Hardware WalletsSecurity Date 2024/06/20 TLP GREEN TLP : GREEN Hardware Wallets Security Renaud Lifchitz, Chief Scientific Officer Séminaire de cryptofinance Institut Henri Poincaré – June, 20th 2024

Hardware Wallets Security Date 2024/06/20 TLP GREEN • Interest in Bitcoin since July... 2010 ! (BTC/USD was around $0.05) • June 2011: author of the very first public presentation about Bitcoin in France : "Bitcoin : une monnaie électronique pour tous" (https://bit.ly/rl-btc2011) • 2013 : Co-author of the proof-of-work of DataCoin et PrimeCoin ("EulerLagrangeLifchitzPrimalityTest" function), first useful PoW according to Vitalik Buterin, tens of world records found: https://bit.ly/rl-pow • 2013 : Development of a Bitcoin miner on FPGA, profitable for 2 years • IT & IoT cybersecurity expert, interested in cryptography • Advisor, auditor and trainer for about twenty blockchain companies About the speaker 2

Hardware Wallets Security Date 2024/06/20 TLP GREEN HOLISEUM Pure Player in critical and industrial infrastructures protection KEY FIGURES Of expenses in R&D 2018 Creation year of Holiseum 40 Cybersecurity consultants 20% Continents covered with ¼ of turnover achieved abroad 5 Innovation & disruption Excellency & expertise Holistic vision & 360° approach Legitimacy resulting from field experiences Scalability & operational efficiency OUR DNA Consulting & Services Education & training Software editing 3 MAIN PILLARS OUR MAIN CLIENTS

Hardware Wallets Security Date 2024/06/20 TLP GREEN QUALIFICATIONS PASSI* (ANSSI) ** on all scopes Selection for the PACS*** experimental phase Referred by France Relance (audits & remediation) Certified : innovative young company Ransomware Dry Run® referred by UGAP BUSINESS SECTORS Maritime Finance Others Luxury Energy *PASSI: Information systems security audit providers **ANSSI: French National Cybersecurity Agency ***PACS: Support & advice providers on information systems security KEY FIGURES 360 Audits 1st Ransomware Dry Run 3 Awards for our innovative solutions +150 Pentests / year +250 HOLISEUM Pure Player in critical and industrial infrastructures protection HOLISEUM IS A MEMBER OF

Hardware Wallets Security Date 2024/06/20 TLP GREEN Outline 1. Security of common electronic components 2. Architecture of a hardware wallet 3. Security evaluations 4. Risks regarding hardware wallets 5. Security model of well known wallet types

Hardware Wallets Security Date 2024/06/20 TLP GREEN 1 Security of common electronic components

Hardware Wallets Security Date 2024/06/20 TLP GREEN • MCU: MicroController Unit • CPU: CentralProcessing Unit / processor • MCU and CPU are quite easy to debug, dump, reflash (like flash and RAM chips...) • They cannot be used to store sensitive data like private keys Security of common electronic components (1/2) 7

Hardware Wallets Security Date 2024/06/20 TLP GREEN • SE: Secure Element o Kind of vault for private data (keys) & secure processing o Very similar to the one you have on your credit card o Similar to TPM ("Trusted Platform Module", hardware) or TEE ("Trusted Execution Enclave", software) on computers and smartphones o Usually tested against logical and physical attacks, even side- channel attacks! o However, the security functions should be correctly used by the developers... Security of common electronic components (2/2) 8

Hardware Wallets Security Date 2024/06/20 TLP GREEN 2 Architecture of a hardware wallet

Hardware Wallets Security Date 2024/06/20 TLP GREEN Simplified architecture 10

Hardware Wallets Security Date 2024/06/20 TLP GREEN "Ideal" architecture 11

Hardware Wallets Security Date 2024/06/20 TLP GREEN Practical architecture 12 When the SE doesn't implement the signature algorithm, key might be exposed...

Hardware Wallets Security Date 2024/06/20 TLP GREEN 3 Security evaluations

Hardware Wallets Security Date 2024/06/20 TLP GREEN • CSPN ("Certificat de Sécurité de Premier Niveau", mostly recognized in France) • CC ("Common Criteria") standards o ISO 15408 o comes with the EAL ("Evaluation Assurance Level") scale, from 1 to 7 What are existing open security evaluations? 14

Hardware Wallets Security Date 2024/06/20 TLP GREEN • EAL scale: o EAL1: Functionally Tested o EAL2: Structurally Tested o EAL3: Methodically Tested and Checked o EAL4: Methodically Designed, Tested and Reviewed o EAL5: Semiformally Designed and Tested o EAL6: Semiformally Verified Design and Tested o EAL7: Formally Verified Design and Tested • EAL > 5+ doesn't provide a lot more security against attacks (mostly against bugs) Common Criteria 15

Hardware Wallets Security Date 2024/06/20 TLP GREEN • Examples: o EAL7: NGrave o EAL6+: CoolWallet SE, Tangem o EAL5+ & CSPN: Ledger Nano X SE o EAL5+: Mastercard & Visa debit cards (EMVCo) EAL rankings 16

