Endpoint Security. The Case for a Secure Wallet. Anything important needs to be protected with hardware

Transcription

1 The Case for a Secure Wallet It is a new concept, my wallet is only as secure as it is because its in my pocket, or my bag, or my desk? Wait, the bedside table in my hotel room? It is a new concept, people can t reach across the internet and pull money out of my wallet just because I walked out of the room and I wasn t watching it. Also, my wallet is so big with different things that I split it up. I have my minimal wallet that sits small in my front pocket without a bugle to thwart pick pockets and then the other one that has the rest, unless I grab even less to take with me while I exercise in the outside. In other words, my money stuff is all over the place. What if I wasn t carrying my wallet at all? What if I was just carrying a little thing that would give me access to my wallet, beam to money me. What if I had more than one of these, one in my bag, one on my desk at home, never have one out of reach or forget it. If I lost one of my access things for my wallet, I wouldn t lose the contents of my wallet as well. Because shoot, who cares about the wallet, it s the cash and credit cards inside that I care about. I d really prefer to leave my actual money and credit cards in a safe, but a safe I could get to, like a bank? Except a bank that didn t keep banker s hours, so it would be open 7/24 and, didn t require me to find an ATM, it could follow me around. Again, beam money to me. Not real cash money, think a one-time credit card number 1 or something. Endpoint Security Modern day attacks focus on the endpoints and their users to bypass traditional security controls. Security controls, real ones, need to be in place on your endpoints. Your Cloud Service Providers is hopefully doing their part, your laptop or phone is where your focus needs to be placed. Anything important needs to be protected with hardware AV just isn t enough anymore. You need local authentication, encrypted storage, patching and all of that protected with hardware. Anything important on your local storage, such as your coins and private keys need to be protected with hardware so that it cannot be removed from your laptop and still function. What about in the digital world, the world of the coins. The digital coin world s wallets are in about the same state as my physical wallet. They were an afterthought. I have multiple coin wallets associated with the multiple apps to use multiple coins. When I m using only one, I run the same risk of someone stealing from it when I leave it in a hotel room as I do when I m actually 1 Back in the day, the idea of a one time credit card was awesome, no point stealing it, as it wouldn t work again

2 using it. As a matter of fact, it s worse when I actually am using it as I opened up all the files and 2 connections to it. There are three options for digital wallets today, these are listed in order of what the industry considers least to most secure; cloud storage, file storage and hardware token. Cloud Storage You had me at Mt. Gox. The concern is that if your wallet is stored at a cloud provider, it is available for theft 7/24. You wouldn t leave your wallet at the store for the next time you re ready to use it, right? These cloud providers are facing the same nation state style attacks that have taken down other high-profile sites you ve read about in the news. Coinbase has been the subject of attack by the first wave of the nation state style attack them, interesting s and advertisements targeting it s users. But you know what? It is still one of the most widely used wallets on the planet. Accessibility (from say, your phone), user experience and possible denial of the risk, being the reason why. Who knew? File Storage This is the most common type of wallet used on laptops. Your coin application has its own storage files for your coins and keys. The drawback is twofold, first, none of these applications, who store your coins in files, do a sufficient job at making you prove who you are before giving you access to your keys and your coins. Some claim that they do multifactor, but are really doing what we call step up, or two things you know. Even those like Google authenticator. Any application running on your laptop that provides an additional credential should be considered just as compromised as the laptop, as the second and most important problem with file system-based wallets is that when your laptop is compromised, any file on it can be copied off of it and onto the Internet. If the application that governs access to your wallet fails, so does your access to your wallet. Something You Have There is a lot of misconception in the industry when it comes to multifactor and specifically something you have to accompany something you know and say, your location. In order to qualify as something you have, a device must have suitable hardware controls to not allow the secrets inside it that can be used to prove its existence cannot be removed, including my physical tampering which must have the effect of destroying the device and its contents. Vendors will often claim that they support multifactor when all they are really doing is providing step up or two things you know. For example, and application could require a password, something you know, as well as the ability to generate a second code or password when the first is typed which the users copies into the second authentication prompt. Some vendors of these software based authenticators have taken steps to make their use as close to something you have as possible. For instance, an enrollment process to tie the application to the particular device so that it cannot be copied to another computer. 2 Maybe I shouldn t say that as it is also a problem, well the only problem, with my secure wallet too

