The Secure Element – whistanding security attacks
| – Ledger hardware wallets make use of a specialized secure chip called a Secure Element.|
– These chips provide the highest level of security for a chip, and are much stronger than traditional chips.
– Secure Elements are used for high-end security solutions such as credit cards and passports.
Let us dig deeper into a critical component of our technology: the Secure Element.
What is a Secure Element?
A Secure Element is a secure chip that provides an extra layer of security compared to standard ones.
It embeds intrinsic countermeasures against many known attacks. This kind of chip is tamper-resistant and protects your device to a range of different attacks.
The smartcard was invented in 1974 by the Frenchman Roland Moreno. The goal of his invention was to manage and secure the access to private data. This could be seen as the start of the Secure Element.
These Secure Elements are nowadays used for many different applications.In all cases, this concerns highly confidential information that needs to be stored securely. Some examples of smart card applications are credit cards, passports and SIM cards.
In all of these cases, there is highly sensitive information, such as biometric information, banking and transaction information. Without a secure chip, this could be easily hacked and one could easily take all your money or impersonate you.
Inside Ledger’s hardware wallets, we use the Secure Element to generate and store private keys for your crypto assets. Thanks to the Secure Element, these will not leave your device.
What kind of protection does a Secure Element provide?
There are several types of attacks which a Secure Element provides protection against. Traditional chips do not contain the same level of security and would not be able to withstand these attacks.
Side-Channel Attack: a “Shazam” for power consumption
One of these attacks can be compared to the famous music-recognition app Shazam. When there is a song on the radio, Shazam can listen to it and tell you what is currently playing. To do so, Shazam tries to find a match in the extensive library of original songs they’ve built.
With the right tools, you can equally listen to the power consumption. Suppose an attacker has physical access to your device. They could then measure the power consumption of your device. Just like Shazam with sound, a side-channel attack procedure would be able to try and match the power consumption pattern with an entry in the database that corresponds with your cryptographic key. This will eventually allow the listener to crack the PIN code.
This is one specific form of a side channel attack. There are several others.
A Secure Element is specifically designed with complex countermeasures inside the chip. These help to hide the electromagnetic radiation and power usage, protecting it against those who want to listen to its emissions, helping to resist side-channel attacks.
Fault Attacks: applying changes to the circuit while running
A fault attack is the act of perturbing a circuit while it is running. This causes an error within a device or machine, which can lead to either learning more about its functions or even force a different, faulty behavior. Such behavior can include skipping steps of a process or providing a wrong output. All of this is the goal of a fault attack.
A Secure Element has an implementation of countermeasures to prevent these types of attacks from succeeding. These allow for an efficient fault detection and appropriate security reactions.
Software Attacks: learning what makes a device tick
Software attacks aim to expose, alter, disable, destroy or steal information. Software attacks can be divided into several types of attacks which all try to find unexpected behaviors obtained by targeting its software. These unexpected behaviors in software are caused by inputs that would normally not be given and can actually show vulnerabilities or give out sensitive information.
By playing around with inputs, you can learn more about how a device’s software is programmed to react to false inputs. This understanding of the software can then lead to discovering its weaknesses. A Secure Element helps to prevent this type of attack, however. Indeed, it drastically reduces the attack surface by keeping a very simple system that uses very few interfaces.
A Secure Element is a highly advanced chip that mitigates a lot of different types of attacks. This cutting-edge chip, which is used in high-level security solutions, really sets Ledger apart as a top-end security solution for crypto assets. All of our devices use a Secure Element, which greatly enhances their security. Ledger uses them to generate and store private keys for your crypto assets, keeping them off of any internet-connected device.
In short, Secure Elements are a critical security component of your Ledger device because:
Secure Elements are the go-to solution for protecting critical data, being the standard for banks to protect credit card information and governments to protect biometric data in passports.
Secure Elements are designed to withstand highly sophisticated and costly attacks.
Secure Element chips go through a thorough evaluation done by a third party and need to successfully withstand the attacks described earlier to be able to receive a security certificate.
Without a Secure Element, critical information (such as PIN codes or even private keys) can be extracted much more easily.
Aside from using a Secure Element, Ledger is the only hardware wallet that combines it with a custom Operating System, called BOLOS.