In the previous installment of the Ledger 101 series, we have seen the necessity of using a hardware wallet to manage your crypto assets.
But not all hardware wallets are born equal.
In the same way that you wouldn’t build a vault out of lego bricks, you wouldn’t build a secure hardware wallet using the components taken from your coffee machine.
Ledger has built all its devices around specialized chips called Secure Elements, and designed a secure Operating System (BOLOS) engineered to leverage its unique security capabilities.
What is a Secure Element?
To build a relatively complex electronic device such as a hardware wallet, you need a microcontroller. It is basically the same thing as the processor in your computer or smartphone, but at a much smaller scale.
There are two types of microcontrollers:
- the “normal” one used in your microwave, hobbyist drone or TV remote controller. It’s called a MicroController Unit or MCU in short.
- the “secure” one used in payment cards, SIM cards or passports. It’s called a Secure Element or SE.
As you can see, Secure Elements are mainly used in mission critical environments where important assets such as money or identity are at stake.
Since the beginning of the information technology age, security has been a game of cat and mouse between proponents of new systems and hackers wanting to disrupt them. With the advent of payment or telecom networks, the security scope has evolved from heavily-guarded mainframes to widely distributed endpoints such as the SIM card of your phone, set-top boxes or electronic toll collection systems.
Massive efforts have been put into securing these endpoints, making sure that they could not be counterfeited in any way. The most famous example is the “smart card”, introduced in Europe in the 80s (the USA would have to wait almost 40 years) and today used to secure payment networks around the globe. Smart cards are designed to ensure the highest level of security in the worst attack scenario where the attacker has physical access to the device.
In order to scale globally, these payment cards have to be extremely secure. So how exactly do they differ from a “normal” electronic card? The answer is simple: they are built around a Secure Element, leveraging its unique security features.
A Secure Element is a hardened microcontroller with very few interfaces to the outside world, reducing the attack surface to the minimum. As seen before, the integrity of these systems is critical, and specific engineering must be applied to the system to make it tamper resistant. A SE therefore embeds strong physical protections to mitigate complex hardware attacks, such as side channel analysis or fault injection.
A normal microcontroller can be compared to a set of lego bricks: practical to build, but trivial to disassemble or reverse engineer. Secure Elements are on the contrary, much more complex in their design with encrypted memory and physical reinforcement preventing unauthorized information extraction.
In other words, the Secure Element is to the microcontroller what a tank is to a car.
A Secure Element is specifically designed for security, but this security is not a self-proclaimed property. Instead, a Secure Element goes through a strict certification process (for instance Common Criteria EAL5+) during which its security is extensively evaluated by a third party.
To be certified, the chip must resist an attacker with a high potential that’s using state-of-the-art techniques. Moreover, the production cycle of the chip must also be tightly controlled. From the development to the manufacturing, the processes and premises must be audited by a third party. In particular, a cryptographic mechanism is implemented to ensure that only the manufacturer can load code onto the chip. This production cycle process should prevent supply chain attacks where malicious software is loaded on the chip or the hardware circuit is altered to create a backdoor.
This strict certification process is paramount for states to make certain the passports of their citizens are not backdoored, for banks to warrant the banking cards of their customers are safe, and for Ledger to ensure its customers’ assets are secured.
Isolation of private keys
Hardware wallets use both public and private keys to manage crypto assets. Crypto assets are deposited to the public address, whose owner can spend them with the unique private key.
Hardware wallets have been designed to make it impossible to access the private keys they protect, because they never leave the device. This is called the principle of isolation, also known as cold storage. The private keys are never “hot”, or online, meaning they can never be exposed to the internet nor to the computer to which it’s connected.
To ensure the highest level of isolation, the Ledger Nano S is using a Secure Element. The SE stores the private keys and has a limited ability to interact with the rest of the device. The SE is also able to verify the integrity of the device, making sure that it hasn’t been tampered with and can indeed be trusted.
As your hardware is your last line of defense, you now understand the importance of using a tank instead of a car when going into battle.
The Operating System
Any microcontroller requires an operating system (OS) to manage its processing environment. Secure Elements are of no exception to this. However, most operating systems for Secure Elements are quite old and lack the flexibility and openness required to deal with many modern cryptocurrency applications.
At Ledger, we combine a Secure Element with our custom-designed OS — the Blockchain Open Ledger Operating System (BOLOS) — making it the only crypto-asset protection device to have not only a Secure Element, but also its own custom OS. BOLOS makes it easier to develop apps and allows for a greater number of crypto assets to be supported by the hardware wallet.
BOLOS can also be seen as a platform. It enables third party developers to easily build and publish cryptocurrency applications without lowering the hardware wallet’s security model.
As a matter of fact, more than half of the coins compatible with Ledger devices were developed by third parties, and we’re proud and humbled of having such an active developer community. Of course, each application undergoes strict testing, but BOLOS is also designed to fully isolate each application from the others, leveraging the hardware capabilities of the SE, and can only access the private keys of the cryptocurrency it is supposed to manage.
The road to certification
A fair question could be: how do I know the hardware wallet actually does what it says it does? Generally speaking, this interrogation applies to any security model.
One answer could be that you could read all the code source yourself, analyze it, compile it, assemble the hardware wallet yourself and basically check everything on your end. While this is in principle a good approach, it’s not really practical and certainly not compatible with a mass market product.
We don’t base any of our security on obscurity. But, to be fair, it remains more difficult for an attacker to attack a black box system of which the inner workings are unknown than a white box, of which everything is known.
Ledger has built all its technology with the goal of getting certified at different levels by a set of third party auditors, laboratories and certification authorities.
Our objective is to certify the critical aspects of BOLOS (i.e. isolation mechanisms, important cryptographic functions, etc) and prove the integrity of the architecture thanks to the root of trust of the Secure Element, a kind of master private key. We’ve started actively pursuing this objective and are currently undergoing a series of certification tests, which we’re hoping to share with you in the coming months.
In other words, Ledger is aiming to get a stamp of approval on its internal software, proving that the code running on the device is actually the certified one.
What if Ledger were compromised?
Another fair question is related to the internal process of Ledger. What could happen if executives of Ledger were taken hostage? What about internal rogue agents?
As you may have understood already, private keys are securely stored on hardware wallets and they are neither centralized, nor controlled by Ledger. There is therefore no systemic risk of using a hardware wallet.
Any firmware update must be signed by the Ledger root of trust. Security is managed through a distributed governance (aka multi-signature), mitigating any risk of hostage situations. We will go further into these aspects in a future blog post, detailing the measures Ledger has taken to resist duress or sabotage attempts.
Cynics may also wonder what is preventing Ledger from issuing a rogue firmware update themselves. The answer is quite trivial: just think about what we have to gain versus what we have to lose… An internal sponsored attack would not only be very quickly spotted and obvious to trace, but profits would be much less than what Ledger’s future equity is worth on the market.
You now understand why hardware wallets are the recommended way of keeping your crypto assets safe, and why the Ledger Nano S is the most popular one in the world.
However, when using a hardware wallet, it is equally important to observe security best practices. How to best secure your backup? How to make sure you are actually sending your assets to the correct address? How to check your receive address?
In the next installment of the Ledger 101 series, I’m going to walk you through all the important and critical steps when using your hardware wallet.
Eric Larchevêque – CEO at Ledger
Learn more about Ledger and its hardware wallets at ledger.com.