3 The way you avoid that is by storing your wallet in a hardware device, where that hardware prevents the contents of the device from being copied out of it. Hardware tokens Hardware tokens, usually in the form of what looks like a USB storage device with a small screen, can be used to store your keys and coins in a place where you would have to have physical access to the hardware device to steal your money. Unless we re talking about stealing the device itself, as a fifteenyear-old figured out how to steal the contents of one of these devices that he had physical access to. The real problems that have sprung up around these devices has been problems with usability and accidental loss and destruction. Too many attempts to guess a forgotten pin, locking the device, without an easy or clear way to recover it, damaging the device as it bounces around in your pocket and simply misplacing the device are common experiences for those that have adopted them. Which at times, has led to loss of coins. User experience has again shown itself as important. With any of these, getting locked out of your wallet when you really need to sell, can be a horrible experience for anyone working with money. Are there any options that have fewer problems and are actually easier to use? (continued) Although some vendors do a better job of this than others, they still do not pass the requirements to be called something we have. Google authenticator is in this an example. Why not? It is running in the same memory as the rest of your compromised laptop. If you do need to use one of these software authenticators, you should use it on a different device than the one you are trading coins on. Is SMS Something you Have? It can be in a pinch. However, in practice, if I steal your phone and send a text to it, I can read that text code on the screen without first authenticating on 99% of people s phones. Let s return to our earlier discussion of what if instead of carrying a wallet with your actual money and credit cards in it, but instead you carried a wallet access device? How would that work? You would separate (bifurcate?) your actual money from your ability to access the wallet. You would put your actual money in a digital safe, while carrying a key to the safe. And as we mentioned, the digital safe would be accessible from anywhere, 7/24, you would use the internet to get to it, with TLS encryption, to beam money to you.

4 Digital Safe We want the physical protection of a hardware device that generates the private key in hardware and never lets that leave the hardware, instead of which, it would perform cryptographic operations with the key, and return the results instead of the key itself. As mentioned earlier, the thing with hardware, you must have physical access to the device to steal from it. What if the device was locked in a cage, with a camera on the cage and physical controls on the building it was in? That is better physical security than what you would get with the USB wallet in your jacket pocket or your bag, or wait, where did I use it last? Was I at my Mom s? you know how she hates clutter. Hardware Keys as a Digital Wallet Access Device What you want is a strong local authentication to access your digital safe. I verification that it is you, and only you (or your delegates) that can access the contents of that digital safe. By local, I mean in hardware that you have physical access to. Something you have, as we call it in the industry. Something that you cannot break into across the internet 7/24, as its only available when the user chooses to use it which they verify with something they, and no one else, knows. Even better would be a disposable hardware token used to access your wallet after doing a suitable local authentication. I say disposable as your money isn t actually in it, nor are your keys for your coins. If you have a problem with accidental loss or destruction of this key, you would simply need to go through a highly visible, aka audited, recovery system to initialize a new key. Or, even better, as these are cheap, you could enable two at the same time when you start and leave the second one in a safe place at home in case the first takes a goes south. One of my favorite pieces of hardware for this use case are Yubico s Yubikeys, or Yubi s for short. They even have an NFC version (as well as USB) that works with your Android phone. And there are alternatives, for instance the hardware available in your iphone 6 to iphone X has many features for a strong local authentication and a good story on why you can trust their hardware as well as the USB Wallets. They use (proprietary) hardware in the device to protect the secrets used in an authentication service. Couple this with a digital safe that will only provide access to your money with one of these hardware keys, and you have a pretty good solution for safety as well as providing you, and only you, 7/24 access to your money. Beaming money Money showing up where you need to buy something is one use, the other is to translate the original form of the currency to a form that can work with whatever it is you want to give money to. Cash to etherium to bitcoin to credit card to apple pay etc. For that we need exchanges. Coin exchanges, Litecoin to bitcoin to Etherium as well as exchanges to real world payment systems until they will natively accept coins, in the same model as Apple or Google Pay 3 or the one any EBay user has worked with for years, PayPal which allows you to setup multiple 3 Or maybe this sentence should blend, PayPal, Apple and Google Pay

5 institutional entities, banks, credit card vendors, and actual money account and allows you to send money to payment systems that do not yet accept coins natively. So Do We Need Secure Wallets? Yes we do. We will always be insecure about our security.