Hardware Wallets Security Date 2024/06/20 TLP GREEN 4 Risks regarding hardware wallets

Hardware Wallets Security Date 2024/06/20 TLP GREEN • Theft • Loss • Tampering (hardware or software) o Before use: supply chain attacks o After use: to recover the PIN or steal funds from a user • Substitution • Malfunction (hardware or software) • Access to backup Risks regarding hardware wallets 18

Hardware Wallets Security Date 2024/06/20 TLP GREEN • Probably the most underrated and probable risk • Allows the complete bypass of hardware wallets security model • Backups are in general much more vulnerable than hardware wallets: you have to think about securing your backups first! Access to backup (1/3) 19

Hardware Wallets Security Date 2024/06/20 TLP GREEN • Best practices for seed backups: 1. Resistance: resistance to disasters (fire/flood), for ex. stainless steel plates 2. Redundancy: have it at several places (in case of place/seed destruction by disaster) 3. Passphrase/25th word: to add security on top of the raw BIP-39 seed (don't forget it!) 4. Opaque envelope/bag : to avoid direct view of the backup by unauthorized persons (family, housemates, guests, thieves) 5. Tamper-proof security envelope/bag: to check if the seed has been accessed without your knowledge 6. Time-locked backup key: ex.: unsaved operational seed + saved and protected non-operational seed with Liana Access to backup (2/3) 20

Hardware Wallets Security Date 2024/06/20 TLP GREEN • Bad practices: o Plaintext digital backup by default (ex.: BitBox02) o Plaintext seed needed for every signature (ex.: Seedsigner requires it!)  very difficult to secure in practice (cannot be tamper-proof) Access to backup (3/3) 21

Hardware Wallets Security Date 2024/06/20 TLP GREEN • If device is tampered: o attacker can remotely accept arbitrary transactions o attacker can display inaccurate transactions for the user to validate them (wrong amount/recipient) • Goal: stealing funds... • Often requires a 2-step attack: 1. physical access: hardware implant (wired or wireless) 2. user interaction Device tampering 22

Hardware Wallets Security Date 2024/06/20 TLP GREEN 5 Security model of well known wallet types

Hardware Wallets Security Date 2024/06/20 TLP GREEN • HW with certified SE: Ledger Nano X • HW with non-certified SE: Safepal S1 • HW without SE: classic Trezor models • Smartcards (often Java-based): Tangem, TapSigner • HW without long-term key storage: SeedSigner Hardware wallet types 24

Hardware Wallets Security Date 2024/06/20 TLP GREEN • "Virtual Secure Element" • Cloud or self-hosted service (server) • Basically the seed is split between the device (encrypted seed) and the server (key) • Risks: o Censorship/DoS ("Denial of Service"): ISP or country can block Jade server IPs o Logical or physical access to server implies: o PIN trials reset  PIN bruteforce possible o access to Jade users encryption keys Jade (FOSS) 25

Hardware Wallets Security Date 2024/06/20 TLP GREEN • You load the seed temporarily into a signing device • Risks: o Seed is physically exposed to housemates and thieves o Device is exposed and easy to modify (hardware and software) SeedSigner (FOSS) 26

Hardware Wallets Security Date 2024/06/20 TLP GREEN • Risks: o Seed is extractible from MCU/CPU, but it takes time (hardware debug and/or side-channel attacks) Most hardware wallets without SE 27

Hardware Wallets Security Date 2024/06/20 TLP GREEN • Seed is terribly hard to extract from the device (only very big companies or countries might try) • Risks: o Mostly finding the backup paper seed Most hardware wallets with SE 28

Hardware Wallets Security Date 2024/06/20 TLP GREEN • Happened because of open source (access to git commits) • Ledger lack of anticipation for communication • People (even security experts) confuse self-custody and being trustless: self-custody doesn't imply being trustless! • In a hardware wallet, you always rely on hardware (rarely open source) and firmware (sometimes open source) The "LedgerGate" case 29

Hardware Wallets Security Date 2024/06/20 TLP GREEN • Plaintext bus between MCU and SE (no "Secure Channel"): PIN and/or private key can be sniffed • Unauthenticated access to the screen display bus / button bus • Key temporary leaving SE because of lack of algorithm implementation within the SE • Censorship: ISP or country filtering DNS/IP access to wallet provider servers HW common found vulnerabilities 30

Hardware Wallets Security Date 2024/06/20 TLP GREEN Faïz DJELLOULI CEO & Co-Founder +33 6 69 72 29 64 | [email protected] An NGUYEN COO & Co-Founder +33 6 98 84 39 97 | [email protected] Holiseum | SAS au capital de 10.000€ | RCS Paris 841 088 024 | n°TVA FR 77 841088024 | 20 Place de la Défense (Morning) | Tour Légende, 92800 Puteaux www.holiseum.com Questions?  [email protected] Propaganda memes by phneep.com