This document discusses hardware wallets and security devices. It covers challenges with confirming transactions, provisioning strategies for installing applications, storage options, isolation techniques, and virtual machines. The presentation concludes by discussing Ledger's work on open source isolation products and a trusted execution environment for developers.
Step-by-step Development of an Application for the Java Card Connected PlatformEric Vétillard
A JavaOne presentation that describes the Java Card Connected development model, based on a practical example.
Beyond Java Card Connected, could be interesting for people who want to develop small embedded Web servers.
A presentation about Java Card targeting Java developers who need to start working with Java Card. Focuses on the specific features of Java Card, and also on the security measures that are often required when developing with Java Card.
A presentation made at Chip-to-Cloud 2012, about the first 15 years of Java Card history. It takes a look back at the major events for the technology, explains why they matter, and why Java Card still matters today and will still matter tomorrow.
Step-by-step Development of an Application for the Java Card Connected PlatformEric Vétillard
A JavaOne presentation that describes the Java Card Connected development model, based on a practical example.
Beyond Java Card Connected, could be interesting for people who want to develop small embedded Web servers.
A presentation about Java Card targeting Java developers who need to start working with Java Card. Focuses on the specific features of Java Card, and also on the security measures that are often required when developing with Java Card.
A presentation made at Chip-to-Cloud 2012, about the first 15 years of Java Card history. It takes a look back at the major events for the technology, explains why they matter, and why Java Card still matters today and will still matter tomorrow.
How to do Cryptography right in Android Part TwoArash Ramez
Cryptography is an indispensable tool used to protect information in computing systems. It is used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at rest and data in motion. While extremely useful, cryptography is also highly brittle. The most secure cryptographic system can be rendered completely insecure by a single specification or programming error.to argue that a cryptosystem is secure, we rely on mathematical modeling and proofs to show that a particular system satisfies the security properties attributed to it.
We often need to introduce certain plausible assumptions to push our security arguments through.
This presentation is about exactly that: constructing practical cryptosystems in android platform for which we can argue security under plausible assumptions.part one just covers fundamentals topics in cryptography world.
see videos :
https://www.youtube.com/playlist?list=PLT2xIm2X7W7j-arpnN90cuwBcNN_5L3AU
https://www.aparat.com/v/gtlHP
How to do right cryptography in android part 3 / Gated Authentication reviewedArash Ramez
Android Gated-Authentication Architecture and User Authentication using finger-print has been reviewed in this part.
youtube playlist:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7jyqMXjSpNeRRzgoW_1iJg5
aparat:
https://www.aparat.com/v/LvVtZ
A deep dive into Bitcoin hardware wallets security. Illustrating weaknesses of hardware wallets based on regular (not secure) microcontrollers such as the Trezor.
Bitcoin: Repenser la monnaie (Bitcoin: rethinking money)FrancisPouliot
Présentation par Francis Pouliot, Directeur des Affaires Publiques de la Fondation Bitcoin Canada, lors du TEDx HEC le 24 mai 2014.
Intitulée "Bitcoin: repenser la monnaie", cette présentation de 18 minutes explique la raison d'être de Bitcoin.
Info: http://www.tedxhecmontreal.com/fr/accueil/
*****
Presentation by Francis Pouliot, Director of Public Affairs at the Bitcoin Foundation Canada
How to do Cryptography right in Android Part TwoArash Ramez
Cryptography is an indispensable tool used to protect information in computing systems. It is used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at rest and data in motion. While extremely useful, cryptography is also highly brittle. The most secure cryptographic system can be rendered completely insecure by a single specification or programming error.to argue that a cryptosystem is secure, we rely on mathematical modeling and proofs to show that a particular system satisfies the security properties attributed to it.
We often need to introduce certain plausible assumptions to push our security arguments through.
