Fort Knox in Your Pocket

Inside the Secure Architecture of Citadel Wallet

History is full of stories of thieves who pour over blueprints, planning the perfect heist. It is stunning the lengths they will go to circumvent security measures, like the gang in 1995 who took three months to dig a 250 foot tunnel to access the vault in a bank in Fortaleza, Brazil. Or the Antwerp Diamond Heist in 2003, where thieves stole over $100 million in diamonds by posing as diamond merchants and obtaining a rental space in the building. Or the Citibank heist, where Russian hackers were able to exploit a vulnerability in Citibank’s U.S. security system, allowing them to bypass authentication measures and gain unauthorized access to the bank’s network and a cool 10 million dollars.

And while we may sometimes admire their audacity, in most cases, the thieves are caught, the proceeds of crime are retrieved, and robbers get to enjoy lengthy jail sentences for their trouble.

In part one of this two part series on Citadel Wallet security, we examined physical and remote attacks common to most hardware wallets. In today’s article, again co-written with Citadel founder Andy Kulikyan, we analyze Citadel’s security architecture, designed to frustrate the most tenacious attacker.

Secure Element:

Secure Element (SE) is the most important component in any hardware wallet and is responsible for generating and securely storing the private keys associated with blockchain accounts as well as handling simple cryptographic operations such as signing, verifying and returning signed messages back to the controller. In addition to its primary role of key management and cryptographic operations related to the blockchain, a Secure Element (SE) can also handle various other types of keys and security-related tasks.

For instance, an SE can be used to store device access pins, which are commonly used to authenticate a user before granting access to a device. It can also store a Certificate of Authenticity (CoA), which serves as proof that the device is genuine and has not been tampered with.

Furthermore, an SE can establish a Root of Trust (RoT), which is a set of security mechanisms that ensure the integrity of the device’s software and firmware. This is important because if the RoT is compromised, it can allow an attacker to gain control of the device and potentially steal sensitive information or perform unauthorized actions.

Finally, an SE can handle the keys required to create a secure channel between the SE and the microprocessor, which is critical for ensuring the confidentiality and integrity of data that is exchanged between the two components. Overall, the SE’s ability to handle a variety of security-related tasks makes it an essential component of many modern devices, particularly those that handle sensitive information or perform critical functions.

The SE utilized in Citadel Wallet is based on NXP’s cutting edge smartcard technology. It has an independent Common Criteria EAL 6+ security certification and supports both RSA & ECC asymmetric cryptographic algorithms and future proof ECC curves. It utilizes a truly random number generation engine compliant to NIST SP800–90B designed for highly critical secure device applications. The very latest security measures in the Secure Element protect the chip against any type of invasive (hardware) and non-invasive (software) attacks. This includes protections against sophisticated power analysis attacks , laser attacks and signal injection attacks.

Secure Microprocessor

The microprocessor in the Citadel Wallet is the controller that bridges the Secure Element with the wallet to the external world. It receives prompts from the user in the form of a touch or button press, presents information through the display and communicates with external internet connected desktop or mobile devices for receiving/signing/returning transactions.

Most hardware wallets utilize generic microcontrollers for creating that bridge which can easily be tampered with through software or side channel attacks. Even though the Secure Element itself is tamper proof, the overall security of the device can be compromised.

Built-in hardware-level security is crucial in developing an extremely secure product. Citadel Wallet utilizes a microcontroller based on the newly released ARM Cortex-M33 core architecture developed for IoT and embedded applications that require high security and low power consumption. Advanced dual-core technology allows the separation of secure and non-secure applications running on the same chip, thus further enhancing security. The processor has a built-in TrustZone security extension for hardware-enforced isolation, a coprocessor interface and memory protection units. The Cortex-M33 processor with TrustZone and memory protection is PSA certified, providing security assurance for applications requiring high levels of software and hardware protection.

Secure Access Pin

The Secure Access PIN is the first line of defense against unauthorized access to the hardware wallet. It serves as a unique identifier that confirms the user’s identity and ensures that only authorized individuals can access their digital assets. Citadel Wallet will have a limited number of attempts to enter the correct Secure Access PIN. After a certain number of failed attempts, the wallet will automatically wipe itself and perform cryptographic zeroization, protecting the user’s assets from a PIN brute-force attack.

