Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Crypto wallets security: for developers

Julia Potapenko
February 22, 2022
2.5k

Crypto wallets security: for developers

Julia Potapenko

February 22, 2022
Tweet

Transcript

  1. Crypto Wallets Security


    for developers
    Julia Potapenko

    View Slide

  2. Security Software Engineer
    Julia Potapenko


    @julepka
    We help companies to
    protect their sensitive
    and valuable data.
    OWASP Zhytomyr Leader.
    Contributor to OWASP security
    standards and guides.
    Women Who Code Kyiv Director

    View Slide

  3. OWASP


    Open Web Application
    Security Project
    A nonpro
    f
    it foundation that works to
    improve the security of software
    OWASP Top 10


    OWASP ASVS


    OWASP WSTG


    OWASP MASVS/MSTG
    https://owasp.org/www-project-mobile-security-testing-guide/
    https://owasp.org/www-project-application-security-veri
    f
    ication-standard/
    https://owasp.org/www-project-web-security-testing-guide/
    https://owasp.org/www-project-top-ten/

    View Slide

  4. Today we will talks about


    #cryptocurrency_wallets #sensitive_assets


    #authentication #local_storage #platform #cryptography


    #dependencies_management

    View Slide

  5. How does it work?
    Your account = your seed / private key


    Loosing seed / private key = loosing the account


    Wallet gives access to several accounts


    The main challenge is to secure seed / private keys

    View Slide

  6. Cryptocurrency wallet types
    Custodial


    third-party storage
    Non-custodial


    user-controled

    View Slide

  7. Cryptocurrency wallet types
    Custodial


    third-party storage
    Non-custodial


    user-controled
    Hot


    online
    Cold


    of
    f
    line

    View Slide

  8. https://www.wired.com/story/hack-binance-cryptocurrency-exchange/
    Why should devs care?

    View Slide

  9. https://www.wired.com/story/hack-binance-cryptocurrency-exchange/
    https://www.bbc.com/news/technology-59549606
    Why should devs care?

    View Slide

  10. https://www.theverge.com/2022/1/24/22898712/crypto-
    hardware-wallet-hacking-lost-bitcoin-ethereum-nft
    https://www.wired.com/story/hack-binance-cryptocurrency-exchange/
    https://www.bbc.com/news/technology-59549606
    Why should devs care?

    View Slide

  11. https://www.theverge.com/2022/1/24/22898712/crypto-
    hardware-wallet-hacking-lost-bitcoin-ethereum-nft
    https://www.wired.com/story/hack-binance-cryptocurrency-exchange/
    https://www.bbc.com/news/technology-59549606 https://www.theverge.com/2021/11/4/22763015/cryptocurrency-
    fake-wallet-phishing-scam-google-ads-phantom-metamask
    Why should devs care?

    View Slide

  12. https://www.theverge.com/2022/1/24/22898712/crypto-
    hardware-wallet-hacking-lost-bitcoin-ethereum-nft
    https://www.wired.com/story/hack-binance-cryptocurrency-exchange/
    https://www.bbc.com/news/technology-59549606 https://www.theverge.com/2021/11/4/22763015/cryptocurrency-
    fake-wallet-phishing-scam-google-ads-phantom-metamask
    Why should devs care?
    It is not about blockchain security.


    It is about application security and user education

    View Slide

  13. Cryptocurrency wallet types
    Custodial


    third-party storage
    Non-custodial


    user-controled
    Hot


    online
    Cold


    of
    f
    line

    View Slide

  14. Coinbase wallet example

    View Slide

  15. Similar to banking apps,
    cryptocurrency wallets
    operate user funds,
    meaning security baseline
    should be nearly the same.

    View Slide

  16. Similar to banking apps,
    cryptocurrency wallets
    operate user funds,
    meaning security baseline
    should be nearly the same.
    Threat vectors considerations


    • Authentication


    • Local storage


    • Platform trust


    • Cryptography


    • Communication


    • User education


    • Supply chain

    View Slide

  17. User Authentication
    LOCAL VS REMOTE
    If the app provides users access to a remote service, some form of authentication,
    such as username/password authentication, is performed at the remote endpoint.


    No sensitive data should be stored locally on the mobile device. Instead, data should
    be retrieved from a remote endpoint when needed and only be kept in memory.


    If sensitive data is still required to be stored locally, it should be encrypted using a
    key derived from hardware backed storage which requires authentication.


    – OWASP MASVS 4.1, 2.11, 2.12

    View Slide

  18. User Authentication
    LOCAL VS REMOTE
    If the app provides users access to a remote service, some form of authentication,
    such as username/password authentication, is performed at the remote endpoint.


    No sensitive data should be stored locally on the mobile device. Instead, data should
    be retrieved from a remote endpoint when needed and only be kept in memory.


    If sensitive data is still required to be stored locally, it should be encrypted using a
    key derived from hardware backed storage which requires authentication.


    – OWASP MASVS 4.1, 2.11, 2.12
    But what about deanonymisation?
    Non-custodial wallets are usually fat clients

    View Slide

  19. Password policy


    Password rotation when leaked


    Defences against brute-force attacks


    Step-up authentication


    Biometry veri
    f
    ication
    User Authentication

    View Slide

  20. Know your platform
    What kind of storage should be used to deliver the best security guarantees?

    View Slide

  21. Know your platform
    What kind of storage should be used to deliver the best security guarantees?
    Is it a
    f
    ile? Can you steal it?


