What is the security chip used in hardware wallets?

What is the security chip used in hardware wallets?

This article mainly talks about what is the security chip used in the hardware wallet? How to ensure safety? imKey's Security Mechanism

What is a secure chip?

The secure chip in a hardware wallet primarily refers to the Secure Element (SE), which is a miniature computer that provides data security storage, encryption and decryption operations, and other functions through specialized security components and a chip operating system (COS). Due to the small size, low power consumption, high reliability, and strong confidentiality of the SE, it can be embedded in various product forms, such as IC cards, SD cards, SIM cards, eSE, internet banking USB keys, wearable devices, and more.

What are the uses of secure chips?

Secure chips are not unfamiliar, as they are commonly used in applications such as bank cards (with metal contact surfaces rather than magnetic stripes), mobile phone SIM cards, ID cards, internet banking USB keys, and more. Emerging technologies like artificial intelligence, IoT, and connected cars will also be powerful applications for secure chips.

What is the future of secure chips?

Countries around the world are vigorously promoting the development of new technologies and new formats such as 5G, quantum communication, artificial intelligence, connected cars, IoT, and industrial internet, and have made certain progress. China has also released action plans to promote the development of artificial intelligence, connected cars, and other areas, creating a favorable policy environment for the development of new technologies and formats. Whether it is intelligent terminals, IoT, intelligent driving, AR/VR, AI, smart homes, or other types of technology, the most basic layer is always the chip layer, which includes functions such as data acquisition, transmission, computation, integration, and analysis that are indispensable to these technologies. Over the past few decades, the development of various industries has been accompanied by the development of chip technology. Currently, the secure chip industry has been listed as one of the national information security strategies, and under the strong promotion of policies, a large number of secure chips for different fields and even different business scenarios have emerged in the market. From a broad perspective, the development of secure chips is a top priority and can be said to be one of the core competitiveness factors.

It has been said that chips are very secure, but why are they secure?

The security of chips can be explained from several perspectives, including the chip's own security design, testing standards, and application practices.

Firstly, the chip itself must have high security, whether it is from the perspective of internal software design or physical construction. Since the design principles of secure chips are complex and varied, some key points are listed:

  • Whether secure CPUs are used, mainly for secure calculation of keys and data information, and for security checks during operation.

  • Whether CPU registers have mask protection functions.

  • Whether memory (NVM, RAM) is encrypted and has dedicated integrity verification protection.

  • Whether there are temperature, voltage, frequency, light sensors, and specialized protective nets.

  • Whether there is a coprocessor for secure encryption and decryption calculations.

Secondly, so-called security is not absolute and eternal, it is only relatively secure under certain conditions for a certain period of time. Therefore, there are standards that can be used as a reference within a certain limit. Only through standard compliance testing can it be considered relatively secure. Speaking of this, we cannot fail to mention the ISO/IEC 15408 standard (Information Technology - Security Techniques - IT Security Evaluation Criteria) formally released by the ISO national standardization organization in 1999, also known as the CC standard (Common Criteria). ISO15408 is a security evaluation criteria developed for information security-related products or systems, and has become an international standard certification and the world's most rigorous security system evaluation criteria. The significance of the CC standard is:

  • It helps to enhance users' confidence in the security of IT products.

  • It promotes the security of IT products and systems.

  • It eliminates duplicate evaluations.

As for secure chips, the CC standard specifies that their security verification levels are divided into EAL1 to EAL7, from low to high. There are a total of 7 levels from EAL1 to EAL7. The higher the level, the more security assurance requirements need to be met for certification, and the more reliable the security characteristics. Each level of security certification requires evaluation from multiple perspectives.

To supplement, in the financial field, commonly used products are at the EAL4+ and EAL5+ levels, while EAL 6+ has reached military-grade.

In terms of practical application, judgment can be made from two aspects:

  • On the one hand, whether it has been commercialized and whether it has ever exposed security incidents;
  • On the other hand, whether the cost of attack is high enough, including time, manpower, and financial investment.

What kind of attacks can the security chip resist?

According to the international CC standard, security chips must have the following anti-attack requirements:

  • Ensure that security chips have the ability to protect against physical determination of memory unit logic content;

  • Ensure that when storage unit logic or internal wiring of the security chip is exposed, the security chip has the ability to resist restoring useful code or information based on memory unit logic;

  • Ensure that security chips have the ability to resist the protection of sensitive memory information exposure through bypass analysis, such as analyzing the power consumption diagram of running security chips, electromagnetic field radiation, or the timing of major processing functions;

  • Ensure that it is difficult to expose memory code and information through mechanical detection attacks when invading security chips;

  • Ensure that it is difficult to expose memory information through attack methods such as voltage comparison and electron beam detection;

  • Ensure that the application of security chips is not affected by changes in the operating environment. If internal changes or non-standard assignments such as clock rate, voltage, reset pulse width, and temperature are detected, they should be invalidated;

  • Ensure that the execution of the application of security chips is not affected by detection attacks;

  • Ensure that security chips can resist the ability of personnel with comprehensive knowledge of security chip design to modify security chips through high-end specialized tools using FIB systems or laser cutting machines;

  • Ensure that security chips are not affected by optical error attacks, electromagnetic interference, and radiation, and will not affect the normal operation of the application program or enter a safe state;

  • Ensure that the design of security chips has a certain degree of difficulty, and attackers must use a lot of effort and high-end professional tools to reverse engineer the logic modules.

After talking about so many professional and technical terms, I believe everyone has already felt like they are listening to a foreign language. In summary, even for technical personnel with professional knowledge, attacking security chips is still quite difficult.

How secure is imKey?

imKey has undergone strict security design from both hardware and software aspects, with a focus on hardware security in this case. It is worth noting that the software security will be discussed in future classes. As many of you may already know, imKey uses a CC EAL6+ secure chip (a picture of the CC EAL 6+ secure chip is attached below), which has reached military-grade security and has the following security features:

  • Built-in true random number generator;

  • Dual-core CPU, one for execution and one for security checking;

  • All CPU registers have mask protection function;

  • All NVM and RAM are encrypted, and there is a dedicated integrity verification protection;

  • Equipped with temperature, voltage, frequency, light sensor, and dedicated protection network;

  • Equipped with DES, AES, and co-processor for PKI operations.

Note: The core of a blockchain wallet is the private key, which is essentially a string of random numbers. The security of the random numbers directly affects the security strength of the private key. The chip used by imKey generates random numbers using a true random number generator, which typically uses thermal noise to generate random numbers that have strong randomness, high security, and are difficult to predict. This ensures the confidentiality of the private key from the source, thus ensuring the security of the wallet.

Should the secure chip be open-source?

Regarding whether the secure chip should be open-sourced, it is like your army has done everything possible to build a military defense fortress. In order to prove the security of your fortress to the world, you have to make your security construction public. This invisibly exposes vulnerabilities to the enemy, providing them with opportunities to exploit. Secure chips have industry standards and international standards to follow, and secure chips have been widely used in military, finance, government, livelihood, and other fields. Open-sourcing will bring incalculable security risks and even threaten national security. Therefore, open-source cannot be used as a standard to judge the security of secure chips. Compared with open-source, the black box privacy is more conducive to ensuring its security.

Although a lot of knowledge about secure chips may sound obscure, in summary, it is recommended that when purchasing a hardware wallet, you should choose products that use secure chips and have security certification qualifications as much as possible.