This presentation is about exactly that: constructing practical cryptosystems in android platform for which we can argue security under plausible assumptions.part one just covers fundamentals topics in cryptography world.
see videos :
https://www.youtube.com/playlist?list=PLT2xIm2X7W7j-arpnN90cuwBcNN_5L3AU
https://www.aparat.com/v/gtlHP
How to do right cryptography in android part 3 / Gated Authentication reviewedArash Ramez
Android Gated-Authentication Architecture and User Authentication using finger-print has been reviewed in this part.
youtube playlist:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7jyqMXjSpNeRRzgoW_1iJg5
aparat:
https://www.aparat.com/v/LvVtZ
A deep dive into Bitcoin hardware wallets security. Illustrating weaknesses of hardware wallets based on regular (not secure) microcontrollers such as the Trezor.
Bitcoin: Repenser la monnaie (Bitcoin: rethinking money)FrancisPouliot
Présentation par Francis Pouliot, Directeur des Affaires Publiques de la Fondation Bitcoin Canada, lors du TEDx HEC le 24 mai 2014.
Intitulée "Bitcoin: repenser la monnaie", cette présentation de 18 minutes explique la raison d'être de Bitcoin.
Info: http://www.tedxhecmontreal.com/fr/accueil/
*****
Presentation by Francis Pouliot, Director of Public Affairs at the Bitcoin Foundation Canada
A basic introduction to the bitcoin's architecture and the blockchain that supports the bitcoin network. Intended audience = college students who had no idea about bitcoin, blockchain or the cryptography involved. This is a good place to start with bitcoin if you are just curious about what all the buzz is about.
JOIN HERE: ---- http://ethclix.com ---- Coinomia Review
COINOMIA INTRODUCTION ---- http://bit.ly/coinomia1
COINOMIA Review is an application for mining in cryptocurrencies with any of the available gadgets, a user have. Designed to cater both new miners and power users, Coinomia requires no configuration at any device. The power allotment can be managed from anywhere and can be distributed among various cryptocurrencies.
They are mining since early 2014, even before Ethereum was live! They have centres across the world and They have invested in latest ASIC chips and mining equipments. There data centres are managed properly, energy efficient and they have ensured the security and maintenance with advance tools and technology. They also provide softwares to users who have an urge to mine at their own!
#coinomia #bitcoin #ethereum #cryptocurrency #blockchain #lisk #monero #steemit #zarfund #viralcrypto
crypto mining binary comp review,
crypto mining binary compensation plan,
bitcoin mining binary compensation plan,
ethereum mining binary compensation plan,
binary compensation plan bitcoin mining,
binary compensation plan ethereum mining,
bitcoin,
ethereum,
crypto currency,
crypto mining,
bitclub,
bitclub network,
steemit,
lisk,
monero,
maidsafe,
safecoin,
altcoin,
dascoin,
onecoin,
ankur agarwal,
ankur,
agarwal,
zarfund,
viralcrypto,
coinomia,
coinomia review,
coinomia reviews,
coinomia compensation plan,
coinomia bitcoin,
coinomia ethereum,
coinomia crypto mining,
coinomia crypto currency,
coinomia honest reviews,
coinomia bitcoin mining,
coinomia ethereum mining,
bitcoin 2016,
bitcoin mining pool,
YOcoin Global Compensation Plan
We have created a simple way to earn commissions and team bonuses by sharing the YOcoin products. This plan is built to reward those that choose to refer at least two Preferred Customers who make a YOcoin product purchase.
OWASP Security Logging API easily extends your current log4j and logback logging with impressive features helpful for security, diagnostics/forensics, and compliance. Slide deck presentation from OWASP AppSecEU 2016 in Rome.
Over 30 years, the term Open Source has been gaining momentum and it is at its peak right now, with all tech giants shifting focus into open source. In contrast, you don’t see a lot of penetration in open source IAM, this is largely due to the uncertainty and doubts around the topic. Register here for an in-depth explanation of facts and fiction in this space.
View the on-demand webinar: https://wso2.com/library/webinars/open-source-value-benefits-risks/
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)Amazon Web Services
Only year ago we launched AWS IoT, and at re:Invent we showed how AWS IoT makes it easy to secure millions of connected devices. However, we have learned from our customers that a number of unique security challenges for the Internet of Things (IoT) exist.
