The Ledger Nano X receives CSPN (First Level Security Certificate) certification issued by ANSSI (National Agency for Information Systems Security).
Following the Ledger Nano S announcement a few months ago, this makes both Ledger Nano X and S the only hardware wallets to be certified, according to the security requirements specified in the CSPN security certification scheme.
At Ledger, we believe security is paramount, and while anyone can claim to have a secure product, it means much more coming from a trusted third party. This is an important milestone for Ledger in our effort to certify all our B2C and B2B products.
The CSPN Certification scheme was established in 2008 and is a process for undergoing evaluation across several categories, including firewall, identification, authentication and access, secure communications and embedded software. To achieve certification, we selected one of ANSSI’s accredited laboratories who put the product through multiple attack scenarios to challenge its security.
An External Assessment
This certification serves as an external, third-party confirmation that Ledger’s security is industry-leading. This external and independent assessment further validates the company’s commitment to industry-leading security.
« The efforts performed by Ledger to deliver state-of-the-art products to enhance the security level of the whole hardware wallet ecosystem increase customers’ trust. »
Ledger constantly looks to enhance the security of its products, leveraging both external security researchers in its Bounty Program, as well as its industry-leading, in-house Attack Lab, the Ledger Donjon. Ledger has developed a robust custom Operating System, namely BOLOS and crypto-asset apps run on top of this secure hardware. It’s this combination of software and hardware that brings the highest level of security to each of the company’s products.
What CSPN Certifies
The following core security functions embedded in the Ledger Nano X are covered by the CSPN Certificate:
True Random Number Generator:
Hardware wallets rely on the security of a “random generated number” to generate your wallet’s private keys securely. To be aligned with the CSPN security evaluation scheme, Ledger strictly complies with security rules defined in the Security General Referential. In short, the Random Number generated by the Secure Hardware is then fully post-processed by Ledger through BOLOS. It is Ledger’s implementation that makes your hardware wallet unique related to the seed.
Root of Trust:
This security function ensures the end-user that their Nano X has been issued by Ledger. This feature can appear basic, but it is vital as it supports the security model and prevents attacks. A Root of Trust has been put in place by Ledger, acting as the Certification Authority, to ensure the user’s device is genuine. This genuineness is based on a mutual authentication between the Ledger Nano X and Ledger’s Secure Server — this ensures that it’s not possible to create a counterfeited and possibly backdoored device.
This security feature is the Personal Identification Number (PIN) that the End-User must enter correctly before accessing all services provided by the Ledger Nano X. Having an End-User Verification to ensure only the genuine Ledger Nano X holder can access their hardware wallet is a good start, but having a robust and secure implementation of this PIN verification is even safer.
Post-Issuance Capability over a Secure Channel:
On one hand, the Post-Issuance Capability is useful: Ledger can not only add new features to increase the security level of the product, but also reinforce it.
When designing the Ledger Nano X, Ledger ensured implementing this security feature. For instance, this post-issuance capability is only available after a successful mutual authentication is performed.
Learn more here.