    Can other apps access it?


    What about integrity?


    And Encryption?

    View Slide

  22. Know your platform
    What kind of storage should be used to deliver the best security guarantees?
    Is it a
    f
    ile? Can you steal it?


    Can other apps access it?


    What about integrity?


    And Encryption?
    It is a developer’s responsibility to
    know how the storage works on the
    platform you use.

    View Slide

  23. 000003.log is a storage
    f
    ile of web-extension. You can copy it from
    one browser and paste into another.
    Know your platform

    View Slide

  24. Objection tool that allows to access Keychain of the device, no jailbreak required
    Know your platform

    View Slide

  25. Cryptography
    How to encrypt the data with a password?


    View Slide

  26. Cryptography
    How to encrypt the data with a password?


    You decided to pick AES. You need a key length of 256 bits but the
    password is shorter.


    You use a hash function SHA256.


    View Slide

  27. Cryptography
    How to encrypt the data with a password?


    You decided to pick AES. You need a key length of 256 bits but the
    password is shorter.


    You use a hash function SHA256. KDF (Key Derivation Function)


    View Slide

  28. Cryptography
    How to encrypt the data with a password?


    You decided to pick AES. You need a key length of 256 bits but the
    password is shorter.


    You use a hash function SHA256. KDF (Key Derivation Function)


    Your pick PBKDF2. You need to specify number of rounds for it.


    Similar to some example in the Internet you pick 2 000.


    View Slide

  29. Cryptography
    How to encrypt the data with a password?


    You decided to pick AES. You need a key length of 256 bits but the
    password is shorter.


    You use a hash function SHA256. KDF (Key Derivation Function)


    Your pick PBKDF2. You need to specify number of rounds for it.


    Similar to some example in the Internet you pick 2 000. 310 000


    View Slide

  30. Cryptography
    How to encrypt the data with a password?


    You decided to pick AES. You need a key length of 256 bits but the
    password is shorter.


    You use a hash function SHA256. KDF (Key Derivation Function)


    Your pick PBKDF2. You need to specify number of rounds for it.


    Similar to some example in the Internet you pick 2 000. 310 000


    CBC or GCM mode? Random IV? … ? ? ?

    View Slide

  31. Cryptography
    How to encrypt the data with a password?


    You decided to pick AES. You need a key length of 256 bits but the
    password is shorter.


    You use a hash function SHA256. KDF (Key Derivation Function)


    Your pick PBKDF2. You need to specify number of rounds for it.


    Similar to some example in the Internet you pick 2 000. 310 000


    CBC or GCM mode? Random IV? … ? ? ?
    Don’t roll your own crypto
    Use Themis https://github.com/cossacklabs/themis
    Use libsodium

    View Slide

  32. Cryptography
    Comes from mvayngrib/react-native-crypto library…


    that uses react-native-randombytes library…


    that uses Stanford Javascript Crypto Library (SJCL) for synchronous random
    values generation.


    React Native mobile
    app example

    View Slide

  33. Cryptography
    Comes from mvayngrib/react-native-crypto library…


    that uses react-native-randombytes library…


    that uses Stanford Javascript Crypto Library (SJCL) for synchronous random
    values generation.


    SJCL random values generator relies on mouse movements and keyboard listeners.
    React Native mobile
    app example

    View Slide

  34. Supply chain

    View Slide

  35. Supply chain

    View Slide

  36. Supply chain

    View Slide

  37. Supply chain

    View Slide

  38. Supply chain

    View Slide

  39. How to identify a good library
    Looks alive


    Built for required platform


    Easy to use, hard to misuse


    Covered with tests


    Documentation


    Secure


    Performance


    Licence

    View Slide

  40. https://snyk.io/advisor/npm-package/
    react-native-sensitive-info
    How to identify a good library

    View Slide

  41. Useful tools
    Automate and add to PRs


    SonarQube


    Snyk


    Dependabot

    View Slide

  42. Useful tools
    Automate and add to PRs


    SonarQube


    Snyk


    Dependabot
    SAST (Static Application Security Testing):


    https://owasp.org/www-community/
    Source_Code_Analysis_Tools


    DAST (Dynamic Application Security Testing):


    https://owasp.org/www-community/
    Vulnerability_Scanning_Tools

    View Slide

  43. User is a single point of
    failure
    Non-custodial wallets security is the
    user responsibility.

    View Slide

  44. Useful links
    [Article] Crypto wallets security as seen by security engineers:


    https://www.cossacklabs.com/blog/crypto-wallets-security/


    [Article] Security of React Native libraries: the bad, the worse and the ugly:


    https://www.cossacklabs.com/blog/react-native-libraries-security/


    [Article] React Native security: things to keep in mind:


    https://www.cossacklabs.com/blog/react-native-app-security/


    [Slides] Why can’t developers make it secure:


    https://speakerdeck.com/julep/why-cant-developers-make-it-secure

    View Slide

  45. Thank you!
    Follow me on Twitter


    @julepka

    View Slide