Before the review explained the definition of encryption wallet darling think tank safety “three no” elements: three is to have a wallet encryption network isolation, system integrity protection and confidentiality is a seed; no “no defense system hypothesis”. The “three no” factor is the safety characteristic analysis of wallet should have from the defense point of view. This article from two dimensions including the attack angle, available to analyze encryption wallet safety design guidelines:
A, the dimension of attack
Dense deep science and technology chief scientist Guo Weiji from the technical threshold, the economic cost, the cost of crime, the expected cost of revenue in four aspects of income will attack wallet is decomposed into three levels:
The first level is highly aggressive, corresponding to low threshold technology, low cost, low cost of crime, the expected return is high;
Secondly, in the attack, the corresponding low technical threshold, low cost, high cost of crime, the expected return is low;
Level 3, low attack, corresponding to high technical threshold, high economic costs, the cost of crime is high, the expected return is low.
Attack source: think tank dimension comparison, darling
These three levels can guide us to the safety design of.
Two, the availability of dimensions
The availability of encrypted wallet includes security and user experience. Different from the routine availability usually equal to the user experience, we list security as a key indicator of availability here. The reason is very simple, as the wallet products, safety critical. If a wallet encryption security, use a lot of restrictions, especially the size of its asset management is very small, even if the loss is less, which leads to the wallet can not be used in many situations.
In addition, bad user experience will lead to the loss of security. For example, if the security of a wallet mainly rely on the user to enter a more complex password, so the user experience will be poor; and for human laziness, the user may use the seemingly complex is actually easy to crack the password.
The ideal high security encryption wallet, the user experience is very good. But this is very difficult to take into account. To this end, Guo Weiji put forward a formula:
Advanced technology index not less than x user experience index security index
At a given level of technology, security index and user experience index was inversely proportional to, can not take into account. Fortunately, through the use of more advanced technology, can also enhance the safety index and user experience index. Can think that the encrypted wallet availability ceiling depends on the safety design and its implementation technology.
Usability dimensions of contrast, source: Darling think tank
After the attack and availability of dimension dimension analysis framework the advantages and disadvantages of various wallet, this paper puts forward a thinking paradigm will further guide wallet safety design.
Three, analysis of the dimensions of software Wallet
1. attack dimensions
Due to the technical threshold attack software wallet low and low cost, low cost of crime, the expected return is high, the software wallet attack high.
From the technical threshold, wallet software does not have the “three” elements: network connection will lead to unsafe mnemonic preservation, transaction password settings, weak passwords, currency price data is replaced; the integrity of the system is mainly based on Android, Android mobile phone system will cause no perceived physical attacks the first two; can not guarantee the safety of leading seed security nor safety wallet. Therefore the technical threshold is not high relative to the wallet software attack.
From an economic point of view, because the software wallet often networking, hackers only need to sit in front of the computer can remotely attack numerous software wallet, but the same kind of attacks can be used repeatedly, do not need a lot of people as well as the great operation cost.
From the cost point of view, the hacker through the Internet can be transnational theft, but also from their own IP hide or put to other places, almost very difficult to track the hacker mami.
From the expected return on the present stage, investors also failed to pay sufficient attention to the confidentiality of encryption assets, so many users are placed into the encryption software assets storage wallet to hackers can attack, a large user base. Hackers can easily attack a wallet in the back of the computer software, once the success of income is very considerable.
2. usability dimensions
At present the wallet software security technology can use the choice of not much. The low technical level caused by security and user experience is extremely difficult to balance, so the overall availability at a relatively low level.
In China, the software wallet is often equated with the mobile phone App wallet, less users use the PC software on the wallet. However, in any case, the primary problem facing the private key or wallet software is how to keep the seed. The PC epidemic of extortion virus WannaCry, encrypt the user’s files and assets for ransom. In fact, you can transfer files to blackmail.
Another is from the PC or mobile phone to steal encryption key file, hit library, or use encryption scheme for the crack defect. Of course, the technical threshold is higher, but not high to the sky. A study of MIT computer science and artificial intelligence laboratory results show that more than 10% of the error for the decryption key cryptology reflects hard encoding in the code. Readers do not think it seems to Arabian Nights. Think carefully about the software wallet can put the decryption key is stored in what place? A code which is very confusing under an option obviously, other options or not to go, unless strong enough security measures to provide the underlying operating system.
