Bitcoin Forum
February 23, 2020, 11:08:53 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Looking for feedback on supply chain attack solution (on-chain 2fa)  (Read 61 times)
ddustin
Newbie
*
Offline Offline

Activity: 5
Merit: 26


View Profile
December 29, 2019, 07:20:50 PM
Merited by malevolent (4), Welsh (4), hugeblack (2), o_e_l_e_o (2), jackg (1)
 #1

I put together a paper explaining my thoughts on solving the supply chain attack problem.

Would appreciate any thoughts or feedback people have.

http://www.koinkeep.com/articles/whitepaper

Thanks!
1582456133
Hero Member
*
Offline Offline

Posts: 1582456133

View Profile Personal Message (Offline)

Ignore
1582456133
Reply with quote  #2

1582456133
Report to moderator
1582456133
Hero Member
*
Offline Offline

Posts: 1582456133

View Profile Personal Message (Offline)

Ignore
1582456133
Reply with quote  #2

1582456133
Report to moderator
1582456133
Hero Member
*
Offline Offline

Posts: 1582456133

View Profile Personal Message (Offline)

Ignore
1582456133
Reply with quote  #2

1582456133
Report to moderator
Bitcoin Poker 3.0
The Largest Bitcoin Poker Site
Bad Beat Jackpot Available
No Limit Texas Hold'em Cash Games And Tournaments
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1582456133
Hero Member
*
Offline Offline

Posts: 1582456133

View Profile Personal Message (Offline)

Ignore
1582456133
Reply with quote  #2

1582456133
Report to moderator
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1652
Merit: 1550


https://bit.ly/387FXHi ← lightning theory


View Profile
December 29, 2019, 07:44:56 PM
 #2

Would the second signature be done on a different device or still the hardware wallet though? It wasn't really made clear.

I don't dislike the idea I just think there's a lot of holes. For example a hardware wallet producer could just ask people for their other key to unlock their account and still take quite a lot... If your estimate of $50bn is on hardware then $10 million or higher could be taken that way... Just look at the electrum phishing attack.

If you're really worried about security you can keep a machine offline completely and connect to it only via a USB drive, Bluetooth or preferably nothing until you need to do a large spend with all or a lot of your funds... Hardware is used a lot of the time for purchases not fay to day as they can't handle more than a few hundred transactions without becoming extremely slow.

I'd appreciate a diagram too... The text wall added to my headache a bit. You could Mar a lovely state machine/activity diagram.

ddustin
Newbie
*
Offline Offline

Activity: 5
Merit: 26


View Profile
December 29, 2019, 07:49:30 PM
 #3

Would the second signature be done on a different device or still the hardware wallet though? It wasn't really made clear.
Thanks for the feedback. It would need to be stored off the hardware device completely and never be allowed to touch the hardware device at any point*. Perhaps that could have been made clearer.

I don't dislike the idea I just think there's a lot of holes. For example a hardware wallet producer could just ask people for their other key to unlock their account and still take quite a lot...
This solution is just targeting at solving the supply chain attack problem. It doesn't address other issues. Mitigating other attack vectors is very interesting! It just wasn't part of the scope of this paper.

[edit, added this note]
* It can actually go into the device as long as the device is never used and then only used once withdrawing all funds. This is because of the "chosen nonce" attack, which allows a malicious wallet to hide data (ie an obscured private key) inside a signature nonce. I haven't vetted this article but I've skimmed it and it looks like a good intro into the subject: https://medium.com/cryptoadvance/hardware-wallets-can-be-hacked-but-this-is-fine-a6156bbd199
The simple solution is just to never send the key to the device at all which just solves the problem.
ddustin
Newbie
*
Offline Offline

Activity: 5
Merit: 26


View Profile
December 29, 2019, 07:56:30 PM
 #4

I'd appreciate a diagram too... The text wall added to my headache a bit. You could Mar a lovely state machine/activity diagram.
Ah! An excellent idea. Thanks for reading it man!
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1652
Merit: 1550


https://bit.ly/387FXHi ← lightning theory


View Profile
December 29, 2019, 07:58:13 PM
 #5

This solution is just targeting at solving the supply chain attack problem. It doesn't address other issues. Mitigating other attack vectors is very interesting! It just wasn't part of the scope of this paper.

Actually it may already easily be solved by using a multisig of hardware with electrum in just a normal multisig.

Since you're depending on both electrum technologies Gmbh and hardware wallet producers like trezor and ledger to be in kahoots so its really unlikely your funds can be attacked... You can also input numbers to produce a seed and can verify it with a few different websites or an interpreted version of the code (interpreted as apposed to compiled, checking every function).

ddustin
Newbie
*
Offline Offline

Activity: 5
Merit: 26


View Profile
December 29, 2019, 08:26:47 PM
Merited by Welsh (2), Heisenberg_Hunter (1)
 #6

Actually it may already easily be solved by using a multisig of hardware with electrum in just a normal multisig.
Multi-device multi-sig is definitely the direction we should head as it helps a lot. You turn the risk into where their supply chains overlap. It's important to keep a few things in mind:

* All devices must be from different manufacturers. If you do 2 of 3 where two are form the same manufacturer you've lost the supply chain resistance entirely
* If two of the manufacturers use a component in common your supply chain resistance is decreased
* If two of the manufacturers use a secure element in common your supply resistance is gone entirely
* The chances of a similar *wafer producer* being used between any of the components is quite high
* If the same wafer producer is used for the secure elements your supply resistance is gone entirely
* Even if the secure elements are printed using different wafer producers, they may use the same wafer machines. It is not simple but a wafer making machine itself could be updated to modify the secure elements it prints to inject malicious circuits.
* Most importantly, you can never be certain these things aren't happening. On-chain 2FA however is easily verified by looking at the blockchain.

By using on-chain 2FA you're able to "stake" on unrelated supply chains in a way that can only increases security. Throw a key on the iPhone supply chain for instance, or Android. You could even do both, adding as many as you like. Each that you add increases your security. The attacker must infiltrate all of these supply chains to succeed and using existing large supply chains makes the attacker's task much more difficult.

So really these approaches should be combined. On-chain 2FA plus multi-device multi-sig is an awesome combination of security factors.

Multi-device multi-sig protects you against malicious hardware wallet software while on-chain 2FA protects you against malicious hardware wallet hardware.

Since you're depending on both electrum technologies Gmbh and hardware wallet producers like trezor and ledger to be in kahoots so its really unlikely your funds can be attacked... You can also input numbers to produce a seed and can verify it with a few different websites or an interpreted version of the code (interpreted as apposed to compiled, checking every function).
Creating your own seed phrases and importing them into your hardware wallets is much more secure than letting the devices generate them.

This assurance only works however if you never use the wallet to sign anything and only sign one transaction that withdrawl all the funds. After that the key you created should be considered tainted and never used again.

This is because of the chosen nonce attack.

On-chain 2FA does help mitigate some of the concerns of a chosen nonce attack.
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1652
Merit: 1550


https://bit.ly/387FXHi ← lightning theory


View Profile
December 29, 2019, 08:43:28 PM
 #7

I don't think there are many producers of cpus though: Microsoft, quallcomm and hauwei are the main producers of ARM chipsets... X86 is done mainly by Intel, amd but some couls have been outsourced to companies like fujitsu, hp, dell etc...

I think a lot of devices share a lot in common with each other and some manufacturers probably share printers, a couple of years ago they said only 3 companies would be able and happy to print trezor devices... If you're in Europe or the US then you're probably going to be using the same printer as the main trezor would so they may still be able to interfere with its production... This could all just be people over precautions though.


Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!