SlideShare uma empresa Scribd logo

Cryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly

Eric Larcheveque
Eric Larcheveque

Cryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly

Dispositivos e hardware
1 de 13
Baixar para ler offline
Cryptocurrencies Hardware Wallets 33C3 Bitcoin Assembly @btchip
Why ? Cryptocurrencies come with built-in bug bounties #SFYL CO 2.0 (Etienne Daho, theoretical singer, so it makes a good joke, at least in french)
An already well developed ecosystem
Owning cryptocurrencies == owning private keys (on secp256k1) Owning private keys is a complicated problem Many possible attacks Online : plain old scam, exchange security problem, outdated security (hello SMS 2FA) Software : non creative (sweeping keys) or more creative malware, bad crypto, phishing
Need for a new device class Protect private keys (basic functionality) Protect against creative malware Easy to install, easy to use, easy to recover, as plug & play as possible Easy to audit (don’t trust, verify) Easy to tinker (cryptocurrencies are a continuous R&D effort)
Typical operation 0 Initialize the Hardware Wallet (once, or recovering) 1 Send the public data to sign (Bitcoin transaction, Ethereum contract data) 2 Verify what’s going to be signed on the device 3 User confirmation that cannot be faked by malware 4 Signing operation happens on device 5 Public data returned to the host (computer / phone) 6 Public data broadcasted to the blockchain by the host
Being easy to recover Hierarchical Deterministic wallet concept (BIP 32) : derive keys from a seed + index
Being easy to recover Optionally BIP 39 and BIP 44 on top of it : encode the seed into mnemonic words https://iancoleman.github.io/bip39/
Providing good crypto Limit dependencies on randomness as much as possible - Hierarchical Deterministic wallets - Deterministic signing (RFC 6979), avoids ECDSA nonce reuse by design Limit side channel attacks - Constant time signing (https://github.com/bitcoin-core/secp256k1) - For more complex DPA, YMMV. Still a lot of specialized work per chip.
Why not a vanilla smartcard ? Protect private keys // yes Protect against creative malware // not really, see PIN MITM Easy to install, easy to use, as plug & play as possible // not really, see CCID Easy to audit // absolutely not Easy to tinker // no, Java Card being the most open environment available Still possible to do stuff : see Fidesmo, Bitcoin Wallet implementation https://github.com/ledgerhq/ledger-javacard
Different vendors, different implementation strategies Fully Open Source approach + Open MCU + Fully auditable firmware - Distribution and attestation issues - Physical attacks Secure chip based approach + Proved model for distribution and attestation + Designed to protect against physical attacks - Not fully open, striving to reduce the TCB - Involving specialized hardware
Ledger platform architecture Trusted / Secure component (Secure Element or enclave) with limited I/O options Non trusted component with more I/O options Screen Direct control from the Trusted component, proxied Pairing at boot time User app 1 User app 2 Button Sensor USB
Improving on isolation, using ARM capabilities Native application 1 Native application 2 Native application 3 Microkernel User seed MMU lock User modeSupervisor mode System call UI application

Recomendados

IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutions
Eric Larcheveque
 
Bitcoin hardware wallets security
Bitcoin hardware wallets securityBitcoin hardware wallets security
Bitcoin hardware wallets security
Eric Larcheveque
 
Rebooting the smartcard
Rebooting the smartcardRebooting the smartcard
Rebooting the smartcard
Eric Larcheveque
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great again
Eric Larcheveque
 
Blockchain solutions leading to better security practices
Blockchain solutions leading to better security practicesBlockchain solutions leading to better security practices
Blockchain solutions leading to better security practices
Eric Larcheveque
 
Edcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contractsEdcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contracts
Eric Larcheveque
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 

Recomendados

IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutions
Eric Larcheveque
 
Bitcoin hardware wallets security
Bitcoin hardware wallets securityBitcoin hardware wallets security
Bitcoin hardware wallets security
Eric Larcheveque
 
Rebooting the smartcard
Rebooting the smartcardRebooting the smartcard
Rebooting the smartcard
Eric Larcheveque
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great again
Eric Larcheveque
 
Blockchain solutions leading to better security practices
Blockchain solutions leading to better security practicesBlockchain solutions leading to better security practices
Blockchain solutions leading to better security practices
Eric Larcheveque
 
Edcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contractsEdcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contracts
Eric Larcheveque
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Charalampos Doukas
 
Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
Tutun Juhana
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
OWASP Delhi
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
Yu-Hsin Hung
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
Paul Fremantle
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT Hub
WinWire Technologies Inc
 
Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018
FrenchTechCentral
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9
Arvind Tiwary
 