A good approach is to ask the user to enter a password is encrypted, but here again there will be other problems, weak passwords, hit the library and so on the one hand, the Trojans get the keyboard input to obtain the user password is on the other hand.
Security of software wallet are analyzed. But the reality is far more than the real security situation worse theoretical analysis. For example, some software wallet industry that safety wallet application without security beyond the system, as long as the mobile phone system is not compromised, assets are safe; and if the system is compromised, then by what means can not protect assets. In order to improve the user experience, many users simply put the wallet or purse seeds stored in the mobile phone inside the private key plaintext, resulting in potential danger to the security of user assets.
The day before, the blockchain safety research center BSRC released a version of the software for a Android wallet attack video, the video display, the attacker can directly access the user through the USB mobile phone users connected mnemonic word and twelve seed, helping users in the local crack after word of Ming Wen, to enter the user account. In this attack case, if the purse seeds were even simple encryption protection, the attack would not be so smooth.
In order to sacrifice the user experience and security, is essentially a false sense of security. From the perspective of usability, security and user experience are essential, but not convenient secure encrypted wallet allows users at risk of this unnecessary, its availability level is very low.
Therefore, can attack the high software wallet is favored by hackers “attack”, and the bad, the lack of theoretical guidance, in the overall availability under the constraint of limited sacrifice of safety to take care of the user experience design, the software safety wallet is one disaster after another. This is why the demand for hardware wallet.
Four, analysis of the dimensions of Android hardware Wallet
1. attack dimensions
Android system development hardware wallet based on in the attack on the dimension of belong to the second level, is also in the attack, in particular low threshold technology, low cost, high cost and low expected return of crime.
From the technical threshold, one thing to attack Android system is not too difficult. This is mainly due to Android’s lack of integrity protection system, all kinds of security vulnerabilities are more; more importantly, based on Android hardware wallet once released, it is often difficult to make what major upgrades on the underlying operating system, Android wallet has been caused by hardware after the new vulnerabilities discovered by the threat of continued. It can even be said that if the published product cannot be patched, anyone who understands the new vulnerabilities, you can use to attack Android hardware purse, resulting in the situation of low technical threshold.
Actual combat, the CEO of Bitfi, network security pioneer John McAfee once called Bitfi cold wallet is the world’s first “cannot be black” equipment. In order to prove himself, reward McAfee launched in July 24th of $100 thousand for the equipment can be compromised by hackers. Less than a week, a fifteen year old child is successfully break the John McAfee support Bitfi wallet. Held in July to see the snow security summit, from security experts Hu Mingde Chong Yu know to use USB interface crack defect on a domestic Android wallet.
From an economic point of view, whether it is the supply chain attack or evil maid attack, cost may be malicious software or by using the known vulnerabilities to steal private data, do not need a high price.
But there are certain crime risk. Whether it is in direct contact with the equipment or bribe hackers to others, attackers are likely to face identity recognition.
From the expected return point of view, because the attacker needs to first contact to the device, is likely to steal digital assets inside, which makes the attack is not the implementation of a large area, its efficiency becomes very low, so it is also expected to reduce attack software wallet.
From the attack analysis point of view, Android wallet hardware comprehensive evaluation of the expected return is low will lead to a certain extent, hackers will not attack hardware wallet, but with the number of people who use hardware wallet gradually increased, hacker income will increase, resulting in hardware wallet will gradually favored by hackers.
2. usability dimensions
Currently Android wallet hardware products on the market are basically is to emphasize its offline, through the two-dimensional code transfer signature information, user experience is a lot worse than the software wallet. At the same time, since there is a loss of equipment or be contacted by others may also be simplified, safety measures. If the user needs to use more complex passwords to Secure Wallet seeds, which the user experience is a kind of hurt. Of course, carry large equipment itself is a kind of injury to the user experience.
At the same time, because the Android system is lack of system integrity protection congenitally deficient, in the premise of an attacker can contact equipment, safety of Android wallet purse is not hardware than software, even lower than some good use of iOS security software wallet.
Overall, the main advantages of offline Android hardware purse wallet can be caused by relative software, aggressive, or as a target of the attacker’s appeal, is relatively not so large; the user experience is inferior to the software wallet. Overall, for the typical security at the expense of the user experience.
If there is a very high security, but also a good user experience, according to the formula, can only rely on technology platform with better. This is the chip level hardware wallet.