Crypto wallets security: for developers

Transcript

1. Crypto Wallets Security
   
   
   for developers
   Julia Potapenko
   

   View Slide

2. Security Software Engineer
   Julia Potapenko
   
   
   @julepka
   We help companies to
   protect their sensitive
   and valuable data.
   OWASP Zhytomyr Leader.
   Contributor to OWASP security
   standards and guides.
   Women Who Code Kyiv Director
   

   View Slide

3. OWASP
   
   
   Open Web Application
   Security Project
   A nonpro
   f
   it foundation that works to
   improve the security of software
   OWASP Top 10
   
   
   OWASP ASVS
   
   
   OWASP WSTG
   
   
   OWASP MASVS/MSTG
   https://owasp.org/www-project-mobile-security-testing-guide/
   https://owasp.org/www-project-application-security-veri
   f
   ication-standard/
   https://owasp.org/www-project-web-security-testing-guide/
   https://owasp.org/www-project-top-ten/
   

   View Slide

4. Today we will talks about
   
   
   #cryptocurrency_wallets #sensitive_assets
   
   
   #authentication #local_storage #platform #cryptography
   
   
   #dependencies_management
   

   View Slide

5. How does it work?
   Your account = your seed / private key
   
   
   Loosing seed / private key = loosing the account
   
   
   Wallet gives access to several accounts
   
   
   The main challenge is to secure seed / private keys
   

   View Slide

6. Cryptocurrency wallet types
   Custodial
   
   
   third-party storage
   Non-custodial
   
   
   user-controled
   

   View Slide

7. Cryptocurrency wallet types
   Custodial
   
   
   third-party storage
   Non-custodial
   
   
   user-controled
   Hot
   
   
   online
   Cold
   
   
   of
   f
   line
   

   View Slide

8. https://www.wired.com/story/hack-binance-cryptocurrency-exchange/
   Why should devs care?
   

   View Slide

9. https://www.wired.com/story/hack-binance-cryptocurrency-exchange/
   https://www.bbc.com/news/technology-59549606
   Why should devs care?
   

   View Slide

10. https://www.theverge.com/2022/1/24/22898712/crypto-
    hardware-wallet-hacking-lost-bitcoin-ethereum-nft
    https://www.wired.com/story/hack-binance-cryptocurrency-exchange/
    https://www.bbc.com/news/technology-59549606
    Why should devs care?
    

    View Slide

11. https://www.theverge.com/2022/1/24/22898712/crypto-
    hardware-wallet-hacking-lost-bitcoin-ethereum-nft
    https://www.wired.com/story/hack-binance-cryptocurrency-exchange/
    https://www.bbc.com/news/technology-59549606 https://www.theverge.com/2021/11/4/22763015/cryptocurrency-
    fake-wallet-phishing-scam-google-ads-phantom-metamask
    Why should devs care?
    

    View Slide

12. https://www.theverge.com/2022/1/24/22898712/crypto-
    hardware-wallet-hacking-lost-bitcoin-ethereum-nft
    https://www.wired.com/story/hack-binance-cryptocurrency-exchange/
    https://www.bbc.com/news/technology-59549606 https://www.theverge.com/2021/11/4/22763015/cryptocurrency-
    fake-wallet-phishing-scam-google-ads-phantom-metamask
    Why should devs care?
    It is not about blockchain security.
    
    
    It is about application security and user education
    

    View Slide

13. Cryptocurrency wallet types
    Custodial
    
    
    third-party storage
    Non-custodial
    
    
    user-controled
    Hot
    
    
    online
    Cold
    
    
    of
    f
    line
    

    View Slide

14. Coinbase wallet example
    

    View Slide

15. Similar to banking apps,
    cryptocurrency wallets
    operate user funds,
    meaning security baseline
    should be nearly the same.
    

    View Slide

16. Similar to banking apps,
    cryptocurrency wallets
    operate user funds,
    meaning security baseline
    should be nearly the same.
    Threat vectors considerations
    
    
    • Authentication
    
    
    • Local storage
    
    
    • Platform trust
    
    
    • Cryptography
    
    
    • Communication
    
    
    • User education
    
    
    • Supply chain
    

    View Slide

17. User Authentication
    LOCAL VS REMOTE
    If the app provides users access to a remote service, some form of authentication,
    such as username/password authentication, is performed at the remote endpoint.
    
    
    No sensitive data should be stored locally on the mobile device. Instead, data should
    be retrieved from a remote endpoint when needed and only be kept in memory.
    
    
    If sensitive data is still required to be stored locally, it should be encrypted using a
    key derived from hardware backed storage which requires authentication.
    
    
    – OWASP MASVS 4.1, 2.11, 2.12
    

    View Slide

18. User Authentication
    LOCAL VS REMOTE
    If the app provides users access to a remote service, some form of authentication,
    such as username/password authentication, is performed at the remote endpoint.
    
    
    No sensitive data should be stored locally on the mobile device. Instead, data should
    be retrieved from a remote endpoint when needed and only be kept in memory.
    
    
    If sensitive data is still required to be stored locally, it should be encrypted using a
    key derived from hardware backed storage which requires authentication.
    
    
    – OWASP MASVS 4.1, 2.11, 2.12
    But what about deanonymisation?
    Non-custodial wallets are usually fat clients
    

    View Slide

19. Password policy
    
    
    Password rotation when leaked
    
    
    Defences against brute-force attacks
    
    
    Step-up authentication
    
    
    Biometry veri
    f
    ication
    User Authentication
    

    View Slide

20. Know your platform
    What kind of storage should be used to deliver the best security guarantees?
    

    View Slide

21. Know your platform
    What kind of storage should be used to deliver the best security guarantees?
    Is it a
    f
    ile? Can you steal it?
    
