Sunday, May 31, 2015

Hardware Firewall for Hardware Wallet

Imagine storing your most valuable family possessions in a safe set right next to the mailbox, so that anyone can try at will 24/7 to clean all your savings. And you will not know if anyone succeeded until everything is gone. Nobody does that! However, every time you connect a PC, smartphone or any other smart software device to the network, you are doing exactly that.

Today anything with CPU or microcontroller has already or will be hacked, from car keys to the large established networks. Existing Bitcoin hardware wallet are not immune to the attacks while connected to the network directly (by a 2G/3G modem) or through intermediary (PC or smartphone). All wallets run software code on microcontrollers and thus are vulnerable to many established vectors of attack. Their code is written by human beings and humans make mistakes, which others can find and abuse.

Additionally, how do you know that there is no hardware backdoor on your hardware wallet’s microcontroller? These vulnerabilities are extremely hard to find and can give a remote attacker full access to the secrets held on your device. And they are inside the system from the start. Actually, the microcontrollers without public datasheets and info (like smartcards) are most problematic, because the community can’t inspect them for security flaws. You can be sure, there are individuals and companies working to break the smartcard security, because it is everywhere from credit cards to identity tokens.

The software industry have recognized such threats for a long time and developed mitigation techniques. The most effective method being separation of external unsecure components from the internal trusted units, either physically or by a dedicated software code. This technique is called firewalland used widely in the enterprise world and embedded in operating systems and home routers. A firewall inspects all data traffic passing between theBLACK and RED sides of the system and prevents bad guys breaking in and secrets getting out.

The main advantages of using a firewall are:

The harmful data is blocked before reaching its destination.

The secrets are stopped before leaking out.

It is a separate entity from the application and is not compromised by flaws and bugs in the application.

It has very specific purpose, so its structure and code are simple to audit and test. Therefore, it has much smaller probability of errors.

It prevents remote attacker from utilizing hardware backdoors in the trusted system, by data encryption/scrambling.

Firewall hardware can be chosen specifically for the purpose and hardened against attacks.

Firewalls can be implemented in software or in dedicated hardware. Software implementation is cheap and easy, but typically suffers from the same vulnerabilities as an application on the hardware side. Hardware firewall is implemented from the ground up for the task and creates the best protection with high cost. This kind of firewall can reach a security level of an offline wallet with the usability and availability of an online wallet.

Today the hardware does not have to be an ASIC (dedicated silicon chip) with hardcoded algorithms, but can use a configurable hardware in the form ofFPGA. FPGA keeps the firewall on the hardware silicon level with the option of upgrading the algorithms and protocols for future applications. Unique advantages of FPGA over software firewall on microcontroller or CPU are:

The implementation is on the silicon gate-level without any software code (and the multitude of code vulnerabilities).

The functionality of FPGA chip is set on power-on and can’t be changed by an external generic input pin. Only a few dedicated pins can reconfigure the chip and are easy to isolate and defend.

The developer controls every single bit and logic state. With microcontrollers a programmer can only send commands to existing hardware units and does not control the internal low level functions.

Embedded firewall in the Bitcoin hardware wallet is an essential requirement for adequate protection of our bitcoins, while staying connected to the world. The firewall enables instant availability of the money for payments anywhere anytime, thus providing much needed support for Bitcoin adoption by the masses and its wide spread as an alternative finance system without borders.

In EliptiBox we are bringing the power of enterprise firewall to the tiny mobile hardware wallet, without compromising the security or ease-of-use. The FPGA firewall separates between external communication interfaces (BT, USB) and the internal crypto microcontroller. Every bit of data flowing between the sides in both directions is inspected and only valid data is passed on. Our unique firewall enables local root-of-trust without the dependence on multi-signature or remote 3rd party to keep our secrets safe.

No comments:

Post a Comment