Coinspect audit of the D’CENT Wallet
At IoTrust we do not believe that a company can just manufacture a security device and declare it to be trustworthy. We believe that the security of a device must be verified independently.
The security of our D’CENT Biometric Wallet has been confirmed by a trusted third party. The audit provides independently prepared evidence that D’CENT Biometric Wallet holders may continue to be confident in the security of our cold storage tools.
After reading this blog entry you will understand that the third-party security audit verifies that IoTrust is truly committed to “delivering trusted connectivity”.
This week Coinspect, an independent security evaluation laboratory best known for performing security audits of Bitcoin Core, ZCash, and various other wallet solutions, completed its security evaluation of the D’CENT Biometric Wallet.
The D’CENT Biometric Wallet uses a dual-chip architecture with the main MCU (STM32 chip) handling control of the device peripherals, managing the connection to the host computer, and parsing of cryptocurrency transactions. The MCU also acts as a proxy to the Secure Element (an NXP chip), where it performs cryptographic operations using secret keys stored in its protected memory.
In the security evaluation, Coinspect consultants reviewed the source code of the MCU firmware and Secure Element applets. Analysis of the source code included a review of resistance of the product to various state-of-the-art attacks. The audit included attacks that exploit key management, transaction signing, and other malicious threats.
Coinspect identified a few minor issues. None of the issues identified were significant enough that an attacker could steal funds from a D’CENT Biometric Wallet using an exploit isolated from a host computer.
In April 2019, Coinspect reviewed IoTrust’s remedies for the issues previously identified. They concluded that the fixes implemented were correct. These issues are now considered resolved.
This is the first in a series of blog articles that present audits and certifications of D’CENT Wallet. Stay tuned and please subscribe to the following channels:
Our Hardware Wallet Website
Subscribe to our mailing list : https://dcentwallet.com/#subscribe-email
To purchase one of our innovative wallets, please visit https://dcentwallet.com.
To learn more about Coinspect, please visit their website.