It's technical and live coding talk that I delivered on Bandung Digital Valley's TechThursday program. In which I discuss deeply about ESP8266 development, Azure IoT Hub cloud and DycodeX's iothub.id cloud, and working with HomeKit framework on iOS and integration with Siri.
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Richard Bullington-McGuire
Richard Bullington-McGuire presented this talk on PKI enabling web applications for the DoD at the 2009 MIL-OSS conference:
http://www.mil-oss.org/
It is a case study that shares some of the challenges and solutions surrounding the implementation of the Forge.mil system.
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...CODE BLUE
Smartphones are commonly used as the controller and Internet gateway for BLE-enabled IoT devices. Designing a strong authentication protocol between them is the key part of IoT security. However mobile app design has many challenges such as limited input & output interfaces as well as user privacy protection features. Due to these restrictions, many vendors has given-up BLE's build-in security manager protocol and choose to build their own authentication protocols.
This study focused on a generalized method to analyze these BLE authentication protocols, discovering and solving challenges mentioned above. We applied this method on commercial products, including popular Gogoro Smart Scooter from Taiwan. We will demo under some certain circumstances it is possible to dump key used to unlock your Gogoro Scooter and send fake BLE authentication protocol packets to steal the scooter.
--- Chen-yu Dai [GD]
Chen-yu Dai (GD) is CTO at Team T5 Research, providing Digital Forensics & Incident Response services, developing Threat Intelligence Program and Platforms, consulting enterprise cyber defenses.
He is studying at the graduate school of Department of Information Management in the National Taiwan University of Science and Technology.
He also volunteered as deputy coordinator of HITCON, the largest hacker community and security conference in Taiwan.
He has received many prizes from domestic and international CTFs, as well as bug bounty programs.
--- Shi-Cho Cha [CSC]
Professor Shi-Cho Cha [CSC]
Shi-Cho Cha (CSC) is currently an associate professor at the Department of Information Management in the National Taiwan University of Science and Technology, where he has been a faculty member since 2006. He received his B.S. and Ph.D. in Information Management from the National Taiwan University in 1996 and 2003. He is a certified PMP, CISSP, CCFP and CISM. From 2000~2003.
He was a senior consultant in eLand technologies and played the role of project leaders to develop several systems about e-marketing. From 2003~2006, he was a manager at PricewaterhouseCoopers, Taiwan and helped several major government agencies to develop their information security management systems.
Recently, he helped NTUST to establish security analysis workforce and help several organizations to evaluate their system security. His current research interests are in the area information security management, identity management, smartphone security, and IoT security.
Bitcoin and other distributed virtual currencies are revolutionizing how monetary value is stored and exchanged on the Internet. Key opportunities and risks will be described. The two main objectives of this talk will be to explain the underlying blockchain and cryptology technologies that make them work, and to demonstrate PHP recipes for using the web services that enable payment processing, identity validation, and smart contract execution.
Adobe Hacked Again: What Does It Mean for You? Lumension
Last time it was Adobe’s code signing servers. This time it’s 2.9 million (let’s just call it 3) customers’ data and lots and lots of source code – including that of Acrobat. Adobe products already require constant patching but offer no enterprise level solution for patching. In this presentation by Ultimate Windows Security, we’ll present why this will likely lead to more and we’ll look at what we know about this latest Adobe breach.
But more importantly I’ll show what you can do in advance to protect yourself against zero-day exploits in Adobe products and programs. After all this won’t be the last time a software vendor is hacked. In this day and age we have to protect ourselves from the failures of our software providers.
I’ll present 3 ways you can go on the offensive to protect yourself from the constant vulnerabilities discovered in Adobe Reader, Acrobat, Flash and Oracle Java. Here’s what we’ll discuss:
*Alternatives to Adobe and Java
*Different ways to containing vulnerable apps in a sandbox
* Using advanced memory protection technologies to detect and stop buffer overflows and other memory based attacks
Patching and AV only helps you close the window on hacker opportunity. To prevent the window from opening in the first place you have to prevent untrusted code from ever running in the first place. That requires application whitelisting and memory protection against code injection – a growing menace that bypasses controls based on file system and EXE scanning.
