If you are actively involved in cryptocurrency, you should be conservative and protect your digital assets using various cryptocurrency wallets. A cryptocurrency wallet is essentially a software program which stores cryptographic keys and interacts with blockchains for users sending and receiving cryptocurrencies as well as checking their balances. Unlike a traditional wallet in your pocket, a cryptocurrency wallet, doesn’t store currency, but instead stores all the private keys associated with the generated wallet addresses. Those private keys are utilized to unlock the funds in your wallet and sign off the ownership of cryptocurrencies. Cryptocurrency wallets can be classified into two categories, namely and . While hot wallets are meant to be used on a daily basis and typically connected to the Internet to quickly access the blockchain, cold wallets are mainly kept offline for less exposure and utilized for long-term storage of cryptocurrencies. In practice, hot wallets can be implemented as desktop, online or mobile applications, whereas cold wallets include paper and hardware wallets. This blog post focuses on hardware wallets, one of the most secure types of cryptocurrency wallets. hot wallets cold wallets Source: https://cryptoshortlist.blogspot.com/2017/10/what-are-different-types-of.html Cryptocurrency Hardware Wallets A hardware wallet, which is also a cold wallet, is a dedicated piece of hardware that provides enhanced security features for storing private keys in the long-term and signing transactions offline. Typically, hardware wallets are connected to a computer via a USB port or to a mobile device via Bluetooth or NFC for checking the blockchain. Moreover, hardware wallets are able to work with various web interfaces and support multiple cryptocurrencies. In particular, the private keys are stored in the protected area of a hardware wallet and never been transferred out of the device in plaintext. Hardware wallets achieve a good balance between facilitating the blockchain transactions and keeping your digital assets offline and away from danger. Security Risks for Hardware Wallets While hardware wallets offer increased security and trust for the data processed and stored in the device, they also need to be protected from a wide variety of attacks, including but not limited to: : The attacker might steal your private keys or swap recipient addresses of cryptocurrencies through malware on your PC or mobile devices. Remote Attacks : Hardware wallets generally rely on on-board physical random number generators to generate private keys for your wallets. The attacker might find the vulnerabilities for the random number generation process and predict your private keys. Weak Random Number Generators : The attacker might take advantage of system bugs at the software, firmware and hardware levels to gain unauthorized access to the secret information stored in hardware wallets. System Bugs : The attacker might modify hardware wallets (e.g., insert the malicious codes into the firmware, replace the hardware components, etc.) before shipping them to customers. Supply Chain Attacks : The attacker might obtain physical access to your hardware wallets and conduct various side channel attacks (e.g., timing, power, fault, etc.) to extract your private keys and compromise the device. Side Channel Attacks Properties for Highly Secure Hardware Wallets Designing a highly secure hardware wallet is a challenging task. By considering various attacks against hardware wallets and analyzing the security designs of popular hardware wallets in the market such as Ledger Nano S, Trezor, KeepKey, etc., we summarize the following properties which we think a highly secure hardware wallet should have: Ledger Nano S, Trezor, KeepKey : A hardware wallet should have a hardware-based root of trust (e.g., secure microcontroller, secure element, hardware security module, etc.) to securely store private keys and process transactions. These security components are dedicatedly designed to protect sensitive information against a wide range of physical attacks. Hardware-Based Root of Trust : Multiple security countermeasures should be in place to address a wide range of potential attacks in the case that the attacker steals your hardware wallet, reflashes the device with malicious firmware, or compromises your PC or mobile devices. Layered Security and Defense in Depth : A hardware wallet should be equipped with a trusted display for verifying the transaction information as well as on-device buttons for confirming or denying transactions. Transaction Display and Confirmation : For hardware wallets supporting multiple cryptocurrencies, each cryptocurrency application should run in its own compartment that is protected by hardware enforced boundaries, which effectively isolates different applications and prevents a flaw found in one application from affecting the rest of the system. Compartmentalization for Cryptocurrencies : Digital certificates should be used in the system for hardware wallets securely updating their firmware and enabling device manufacture to conduct remote attestation. Certificate-Based Authentication A high-level system architecture of a secure hardware wallet satisfying the above properties is illustrated below: Figure. System Architecture of a Secure Hardware Wallet Next-Generation TrustZone-Based Secure Hardware Wallet — An Outlook An Trusted Execution Environment (TEE) is an environment that allows for secure execution of applications. TEE aims to achieve the following five security properties: : TEE should allow applications to be run in an isolated manner, which ensures that malicious applications are not able to access or modify the code and data of other applications. Isolated Execution : TEE should provide secure storage for protecting the secrecy and integrity of sensitive application data as well as application binaries. Secure Storage : TEE should allow parties communication with the secure execution environment to check the authenticity of the software and/or hardware that implements the TEE. Remote Attestation : TEE should ensure the data secrecy and integrity when sending the data to a specific software module operating in the execution environment of a specific device. Secure Provisioning : TEE should be able to communicate with the outside world while ensuring the authenticity and optionally secrecy and availability of the communicated data. Trusted Path It is not difficult to find similarities between the security properties required by highly secure hardware wallets and those offered by TEE. As a result, TEE provides an ideal solution for further enhancing the security of hardware wallets. While there are several methods to realize TEE, ARM TrustZone is thought to be the most promising technology to implement TEE in ARM based mobile devices and embedded platforms. ARM TrustZone is a system-wide security approach for the ARM Cortex-based processors. Unlike the dedicated cryptographic engines with pre-defined functionalities, ARM TrustZone represents a more flexible security solution by leveraging the CPU as a programmable trusted environment. It also offers protection when data is being processed in lieu of just providing cryptographic functions. The basic concept of TrustZone is to have a single physical processor core running the two virtual worlds, namely and , in a time-slice fashion. While the is responsible for accessing sensitive hardware, processing critical data and executing trusted software, the is the common execution environment for operating systems and other applications. These two virtual worlds are achieved by separating both software and hardware resources. Moreover, the TrustZone technology employs multiple hardware features to facilitate the switching between two virtual worlds. For more details for the ARM TrustZone, the interested reader is referred to . Secure World Normal World Secure World Normal World https://www.arm.com/products/security-on-arm/trustzone Source: https://www.cnx-software.com/2016/06/14/upcoming-arm-trustzone-webinars-explaining-embedded-systems-iot-security-to-non-security-experts/ A hardware wallet implementation is generally composed of three main group of functions: wallet storage functions, wallet management functions, and cryptographic operation functions. For realizing a hardware wallet using the ARM TrustZone technology, all the functions and their associated data need to be fully analyzed in order to determine the functions that should be executed in the and , respectively. For example, the functions for handling cryptographic keys should only be executed inside the . Moreover, the switching between two virtual worlds must be carefully investigated to ensure no sensitive information is leaked during this process. Secure World Normal World Secure World IoTeX is actively conducting research in this area to further enhance the security of hardware clients of blockchains About IoTeX IoTeX is dedicated to creating a decentralized platform of IoT-oriented and privacy-centric blockchain to address the scalability, privacy, isolat-ability, and develop-ability issues of IoT DApps and ecosystem growth through its core innovation of the ’blockchain-blockchains’ architecture. IoTeX is aimed to be the one who connect the physical world block by block as well as push the frontier of blockchain 3.0. Telegram Group: https://t.me/IoTeXGroup Telegram Announcement Channel: https://t.me/iotexchannel Twitter: https://twitter.com/iotex_io Join us: https://iotex.io/careers