    
    Can other apps access it?
    
    
    What about integrity?
    
    
    And Encryption?
    

    View Slide

22. Know your platform
    What kind of storage should be used to deliver the best security guarantees?
    Is it a
    f
    ile? Can you steal it?
    
    
    Can other apps access it?
    
    
    What about integrity?
    
    
    And Encryption?
    It is a developer’s responsibility to
    know how the storage works on the
    platform you use.
    

    View Slide

23. 000003.log is a storage
    f
    ile of web-extension. You can copy it from
    one browser and paste into another.
    Know your platform
    

    View Slide

24. Objection tool that allows to access Keychain of the device, no jailbreak required
    Know your platform
    

    View Slide

25. Cryptography
    How to encrypt the data with a password?
    
    
    

    View Slide

26. Cryptography
    How to encrypt the data with a password?
    
    
    You decided to pick AES. You need a key length of 256 bits but the
    password is shorter.
    
    
    You use a hash function SHA256.
    
    
    

    View Slide

27. Cryptography
    How to encrypt the data with a password?
    
    
    You decided to pick AES. You need a key length of 256 bits but the
    password is shorter.
    
    
    You use a hash function SHA256. KDF (Key Derivation Function)
    
    
    

    View Slide

28. Cryptography
    How to encrypt the data with a password?
    
    
    You decided to pick AES. You need a key length of 256 bits but the
    password is shorter.
    
    
    You use a hash function SHA256. KDF (Key Derivation Function)
    
    
    Your pick PBKDF2. You need to specify number of rounds for it.
    
    
    Similar to some example in the Internet you pick 2 000.
    
    
    

    View Slide

29. Cryptography
    How to encrypt the data with a password?
    
    
    You decided to pick AES. You need a key length of 256 bits but the
    password is shorter.
    
    
    You use a hash function SHA256. KDF (Key Derivation Function)
    
    
    Your pick PBKDF2. You need to specify number of rounds for it.
    
    
    Similar to some example in the Internet you pick 2 000. 310 000
    
    
    

    View Slide

30. Cryptography
    How to encrypt the data with a password?
    
    
    You decided to pick AES. You need a key length of 256 bits but the
    password is shorter.
    
    
    You use a hash function SHA256. KDF (Key Derivation Function)
    
    
    Your pick PBKDF2. You need to specify number of rounds for it.
    
    
    Similar to some example in the Internet you pick 2 000. 310 000
    
    
    CBC or GCM mode? Random IV? … ? ? ?
    

    View Slide

31. Cryptography
    How to encrypt the data with a password?
    
    
    You decided to pick AES. You need a key length of 256 bits but the
    password is shorter.
    
    
    You use a hash function SHA256. KDF (Key Derivation Function)
    
    
    Your pick PBKDF2. You need to specify number of rounds for it.
    
    
    Similar to some example in the Internet you pick 2 000. 310 000
    
    
    CBC or GCM mode? Random IV? … ? ? ?
    Don’t roll your own crypto
    Use Themis https://github.com/cossacklabs/themis
    Use libsodium
    

    View Slide

32. Cryptography
    Comes from mvayngrib/react-native-crypto library…
    
    
    that uses react-native-randombytes library…
    
    
    that uses Stanford Javascript Crypto Library (SJCL) for synchronous random
    values generation.
    
    
    React Native mobile
    app example
    

    View Slide

33. Cryptography
    Comes from mvayngrib/react-native-crypto library…
    
    
    that uses react-native-randombytes library…
    
    
    that uses Stanford Javascript Crypto Library (SJCL) for synchronous random
    values generation.
    
    
    SJCL random values generator relies on mouse movements and keyboard listeners.
    React Native mobile
    app example
    

    View Slide

34. Supply chain
    

    View Slide

35. Supply chain
    

    View Slide

36. Supply chain
    

    View Slide

37. Supply chain
    

    View Slide

38. Supply chain
    

    View Slide

39. How to identify a good library
    Looks alive
    
    
    Built for required platform
    
    
    Easy to use, hard to misuse
    
    
    Covered with tests
    
    
    Documentation
    
    
    Secure
    
    
    Performance
    
    
    Licence
    

    View Slide

40. https://snyk.io/advisor/npm-package/
    react-native-sensitive-info
    How to identify a good library
    

    View Slide

41. Useful tools
    Automate and add to PRs
    
    
    SonarQube
    
    
    Snyk
    
    
    Dependabot
    

    View Slide

42. Useful tools
    Automate and add to PRs
    
    
    SonarQube
    
    
    Snyk
    
    
    Dependabot
    SAST (Static Application Security Testing):
    
    
    https://owasp.org/www-community/
    Source_Code_Analysis_Tools
    
    
    DAST (Dynamic Application Security Testing):
    
    
    https://owasp.org/www-community/
    Vulnerability_Scanning_Tools
    

    View Slide

43. User is a single point of
    failure
    Non-custodial wallets security is the
    user responsibility.
    

    View Slide

44. Useful links
    [Article] Crypto wallets security as seen by security engineers:
    
    
    https://www.cossacklabs.com/blog/crypto-wallets-security/
    
    
    [Article] Security of React Native libraries: the bad, the worse and the ugly:
    
    
    https://www.cossacklabs.com/blog/react-native-libraries-security/
    
    
    [Article] React Native security: things to keep in mind:
    
    
    https://www.cossacklabs.com/blog/react-native-app-security/
    
    
    [Slides] Why can’t developers make it secure:
    
    
    https://speakerdeck.com/julep/why-cant-developers-make-it-secure
    

    View Slide

45. Thank you!
    Follow me on Twitter
    
    
    @julepka
    

    View Slide