That’s why Lumension is sponsoring this event. I think you’ll be interested seeing 2 of their end-point security technologies that will help protect you from the new exploits on their way as a result of this hack as well as the constant stream of exploits discovered every day.
This is going to be a really cool presentation with practical tips that you can apply. Learn how to protect your systems from other software vendor vulnerabilities.
How to 2FA-enable Open Source Applications (Extended Session)
Presented at: Open Source 101 at Home 2020
Presented by: Mike Schwartz, Gluu
Abstract: Your organization loves open source tools like Wordpress, SuiteCRM, NextCloud, RocketChat, and OnlyOffice... but most of these tools are protected with plain old passwords. You want to use two-factor authentication... but how? In this workshop, you'll learn:
- Which 2FA technologies can be used without paying a license;
- How to enable users to enroll and delete 2FA credentials;
- How to configure open source applications to act as a federated relying party--delegating authentication to a central service
- How custom applications can act as a federated relying party
The fascinating world of Internet of Things is so huge that it cannot be fully described in one session. But you can start your adventure. Presentation of IoT Hub, reference architecture, fast review of a few ready solutions and interaction with MXChip IoT DevKit.
«FLAK» secuters (security computers) provide ultra-protected, easy-to-use and low-cost solution for login with NO PASSWORD, robust and FREE ANTIVIRUS and FIREWALL protection, hardware-based DRM and software licensee control, secure access to your files and services through the use of dedicated security certified chip-sets, security OS «SecuritOS» and a set of unique technologies.
Similar to From Bitcoin Hardware Wallets to Personal Privacy Devices (20)
VAT Registration Outlined In UAE: Benefits and Requirementsuae taxgpt
Vat Registration is a legal obligation for businesses meeting the threshold requirement, helping companies avoid fines and ramifications. Contact now!
https://viralsocialtrends.com/vat-registration-outlined-in-uae/
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
From Bitcoin Hardware Wallets to Personal Privacy Devices
1. From Bitcoin Hardware Wallets
to Personal Security Devices
Inside Bitcoins Seoul 2015
2. Nicolas Bacca, CTO, Ledger
Secure Element solutions architect
Whitehat security reports
https://github.com/btchip/trezor-security-exploits
http://fr.slideshare.net/EricLarcheveque/bitcoin-
hardware-wallets-security
About me
LEDGER
4. Confirming a transaction is
complicated
Common use case : web purchase is
not covered
BIP 70 helps, but is not supported by Hardware
Wallets yet
BIP 70 is merchant centric
PKI issues again - how to validate certificates,
how to revoke certificates on a disconnected
User Experience limitations
LEDGER
5. Colored Coins with multiple kernels
Open Assets popular right now
Blockchain proofs
Augur, Bitproof ...
More Smart Contracts in the future
New protocol layers
Sidechains, Hubs
Growing, dynamic use cases
for Blockchain applications
LEDGER
7. User Experience should be
customizable
One size doesn’t fit all
Valuable assets go way beyond the
transaction amount.
