If you have been involved in cryptocurrency, you should definitely protect your digital assets using cryptocurrency wallets. Well, cryptocurrency wallets can be classified into 2 categories – hot wallets and cold wallets. In practice, hot wallets can be implemented as a desktop, online or mobile application while cold wallets include paper and hardware wallets.
Also known as a cold wallet, it is a dedicated piece of hardware that provides enhanced security features for storing private keys in the long term and signing transactions offline. Generally, hardware wallets are connected to a computer system via a USB port or to a mobile device via Bluetooth or NFC for checking the blockchain. Hardware wallets achieve an excellent balance between facilitating the blockchain transactions and keeping your digital assets offline.
Certainly, designing a highly secure hardware wallet is quite an intricate task. By taking into consideration several attacks against hardware wallets and examining the security designs of popular hardware wallets in the market such as: Trezor, KeepKey, Ledger Nano S and more, we have listed down a few properties which according to us a highly secure hardware wallet should possess:
Layered Security and Defense in Depth: Multiple security countermeasures should in a place to report a varied range of potential attacks in the case that the attacker steals your hardware wallet, reflash the device with malicious firmware or compromise your mobile devices.
Hardware-Based Root of Trust: A hardware wallet must have a hardware-based root of trust, for example, secure microcontroller, hardware security module and secure element to securely store private keys and process transactions. These security aspects are amazingly designed to protect sensitive data against an extensive range of physical attacks.
Compartmentalization for Cryptocurrencies: For hardware wallet supporting a multiple range of cryptocurrencies, each and every crypto application should run in its own compartment which is protected by hardware-enforced boundaries which segregate different apps and prevent a fault found in one app from affecting the rest of the system.
Transaction Display and Confirmation: A hardware wallet should be equipped with a trusted display for verifying the transaction information and on-device buttons too for confirming and rejecting transactions.
TEE (Trusted Execution Environment) is an environment that enables the secure implementation of applications. TEE strives to accomplish the following security properties:
Secure Storage: The Trusted Execution Environment should give secure storage for protecting the secrecy and integrity of sensitive app data and application binaries too.
Secure Provisioning: TEE should make sure the data secrecy and integrity when sending the data to a particular software module operating in the execution environment of a particular device.
Isolated Execution: TEE must enable applications to run in an isolated zone which make sure that the malicious applications find it difficult to access the code and data of other applications.
Remote Attestation: The Trusted Execution Environment must allow parties communication with the secure execution environment in order to check the software/hardware authenticity that executes the TEE.
Trusted Path: TEE should communicate with the outside world while making sure the optionally secrecy, authenticity and availability of the communicated data.
It is not so challenging to find matches between the security properties required by highly secure hardware wallets and TEE. Consequently, Trusted Execution Environment (TEE) provides a perfect solution for augmenting the security of hardware wallets.
As there are various techniques to realize TEE, ARM TrustZone is regarded as the most promising technology to execute TEE in ARM based mobile devices and embedded platforms.
ARM TrustZone is a system wide security approach for the ARM Cortex-based processors. ARM TrustZone represents a more flexible security solution by making the most of CPU as a programmable trusted environment. Also, it provides protection when data is being processed in lieu of providing cryptographic functions.
The Trusted Execution Environment (TEE) is already bringing an immense value to a range of devices and sectors. Not just the technology is exciting, but the possibilities it opens for developers to add value to their cryptocurrency wallet development services by utilizing the hardware isolation or technologies like Digital Holograms which adds value for cryptocurrency exchange development companies and device makers.