Setting a New Standard: Ledger Nano S becomes the First and Only Certified Hardware Wallet on the Market

03/18/2019 | Blog posts

Ledger Nano S CSPN Certificate
Ledger is thrilled to announce that the Ledger Nano S received CSPN (Certification de Sécurité de Premier Niveau/ First Level Security Certificate) certification, making it the first and only certified hardware wallet on the market. The security certificate is issued by ANSSI (Agence Nationale de Sécurité des Systèmes d’Information/National Agency for Information Systems Security), the French cybersecurity agency.
The CSPN Certification scheme was established in 2008 and is a process for undergoing evaluation across several categories, including firewall, identification, authentication and access, secure communications and embedded software. To achieve certification, ANSSI’s selected laboratory puts the product through multiple attack scenarios to challenge its security.
“We are proud to announce this independent certification from ANSSI,” said Eric Larchevêque, CEO at Ledger. “At Ledger, security is paramount, and while anyone can claim to have a secure product, it means much more coming from a trusted third party. This is an important milestone for Ledger, but it is only the starting point of a broader effort to certify all our products.

An External Assessment

As the famous saying goes, Don’t trust, verify”. This certification serves as an external, third-party confirmation that Ledger’s security is industry-leading.
Ledger constantly looks to enhance the security of its products, leveraging both external security researchers in its Bounty Program, as well as its industry-leading, in-house Attack Lab, the Ledger Donjon. Ledger’s Attack Lab looks to test the security of its products through state-of-the-art attacks to ensure the company is staying ahead of the latest threats. While internal programs are needed, an external and independent assessment further validates the company’s commitment to industry-leading security.
Ledger has developed a robust custom Operating System, namely BOLOS (Blockchain Open Ledger Operating System) and crypto-asset apps run on top of this secure hardware. It’s this combination of software and hardware that brings the highest level of security to each of the company’s products.

A Beginning, Not an End

At Ledger we take security very seriously. While we are proud to announce the Ledger Nano S as the first device to be certified in the industry and consider this achievement an important milestone for crypto users, this is only the beginning of the path we have started to take. We will look to get this certification for additional Ledger products, including the recently launched Ledger Nano X, which is now available to start its certification process. We will also aim to widen the scope of our product certifications, exceed security standards and meet the highest third-party expectations.

What CSPN Certifies

The following core security functions embedded in the Ledger Nano S are covered by the CSPN Certificate:
True Random Number Generator: To be aligned with the CSPN security evaluation scheme, Ledger strictly complies with security rules defined in the Security General Referential (also known as [RGS]). In short, the Random Number generated by the Secure Hardware is then fully post-processed by Ledger through the BOLOS. It is Ledger’s implementation that makes your hardware wallet unique related to the seed.
Root of Trust: This security function ensures the end-user that their Nano S has been issued by Ledger. This feature can appear basic, but it is vital as it supports the security model and prevents attacks.
A Root of Trust has been put in place by Ledger, acting as the Certification Authority, to ensure the user’s device is genuine. This genuineness is based on a mutual authentication between the Ledger Nano S and Ledger’s Secure Server. In other words, the Ledger Nano S authenticates the Ledger Secure Server and vice-versa — this ensures that it’s not possible to create a counterfeited and possibly backdoored device.  
End-User Verification: This security feature is the Personal Identification Number (PIN) that the End-User must enter correctly before accessing all services provided by the Ledger Nano S. Having an End-User Verification to ensure only the genuine Ledger Nano S holder can access to their hardware wallet is a good start, but having a robust and secure implementation of this PIN verification is even safer. This security function ensures that it’s not possible to get access to the critical assets (such as the user seed) without knowing the correct PIN value – even for an attacker with a physical access.
Post-Issuance Capability over a Secure Channel: On one hand, the Post-Issuance Capability is useful: Ledger can not only add new features to increase the security level of the product, but also reinforce it.
When designing the Ledger Nano S, Ledger ensured implementing this security feature. For instance, this post-issuance capability is only available after a successful mutual authentication is performed.
For more information about the security certificate process or ANSSI (Agence Nationale de Sécurité des Systèmes d’Information/National Agency for Information Systems Security), please click here.
The Ledger Nano X is currently available for pre-ordering. Find out more about it by clicking on the banner underneath:
Pre-order Ledger Nano X