IOT Security
IOT SecurityIOT Security
IOT Security
Sylvain Martinez
 
Scaling IoT Deployments: DevOps for the Internet of Things
Scaling IoT Deployments: DevOps for the Internet of ThingsScaling IoT Deployments: DevOps for the Internet of Things
Scaling IoT Deployments: DevOps for the Internet of Things
Balena
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
noornabi16
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
CAS
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
IoT Saturday PN 2019 - Eurotech
IoT Saturday PN 2019 - EurotechIoT Saturday PN 2019 - Eurotech
IoT Saturday PN 2019 - Eurotech
Luca Dazi
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il Concentratore
Riccardo Cappello
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
WSO2
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your Network
Robb Boyd
 
Ethereum the next revolution?
Ethereum the next revolution?Ethereum the next revolution?
Ethereum the next revolution?
Tim Dierckxsens
 

Mais conteúdo relacionado

Mais procurados

IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
WSO2
 

Mais procurados (20)

IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
 
Iot Security
Iot SecurityIot Security
Iot Security
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT Hub
 
Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
Scaling IoT Deployments: DevOps for the Internet of Things
Scaling IoT Deployments: DevOps for the Internet of ThingsScaling IoT Deployments: DevOps for the Internet of Things
Scaling IoT Deployments: DevOps for the Internet of Things
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
IoT Saturday PN 2019 - Eurotech
IoT Saturday PN 2019 - EurotechIoT Saturday PN 2019 - Eurotech
IoT Saturday PN 2019 - Eurotech
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il Concentratore
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
 

Destaque

Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your Network
Robb Boyd
 
xcel energy November 2008
xcel energy November 2008 xcel energy November 2008
xcel energy November 2008
finance26
 
Presentation for Aswad (Final Draft).pptx
Presentation for Aswad (Final Draft).pptxPresentation for Aswad (Final Draft).pptx
Presentation for Aswad (Final Draft).pptx
Sher Shah
 
Nothing Is Possible Until It's On Facebook
Nothing Is Possible Until It's On FacebookNothing Is Possible Until It's On Facebook
Nothing Is Possible Until It's On Facebook
Nassos Kappa
 

Destaque (19)

Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your Network
 
Ethereum the next revolution?
Ethereum the next revolution?Ethereum the next revolution?
Ethereum the next revolution?
 
TechWiseTV Workshop: Cisco Developer Program
TechWiseTV Workshop: Cisco Developer ProgramTechWiseTV Workshop: Cisco Developer Program
TechWiseTV Workshop: Cisco Developer Program
 
Blockchain101
Blockchain101Blockchain101
Blockchain101
 
Attention Backed Assets - Princeton Ethereum Meetup - 19 jan 2017 - final
Attention Backed Assets - Princeton Ethereum Meetup - 19 jan 2017 - finalAttention Backed Assets - Princeton Ethereum Meetup - 19 jan 2017 - final
Attention Backed Assets - Princeton Ethereum Meetup - 19 jan 2017 - final
 
Recreating history in virtual reality
Recreating history in virtual realityRecreating history in virtual reality
Recreating history in virtual reality
 
Ethereum Classic 18 August 2016
Ethereum Classic 18 August 2016 Ethereum Classic 18 August 2016
Ethereum Classic 18 August 2016
 
Careers in copywriting part 2
Careers in copywriting part 2Careers in copywriting part 2
Careers in copywriting part 2
 
LieDM asociacija - 2013 on
LieDM asociacija - 2013 onLieDM asociacija - 2013 on
LieDM asociacija - 2013 on
 
Job Description Cluster Head
Job Description Cluster HeadJob Description Cluster Head
Job Description Cluster Head
 
ROARERS
ROARERSROARERS
ROARERS
 
xcel energy November 2008
xcel energy November 2008 xcel energy November 2008
xcel energy November 2008
 
Xotelia - Why should you implement a dynamic pricing strategy on your vacatio...
Xotelia - Why should you implement a dynamic pricing strategy on your vacatio...Xotelia - Why should you implement a dynamic pricing strategy on your vacatio...
Xotelia - Why should you implement a dynamic pricing strategy on your vacatio...
 
