nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

A Formal Treatment of Hardware Wallets

verfasst von : Myrto Arapinis, Andriana Gkaniatsou, Dimitris Karakostas, Aggelos Kiayias

Erschienen in: Financial Cryptography and Data Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Bitcoin, being the most successful cryptocurrency, has been repeatedly attacked with many users losing their funds. The industry’s response to securing the user’s assets is to offer tamper-resistant hardware wallets. Although such wallets are considered to be the most secure means for managing an account, no formal attempt has been previously done to identify, model and formally verify their properties. This paper provides the first formal model of the Bitcoin hardware wallet operations. We identify the properties and security parameters of a Bitcoin wallet and formally define them in the Universal Composition (UC) Framework. We present a modular treatment of a hardware wallet ecosystem, by realizing the wallet functionality in a hybrid setting defined by a set of protocols. This approach allows us to capture in detail the wallet’s components, their interaction and the potential threats. We deduce the wallet’s security by proving that it is secure under common cryptographic assumptions, provided that there is no deviation in the protocol execution. Finally, we define the attacks that are successful under a protocol deviation, and analyze the security of commercially available wallets.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Minimizing Trust in Hardware Wallets with Two Factor Signatures

Nächstes Kapitel VeriSolid: Correct-by-Design Smart Contracts for Ethereum

Trezor developer’s guide: https://wiki.trezor.io/Developers_guide.

See: https://wiki.trezor.io/Developers_guide:Trezor_Connect_API_Methods.

See: https://wiki.trezor.io/User_manual:Receiving_payments.

See: https://wiki.trezor.io/User_manual:Making_payments.

See: https://wiki.trezor.io/Developers_guide:API_Workflows.

See: https://support.ledgerwallet.com/hc/en-us/articles/360009676633.

Ledger has issued firmware update to address this issue and allow both the client and the hardware to generate and display the address. However, the firmware needs to be updated manually, a process that is commonly neglected by common users.

KeepKey (2018). https://keepkey.com/. Accessed 1 Sept 2018

Ledger Receive Address Attack (2018). https://www.docdroid.net/Jug5LX3/ledger-receive-address-attack.pdf Accessed 19 Sept 2018

Trezor (2018). https://trezor.io/. Accessed 1 Sept 2018

Alois, J.: Ethereum parity hack may impact ETH 500.000 or 146 million (2017). https://www.crowdfundinsider.com/2017/11/124200-ethereum-parity-hack-may-impact-eth-500000-146-million/. Accessed 1 Sept 2018

Atzei, N., Bartoletti, M., Lande, S., Zunino, R.: A formal model of bitcoin transactions. Cryptology ePrint Archive, Report 2017/1124 (2017). https://eprint.iacr.org/2017/1124

Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 324–356. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_11CrossRef

Bamert, T., Decker, C., Wattenhofer, R., Welten, S.: BlueWallet: the secure bitcoin wallet. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 65–80. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11851-2_5CrossRef

Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: SoK: research perspectives and challenges for bitcoin and cryptocurrencies. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 104–121. IEEE (2015)

Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols, pp. 136–145 (2001)

10.

Canetti, R.: Universally composable signatures, certification and authentication. Cryptology ePrint Archive, Report 2003/239 (2003). http://eprint.iacr.org/2003/239

11.

Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. Cryptology ePrint Archive, Report 2002/059 (2002). http://eprint.iacr.org/2002/059

12.

Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10CrossRef

13.

Gentilal, M., Martins, P., Sousa, L.: Trustzone-backed bitcoin wallet. In: Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems, pp. 25–28. ACM (2017)

14.

Gkaniatsou, A., Arapinis, M., Kiayias, A.: Low-level attacks in bitcoin wallets. In: Nguyen, P., Zhou, J. (eds.) ISC 2017. LNCS, vol. 10599. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69659-1_13CrossRef

15.

Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 129–144. USENIX Association, Washington, D.C. (2015). https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/heilman

16.

Hsiao, H.C., et al.: A study of user-friendly hash comparison schemes. In: 2009 Annual Computer Security Applications Conference, ACSAC 2009, pp. 105–114. IEEE (2009)

17.

Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001). https://doi.org/10.1007/s102070100002CrossRef

18.

Lim, I.-K., Kim, Y.-H., Lee, J.-G., Lee, J.-P., Nam-Gung, H., Lee, J.-K.: The analysis and countermeasures on security breach of bitcoin. In: Murgante, B., et al. (eds.) ICCSA 2014. LNCS, vol. 8582, pp. 720–732. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-09147-1_52CrossRef

19.

Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)

20.

Parker, L.: Bitcoin stealing malware evolves again (2016). https://bravenewcoin.com/news/bitcoin-stealing-malware-evolves-again/. Accessed 1 Sept 2018

21.

Pass, R., Seeman, L., Shelat, A.: Analysis of the blockchain protocol in asynchronous networks. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 643–673. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_22CrossRefMATH

22.

Penard, W., van Werkhoven, T.: On the secure hash algorithm family. In: Cryptography in Context, pp. 1–18 (2008)

23.

Tan, J., Bauer, L., Bonneau, J., Cranor, L.F., Thomas, J., Ur, B.: Can unicorns help users compare crypto key fingerprints? In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3787–3798. ACM (2017)

24.

Uzun, E., Karvonen, K., Asokan, N.: Usability analysis of secure pairing methods. In: Dietrich, S., Dhamija, R. (eds.) FC 2007. LNCS, vol. 4886, pp. 307–324. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77366-5_29CrossRef

25.

Vasek, M., Bonneau, J., Castellucci, R., Keith, C., Moore, T.: The bitcoin brain drain: examining the use and abuse of bitcoin brain wallets. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 609–618. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54970-4_36CrossRef

26.

Volotikin, S.: Software attacks on hardware wallets. Black Hat USA 2018 (2018)

27.

Wuille, P.: Hierarchical Deterministic Wallets (2018). https://en.bitcoin.it/wiki/BIP_0032. Accessed 1 Sept 2018

28.

Huang, D.Y., et al.: Botcoin: monetizing stolen cycles (2014)

Titel: A Formal Treatment of Hardware Wallets
verfasst von: Myrto Arapinis
Andriana Gkaniatsou
Dimitris Karakostas
Aggelos Kiayias
Verlag: Springer International Publishing
Buch: Financial Cryptography and Data Security
Print ISBN: 978-3-030-32100-0

Electronic ISBN: 978-3-030-32101-7

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-32101-7_26

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner