “proficient Bitcoin” of Andreas Antonopolous also recommended that the public purse rather than using the phone side PC side wallet.
Support offline purchase
Most ordinary users are not good at protecting their online privacy. Online privacy leak can cause users to suffer oriented threats (APT attack) or even five dollars wrench attack (5 $ Wrench Attack). If we consider this as one of the attack surfaces, the hardware wallet is best able to support users to purchase through offline channels through cash.
Write at the end
Creating a secure hardware wallet is not easy. It can be understood that this is a showdown between spear and shield. In addition to the 9 hardware wallet improvements mentioned above, there are 2 more points we look forward to:
- Abandon all MCU chips and use a security chip to control the input and output of all hardware wallets, including but not limited to keyboards, screens, cameras, card readers, Bluetooth, USB, etc. Because of reviewing the history of hardware wallet attacks, all the vicious attack events revolved around the MCU.
- Full open source security chip. This will increase the transparency of the key component of the security chip to an unprecedented level. It is good to see that giant companies such as Google are working hard for this.