Since the PIN gives access to the device and enables anyone with the PIN to sign transactions and move digital assets from the wallet, it can be as important as protecting the blockchain private keys themselves. For achieving an advanced level of wallet security, Citadel Wallet stores the Access PIN in the Secure Element itself.

Bluetooth Security

Bluetooth connection between the Citadel Wallet and another device is protected by a bi-directional TLS channel. Bi-direction means that both parts authenticate each other using asymmetric cryptography. TLS version 1.3 will be used with ECDHE (ECC Ephemeral Diffie-Hellman) encryption.

TLS is a security protocol located at the presentation layer as defined by the OSI model (ISO-IEC 7498) and is totally independent of the nature of the base transport protocol (Bluetooth), as long as this base transport protocol can ensure bidirectional data transfer. Even though Bluetooth itself is not the most secure communication interface, utilizing TLS secure channel enhances wireless communication and also protects against man in the middle (MITM) attacks.

The BLE interface can be attacked with the goal, for example, of provoking a buffer or a stack overflow. Citadel Wallet’s firmware that processes incoming data from BLE communications will demonstrate that it is not vulnerable to such attacks. The processing of the incoming data will involve one or more finite state machines (FSM), as well as defensive programming (systematic filtering of the inputs such as checking for tags, message length, value etc.)

Certificate of Authenticity

Digital certificates enable secure devices like Citadel Wallet to prove their identity to other devices, systems, or services. By presenting a valid certificate issued by a trusted Certificate Authority (CA), Citadel Wallet can verify that it is a genuine, trusted device and not an imposter or a malicious device.

When a hardware wallet is connected to a computer or a mobile device, the wallet’s companion software may use attestation keys to verify the authenticity of the hardware wallet. The wallet generates a digital signature using its private attestation key, which can then be verified using the corresponding public key. This process confirms that the connected device is a genuine hardware wallet from the manufacturer.

SE and Microprocessor Secure Channel

The Secure Element and the Microprocessor communicate over a physical transport layer called T=1 over I2C. Secure end-to-end channel providing authentication and confidentiality via AES encryption, called SCP03 (Secure Channel Protocol ‘03’), will be established over the physical communication layer which is also PIN protected. The microprocessor will never be able to communicate with a Secure Element and command it to sign transactions if the user hasn’t provided the wallet with a secure access PIN.

The SCP03 protocol is defined by GlobalPlatform, the standard for secure digital services and devices, and is widely used in various industries, such as banking, telecommunications, transportation, anywhere secure communication and data protection are essential.

Device Root of Trust

Citadel Wallet uses Root Of Trust (RoT) from the SE and the microprocessor. Root of Trust is based on asymmetric cryptography. The root is issued by the manufacturer’s public key infrastructure (PKI) and provides a secure framework in which only genuine, trusted cryptographic hardware is used. This prevents any risk of counterfeit chips with, for instance, inferior security. Besides the attestation of cryptographic identity, the wallet uses a powerful attestation mechanism for all sensitive information, especially the signature of transactions. This mechanism also prevents several types of attacks, such as pre-play and replay attacks, since the data is attested by a “stamp” containing the chip ID and time of transaction.

Security Audits

Of course, users should not just trust our word or our internal reports on device security as stringent and rigorous as they are. We’re also planning to work with third-party auditing firms to verify that the security architecture we have developed meets very high-level standards in the hardware wallet industry. At the same time, we will have community bug bounty programs and provide wallet samples to any white hackers willing to stress-test the device and hack into it. We do not take security lightly and ultimately want to set a new security standard in the space.

Cracking safes has always been a risky business, not only because of the illegality but also because of the danger. Historically, tools and techniques were often crude and imprecise, and small mistakes could lead to catastrophic outcomes. The nitroglycerin, dynamite, drills, thermite, crowbars, and sledgehammers used in the trade were crude at best, and many a maverick have blown themselves up because of miscalculation.

Today’s security landscape, while different, can be equally explosive. In the world of hardware wallets there is no room for error. Built for Hedera Services, Citadel Wallet will have undergone rigorous audit before hitting the streets. When it does, it will add an additional layer of security to Hedera’s aBFT consensus protocol, allowing for maximum decentralization, and best in class bank-grade security.