Presentation for Aswad (Final Draft).pptx
Presentation for Aswad (Final Draft).pptxPresentation for Aswad (Final Draft).pptx
Presentation for Aswad (Final Draft).pptx
 
Job Description Branch Manager / Unit Manager
Job Description Branch Manager / Unit ManagerJob Description Branch Manager / Unit Manager
Job Description Branch Manager / Unit Manager
 
计算机应用基础课件(一)
计算机应用基础课件(一)计算机应用基础课件(一)
计算机应用基础课件(一)
 
Snick English
Snick EnglishSnick English
Snick English
 
Nothing Is Possible Until It's On Facebook
Nothing Is Possible Until It's On FacebookNothing Is Possible Until It's On Facebook
Nothing Is Possible Until It's On Facebook
 
Seoul topis
Seoul topisSeoul topis
Seoul topis
 

Semelhante a Cryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly

Operations Security - SF Bitcoin Hackday March 2015
Operations Security - SF Bitcoin Hackday March 2015Operations Security - SF Bitcoin Hackday March 2015
Operations Security - SF Bitcoin Hackday March 2015
Mikko Ohtamaa
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
MSA Technosoft
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)
Michael Smith
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Sergey Gordeychik
 

Semelhante a Cryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly (20)

36_Cryptography.pdf
36_Cryptography.pdf36_Cryptography.pdf
36_Cryptography.pdf
 
Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)
 
Operations Security - SF Bitcoin Hackday March 2015
Operations Security - SF Bitcoin Hackday March 2015Operations Security - SF Bitcoin Hackday March 2015
Operations Security - SF Bitcoin Hackday March 2015
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 
How to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyHow to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ Disobey
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
Automatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTAutomatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoT
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud Environment
 
From Bitcoin Hardware Wallets to Personal Privacy Devices
From Bitcoin Hardware Wallets to Personal Privacy DevicesFrom Bitcoin Hardware Wallets to Personal Privacy Devices
From Bitcoin Hardware Wallets to Personal Privacy Devices
 
OWASP Cambridge Chapter Meeting 13/12/2016
OWASP Cambridge Chapter Meeting 13/12/2016OWASP Cambridge Chapter Meeting 13/12/2016
OWASP Cambridge Chapter Meeting 13/12/2016
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
 
Windows network security
Windows network securityWindows network security
Windows network security
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)
 
Cisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsCisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designs
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
 

Último

Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
amitlee9823
 
(ISHITA) Call Girls Service Aurangabad Call Now 8617697112 Aurangabad Escorts...
(ISHITA) Call Girls Service Aurangabad Call Now 8617697112 Aurangabad Escorts...(ISHITA) Call Girls Service Aurangabad Call Now 8617697112 Aurangabad Escorts...
(ISHITA) Call Girls Service Aurangabad Call Now 8617697112 Aurangabad Escorts...
Call Girls in Nagpur High Profile Call Girls
 
怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证
怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证
怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证
tufbav
 
Shikrapur Call Girls Most Awaited Fun 6297143586 High Profiles young Beautie...
Shikrapur Call Girls Most Awaited Fun 6297143586 High Profiles young Beautie...Shikrapur Call Girls Most Awaited Fun 6297143586 High Profiles young Beautie...
Shikrapur Call Girls Most Awaited Fun 6297143586 High Profiles young Beautie...
tanu pandey
 
Call Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
一比一原版(nyu毕业证书)纽约大学毕业证学历认证靠谱办理
一比一原版(nyu毕业证书)纽约大学毕业证学历认证靠谱办理一比一原版(nyu毕业证书)纽约大学毕业证学历认证靠谱办理
一比一原版(nyu毕业证书)纽约大学毕业证学历认证靠谱办理
bbhul52a
 
Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...
Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...
Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...
amitlee9823
 
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7
(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7
(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
VIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
amitlee9823
 
Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
amitlee9823
 
Call Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night StandCall Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 

Último (20)

Introduction-to-4x4-SRAM-Memory-Block.pptx
Introduction-to-4x4-SRAM-Memory-Block.pptxIntroduction-to-4x4-SRAM-Memory-Block.pptx
Introduction-to-4x4-SRAM-Memory-Block.pptx
 
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
 
(ISHITA) Call Girls Service Aurangabad Call Now 8617697112 Aurangabad Escorts...
(ISHITA) Call Girls Service Aurangabad Call Now 8617697112 Aurangabad Escorts...(ISHITA) Call Girls Service Aurangabad Call Now 8617697112 Aurangabad Escorts...
(ISHITA) Call Girls Service Aurangabad Call Now 8617697112 Aurangabad Escorts...
 
怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证
怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证
怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证
 
Shikrapur Call Girls Most Awaited Fun 6297143586 High Profiles young Beautie...
Shikrapur Call Girls Most Awaited Fun 6297143586 High Profiles young Beautie...Shikrapur Call Girls Most Awaited Fun 6297143586 High Profiles young Beautie...
Shikrapur Call Girls Most Awaited Fun 6297143586 High Profiles young Beautie...
 
