Keyless mode for secure transaction signing in Ethereum Android

The best way to prevent getting your wallet stolen is to not take it with you

Before diving into the topic, let’s refresh our understanding of data.

States of digital data

There are three states of digital data and each state needs its own type of protection and is either more or less difficult to protect.

  • Data at rest
    Inactive data, stored in some kind of persistent memory
  • Data in transit (or data in motion)
    Data that is travelling through a network or is temporarily in computer memory
  • Data in use
    Active data, which is currently used and is constantly changing

Encrypting data at rest is relatively easy because you know where it’s stored. Common encryption methods for hard storage devices are AES or RSA. It get’s a little more tricky when it comes to data in transit because the sender and the recipient need to play along and the connection has to be encrypted as well. Public-key cryptography along with SSL are nowadays widely used to get the job done.

Encrypting data in use is considered to be a major headache among experts because at some point the data has to be open to work with it. What’s even more problematic is that if an attacker retrieves sensible information from the RAM, both data at rest as well as data in transit can be compromised, as keys and passwords to encrypt those two states of data are held in the RAM. Android as a mobile operating system has a very open architecture and was therefore many times regarded as being unsecure. With newer API levels the Android team improved the security of the platform. There are also proprietary solutions like Samsung Knox which build an encrypted work environment inside an open one. But still, fully securing data in use is an ongoing and complex task.

Ethereum Android and security

We think that developers, especially of financial software, should do their very best to minimize the threat of their customers’ data being attacked. This is why we want to achieve the highest possible level of security for Ethereum Android.

Through our secure proxy server and our Android library Seccoco (Secure Container Connect) we secure both, the connection between the device and the node as well as the data stored on the device. But still at some point sensible information, in our case the private key of an identity, resides in the RAM of the device when the user signs a transaction.

The keyless mode

This is why we chose to give our users the possibility to sign transactions outside of Ethereum Android. To work in keyless mode a user has to import an identity not by its private key like before but by its public address. Of course to send transactions the user still needs his private key for signing.

Once the user creates a transaction in keyless mode Ethereum Android let’s him export the unsigned transaction which he can sign any way he likes to. We wrote a small Java tool for signing transactions offline. Besides that our app offers a generic interface for external signing solutions like hardware wallets.

We have prepared an example video that shows step by step how to use the live operating system Tails Linux together with the Ethereum Android wallet to securely sign transactions outside of the app.

If you have any questions or feedback regarding the keyless mode please contact us through our support portal on ethereum-android.com.