Researchers have invented a new form of hardware wallet that has been designed to eradicated entire classes of vulnerabilities that impact existing designs.
On Thursday, academics from the Massachusetts Institute of Technology’s Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) published a paper (.PDF) documenting how the new wallet operates.
Traders and investors in cryptocurrency such as Bitcoin (BTC) and Ethereum (ETH) have the option to store their virtual coins with online trading platforms or wallets, the latter of which is intended to keep cryptocurrency safely away from trading posts in cases of cyberattack and theft.
Computer systems, given their vast attack surface, cannot be considered a foolproof, safe option. In the same way that some of us are shifting to hardware-based verification and authentication methods — such as physical YubiKey devices — hardware solutions can, potentially, be a better security option in the long run.
The 2018 Bitfi circus, in which delighted security researchers took backer John McAfee to task by proving the “unhackable” cryptocurrency wallet was, indeed, hackable, merely scratching the surface of the problem.
Since then, vulnerabilities have been found in Trezor wallets, reports have surfaced of attack methods which can be used to compromise the same vendor as well as rival Ledger, and ShapeShift has also had to address hardware-related security concerns.
MIT CSAIL believes it has an answer to lax security impacting the safety of cryptocurrency. Graduate student and lead author of the paper, Anish Athalye, together with a research team has developed “Notary,” a USB form-factored wallet the researchers claim “eliminates entire classes of bugs that affect existing wallets” and also may be able to enhance the overall security of transaction approval.
See also: IRS begins tax clampdown on unreported cryptocurrency profits
What makes Notary different is a set of hardware fail-safes designed to mitigate successful cyberattacks. Known as “reset-based switching,” the wallet will reset the CPU, memory, and other hardware components when a user switches between one app to another.
“The goal of this approach is for applications to be more strongly isolated from one another so that the security of apps in the wallet is not threatened if a single app is hacked or has a vulnerability,” MIT says.
Reset-based switching is intended to remove the threat of vulnerability classes by changing the infrastructure of a device to act as a multiple computer system. Notary runs management code on one system and applications on another — and so when task-switching occurs, the management console resets the application computer fully before booting up another app.
By using physically separate systems-on-a-chip (SoCs), this could nullify threats such as Rowhammer.
The research team says that due to reset-switching, memory errors — especially those involving vulnerable memory protection units (MPUs) able to break app isolation, can be avoided. MPUs in themselves are not used, in favor of physically separate domains and resets.
Another class of vulnerabilities the wallet aims to avoid are system call bugs that can be triggered when individual applications are given permission to read kernel memory.
“Notary gets around this by not needing any system calls that can read data: applications are supplied all their data at load time before they are started,” the researchers say.
TechRepublic: More than 99% of attacks in the past year relied on human error to gain access
Software bugs, too, are in the firing line. Buffer overflow security flaws, for example, can be triggered by data packets sent via USB interfaces, but the team has tried to mitigate such risks by isolating USB-related software outside of the “security-critical” areas of the system.
According to the researcher, hardware wallets shouldn’t be considered simply a means to store cryptocurrency — instead, they may hold value in a wider range of applications. As long as security is kept at the heart of hardware, that is.
CNET: Google collects face data now. Here’s what it means and how to opt out
“A computer is such a gigantic attack surface, with lots of complexity and lots of code,” says Athalye. “This means lots of bugs and dependencies that can be exploited if malicious actors know where to look […] Being able to build a secure hardware wallet would lead to better security for so many different kinds of applications.”
The research has been published (.PDF) on MIT CSAIL’s Parallel & Distributed Operating Systems Group platform.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0