Secure Element – Why the Ledger Nano is So Secure
| — Ledger hardware wallets make use of a specialized Secure Element chip for ensuring industry leading security.|
— Secure Element provides the highest level of security for a chip, and are much stronger than traditional chips.
— Secure Elements are used for high-end security solutions such as credit cards and passports.
Let’s dig deeper into a critical component of our technology: the Secure Element.
Self-custody can be a place of extremes. You’ll enjoy more freedom than ever before, but you’ll also find yourself with more responsibility than ever, in a system where details are hard to understand.
We get it – we had all the same questions. So in this article, we’ll strip back the equation and focus on the most important question of all: what sort of attacks do hardware wallets face, and how do I know my Ledger Nano will remain secure?
The purpose of a hardware wallet
Let’s get back to basics: why use a hardware wallet?
Because it allows you to access your private keys easily and quickly for transactions, while keeping them completely secure and concealed. With your private keys effectively existing within your Nano, the security of that device is a central question. So how do you know they’ll be safe?
Secure Element – putting Ledger Nano ahead
The Ledger Nano differs from other hardware wallets on the market because it contains a component known as a Secure Element – a type of chip commonly used in passports, credit cards and payment systems. In other words, any environment where your most sensitive personal data needs to be present, but also completely secure and concealed.
But don’t all wallets contain some sort of chip? Yes – but the point of using Secure Element (a type of Smart Card) is that provides an extra layer of security that standard components don’t have. It not only protects your data, but also embeds intrinsic countermeasures against many known attacks, making it tamper-proof and resistant to hacks.
In all of these cases, there is highly sensitive information, such as biometric information, banking and transaction information. Without a secure chip, this could be easily hacked and an attacker could easily take all your money or impersonate you.
Inside Ledger’s hardware wallets, we use the Secure Element to generate and store private keys for your crypto assets. Thanks to the mechanics of the Secure Element, these will not leave your device.
What sort of attacks could my Nano face?
We’ve mentioned that Secure Element is important because it can withstand attacks to your Ledger device and therefore protect those critical private keys. But if you’re not a developer (and most of us aren’t) it might not be clear what kind of attacks we’re talking about. So let’s look closer in order to understand.
There are several types of attack which a Secure Element provides protection against, where regular chips would be unreliable or ineffective.
Side-channel attack: a “Shazam” for power consumption
When there’s a song on the radio, Shazam can listen to it and tell you what is currently playing. To do so, Shazam tries to find a match in the extensive library of original songs they’ve built. With the right tools, you can equally listen to the power consumption of a device extract key data from it.
Suppose an attacker has physical access to your device. They could then measure the power consumption and, just like Shazam with sound, match that power consumption pattern with an entry in the database that corresponds with your cryptographic key. This will eventually allow the listener to crack the PIN code.
This is one specific form of a side channel attack, but there are several others.
A Secure Element chip is specifically designed with complex countermeasures inside the chip. These help to hide the electromagnetic radiation and power usage, protecting it against those who want to listen to its emissions, and use this as an attack vector.
Fault attacks: applying changes to the circuit while running
A fault attack is the act of perturbing a circuit while it is running. This causes an error within a device or machine, which can lead to either learning more about its functions or even force a different, faulty behavior. Such behavior can include skipping steps of a process or providing a wrong output. All of this is the goal of a fault attack.
A Secure Element has built-in ountermeasures to prevent these types of attacks from succeeding; these allow for an efficient fault detection and appropriate security reactions.
Software attacks: learning what makes a device tick
Software attacks aim to expose, alter, disable, destroy or steal information. Software attacks can be divided into several types of attacks which all try to find unexpected behaviors obtained by targeting its software. These unexpected behaviors in software are caused by inputs that would normally not be given and can actually show vulnerabilities or give out sensitive information.
By playing around with inputs, you can learn more about how a device’s software is programmed to react to false inputs. This understanding of the software can then lead to discovering its weaknesses. A Secure Element helps to prevent this type of attack, however. Indeed, it drastically reduces the attack surface by keeping a very simple system that uses very few interfaces.
Secure Element – prepared for anything
A Secure Element is a highly advanced chip that mitigates a lot of different types of attacks. This cutting-edge chip, which is used in high-level security solutions, really sets Ledger apart as a top-end security solution for crypto assets. All of our devices use a Secure Element, which greatly enhances their security. Ledger uses them to generate and store private keys for your crypto assets, keeping them off of any internet-connected device.
In short, Secure Elements are a critical security component of your Ledger device because:
Secure Elements are the go-to solution for protecting critical data, being the standard for banks to protect credit card information and governments to protect biometric data in passports.
Secure Elements are designed to withstand highly sophisticated and costly attacks.
Secure Element chips go through a thorough evaluation done by a third party and need to successfully withstand the attacks described earlier to be able to receive a security certificate.
Without a Secure Element, critical information (such as PIN codes or even private keys) can be extracted much more easily.
Now we’ve covered the main vulnerabilities of hardware wallets – and how Secure Element overcomes them – you’ve got the foundation you need to understand the technological aspects of self-custody.
Decentralized finance and self-custody is about freedom – but freedom means assuming personal responsibility and taking appropriate measures to protect yourself. So the more you understand, the more free you’ll be to enjoy this booming new system. If you want to keep learning, find out here why Ledger is the only hardware wallet that uses a custom Operating System, called BOLOS – and what it means for your security.
Welcome to your new crypto life – be safe, keep reading and enjoy the journey!
Knowledge is power.
Trust yourself and keep learning! If you enjoy getting to grips with crypto and blockchain, check out our School of Block video that gets inside a crypto scammer’s head.