Call Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance Booking
 
一比一原版(nyu毕业证书)纽约大学毕业证学历认证靠谱办理
一比一原版(nyu毕业证书)纽约大学毕业证学历认证靠谱办理一比一原版(nyu毕业证书)纽约大学毕业证学历认证靠谱办理
一比一原版(nyu毕业证书)纽约大学毕业证学历认证靠谱办理
 
Call Girls in Vashi Escorts Services - 7738631006
Call Girls in Vashi Escorts Services - 7738631006Call Girls in Vashi Escorts Services - 7738631006
Call Girls in Vashi Escorts Services - 7738631006
 
Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...
Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...
Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...
 
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7
(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7
(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7
 
VIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 Booking
 
HLH PPT.ppt very important topic to discuss
HLH PPT.ppt very important topic to discussHLH PPT.ppt very important topic to discuss
HLH PPT.ppt very important topic to discuss
 
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
 
Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
 
9004554577, Get Adorable Call Girls service. Book call girls & escort service...
9004554577, Get Adorable Call Girls service. Book call girls & escort service...9004554577, Get Adorable Call Girls service. Book call girls & escort service...
9004554577, Get Adorable Call Girls service. Book call girls & escort service...
 
SM-N975F esquematico completo - reparación.pdf
SM-N975F esquematico completo - reparación.pdfSM-N975F esquematico completo - reparación.pdf
SM-N975F esquematico completo - reparación.pdf
 
Call Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night StandCall Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night Stand
 
Pooja 9892124323, Call girls Services and Mumbai Escort Service Near Hotel Th...
Pooja 9892124323, Call girls Services and Mumbai Escort Service Near Hotel Th...Pooja 9892124323, Call girls Services and Mumbai Escort Service Near Hotel Th...
Pooja 9892124323, Call girls Services and Mumbai Escort Service Near Hotel Th...
 

Cryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly

  • 1. Cryptocurrencies Hardware Wallets 33C3 Bitcoin Assembly @btchip
  • 2. Why ? Cryptocurrencies come with built-in bug bounties #SFYL CO 2.0 (Etienne Daho, theoretical singer, so it makes a good joke, at least in french)
  • 3. An already well developed ecosystem
  • 4. Owning cryptocurrencies == owning private keys (on secp256k1) Owning private keys is a complicated problem Many possible attacks Online : plain old scam, exchange security problem, outdated security (hello SMS 2FA) Software : non creative (sweeping keys) or more creative malware, bad crypto, phishing
  • 5. Need for a new device class Protect private keys (basic functionality) Protect against creative malware Easy to install, easy to use, easy to recover, as plug & play as possible Easy to audit (don’t trust, verify) Easy to tinker (cryptocurrencies are a continuous R&D effort)
  • 6. Typical operation 0 Initialize the Hardware Wallet (once, or recovering) 1 Send the public data to sign (Bitcoin transaction, Ethereum contract data) 2 Verify what’s going to be signed on the device 3 User confirmation that cannot be faked by malware 4 Signing operation happens on device 5 Public data returned to the host (computer / phone) 6 Public data broadcasted to the blockchain by the host
  • 7. Being easy to recover Hierarchical Deterministic wallet concept (BIP 32) : derive keys from a seed + index
  • 8. Being easy to recover Optionally BIP 39 and BIP 44 on top of it : encode the seed into mnemonic words https://iancoleman.github.io/bip39/
  • 9. Providing good crypto Limit dependencies on randomness as much as possible - Hierarchical Deterministic wallets - Deterministic signing (RFC 6979), avoids ECDSA nonce reuse by design Limit side channel attacks - Constant time signing (https://github.com/bitcoin-core/secp256k1) - For more complex DPA, YMMV. Still a lot of specialized work per chip.
  • 10. Why not a vanilla smartcard ? Protect private keys // yes Protect against creative malware // not really, see PIN MITM Easy to install, easy to use, as plug & play as possible // not really, see CCID Easy to audit // absolutely not Easy to tinker // no, Java Card being the most open environment available Still possible to do stuff : see Fidesmo, Bitcoin Wallet implementation https://github.com/ledgerhq/ledger-javacard
  • 11. Different vendors, different implementation strategies Fully Open Source approach + Open MCU + Fully auditable firmware - Distribution and attestation issues - Physical attacks Secure chip based approach + Proved model for distribution and attestation + Designed to protect against physical attacks - Not fully open, striving to reduce the TCB - Involving specialized hardware
  • 12. Ledger platform architecture Trusted / Secure component (Secure Element or enclave) with limited I/O options Non trusted component with more I/O options Screen Direct control from the Trusted component, proxied Pairing at boot time User app 1 User app 2 Button Sensor USB
  • 13. Improving on isolation, using ARM capabilities Native application 1 Native application 2 Native application 3 Microkernel User seed MMU lock User modeSupervisor mode System call UI application