Better Keep Cash in Your Boots - Hardware Wallets are the New Single Point of Failure

Hardware wallets are currently considered the most secure way to manage cryptocurrency keys and sign transactions. However, previous publications show that such tokens can be replaced or manipulated in a number of hard-to-detect ways pre- or post-delivery to the user and that implemented (remote) attestation and authenticity checks fail their purpose for multiple reasons. We analyzed the architecture of current products by examining their initialization procedure and attestation methods. Unlike previous publications, we found that tightened attestation and communications encryption will not solve the fundamental architectural flaws sustainably. We conclude that the architecture of current-generation cryptocurrency hardware wallets missed the opportunity for a resilient design by copying the PC's wallet architecture and thus merely shifting the single point of trust from the PC to the hardware wallet. We advocate a mutually verified architecture through changes to BIP32/BIP44 wallet architectures to incorporate collaborative signatures and key generation. This way, neither a compromised wallet nor a compromised PC can meaningfully manipulate keys or transactions.

[1]  Guozhen Xiao,et al.  A Subliminal-Free Variant of ECDSA Using Interactive Protocol , 2010, 2010 International Conference on E-Product E-Service and E-Entertainment.

[2]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[3]  Miodrag Potkonjak,et al.  What is hardware security? , 2010, SIGD.

[4]  Aggelos Kiayias,et al.  Low-Level Attacks in Bitcoin Wallets , 2017, ISC.

[5]  Joseph Zambreno,et al.  A case study in hardware Trojan design and implementation , 2011, International Journal of Information Security.

[6]  Dan Boneh,et al.  True2F: Backdoor-Resistant Authentication Tokens , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[7]  Swarup Bhunia,et al.  Hardware Security: A Hands-on Learning Approach , 2018 .

[8]  Deepak Kumar,et al.  SoK: “Plug & Pray” Today – Understanding USB Insecurity in Versions 1 through C , 2017 .

[9]  Michael Brengel,et al.  Identifying Key Leakage of Bitcoin Users , 2018, RAID.

[10]  Johannes Götzfried,et al.  Hardware-Based Trusted Computing Architectures for Isolation and Attestation , 2018, IEEE Transactions on Computers.

[11]  Edgar R. Weippl,et al.  Towards a Hardware Trojan Detection Cycle , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[12]  Edgar R. Weippl,et al.  On the Usability of Authenticity Checks for Hardware Security Tokens , 2021, USENIX Security Symposium.