Moving targets for
Blockchain applications
LEDGER
8. More complicated to revoke
Can not just send the coins to another address
Open plug-ins complexity
Additional leak risks if not properly isolated
Growing security concerns
LEDGER
10. Provisioning strategy
Signed by the device / App Store
Storage
Internal or External
General purpose APIs
First software isolation layer
Dynamic applications
LEDGER
11. User enrolls the device locally
User signs the generic application
Optionally recompiles / checks it
User installs the signed application
Now specifically trusted for this device
Provisioning strategy (self)
LEDGER
12. User enrolls the device into App Store
App Store encrypts the application
App Store personalizes the application
Can be device specific, encrypted
Provisioning strategy (app store
with secret in apps)
LEDGER
13. User enrolls the device into App Store
App Store signs the application
App Store personalizes the application
Can be device specific, encrypted
Provisioning strategy (app store
with common apps, enrollment)
LEDGER
14. User downloads a signed application
Provisioning strategy (app store
with common apps, no
personalization)
LEDGER
15. Different models
Easier if no secrets in apps, no personalization
Can be mixed
App Store and specific user trusted applications
Provisioning strategy
LEDGER
16. Requires a fine flash management API
Sectors are too big for some MCUs
Filesystem issues
Reorganizations, wear leveling and anti tearing
Helps for a standalone device
Also for collaboration between applications
Internal storage
LEDGER
17. Requires “large” available RAM space
Or a mixed storage strategy, not efficient
Not standalone
Need to always have the application around
Replay issues if everything is external
On board application state storage is easier
External storage
LEDGER
18. Internal Storage easier when possible
Pick the right MCU or use Secure Elements
Otherwise compromises to be made
Application state storage & overall usability
Storage
LEDGER
19. Isolation of the cryptographic materials
Most important thing to do whatever the use
Different use cases
Wallet plugin or full application oriented
General Purpose APIs
LEDGER
20. Signature APIs to be validated
Might control but not sign blindly
Handle new outputs, TX formats
For example Payment Protocol or colors
Provide additional TX information
On screen display or confirmation logic
Wallet plugin APIs
LEDGER
21. API provide basic building blocks
Crypto, I/O
Everything else implemented using it
Full wallet and extensions
Isolation is critical
Typically prevent raw flash reads
Full application oriented API
LEDGER
22. Way more complex than full isolation
Isolation, with some firewalling logic
Specific implementation can help
Virtual machine easier than bare metal
Also concurrent execution to consider
Way easier if not supporting it
Inter application communication
LEDGER
23. Architecture to be chosen
“Full” is more flexible, if doable on the platform
Isolation is the most critical asset
Proper crypto APIs is the second one
Key protection, side channel resistant
General Purpose APIs
LEDGER
24. High level virtual machine
Used in high level languages
Low level virtual machine
CPU emulation, target standard C code
Hardware assisted
Can also help in VM development
Isolation strategies
LEDGER
25. How easy is it to audit
Carefully audit optimizations (native translation)
Sandbox escaping : type confusion
Raw pointer access risk, invalid bytecode
Sandbox escaping : native interface
Audit argument checks
Security of a High level virtual
machine
LEDGER
26. Well audited security model
Earliest Virtual Machine around
Flexible performance
Different versions, see also Java Card
Complicated licensing
Free/OSS embedded implementations at risk
High level Virtual Machine : Java
LEDGER
27. Simple security model
Easy to audit (bytecode similar to Java)
Predictable performance
No optimization in the default version
Licensing to be validated
Apache, but some IP claims in the past
High level Virtual Machine : Dalvik
LEDGER
28. Security model to be validated
Different complex types, lists
Flexible performance
No optimization or machine translation
Open Source licensing
MIT
High level Virtual Machine :
microPython
LEDGER
29. Security model to be validated
Different complex types
Predictable performance
No optimization
Open Source licensing
MIT
High level Virtual Machine :
embedded Lua
LEDGER
30. How easy is it to audit
Carefully audit optimizations (native translation)
Sandbox escaping : native interface
Audit argument checks
Security of a Low level virtual
machine
LEDGER
31. Very simple architecture
No risks
Predictable performance
No optimization
Open Source licensing
MIT
Low level Virtual Machine : moxie
LEDGER
32. Memory Protection Unit
Isolate memory areas (flash / RAM)
Supervisor mode
Lock the MPU
MPU + SU enable “trap” service calls
Isolate the core APIs and the applications
Hardware assisted isolation
LEDGER
33. Optional for ARM M3 MCUs
Found in some MCU, not entry level
Common for ARM Secure Elements
SC000 / SC300
Hardware assisted isolation support
LEDGER
34. Native isolation when supported
C code with native performance
Moxie VM when not supported
Source code portability
Optional lightweight Dalvik on top
For Java (Card) developers
Ledger implementation
LEDGER
35. Java Card playground for the high level API
https://github.com/ledgerhq/ledger-javacard (soon)
Trusted Execution Environment public beta,
high level isolation prototype
Open Source isolation product coming up Jan
2016 for developers (Ledger Blue : USB, BLE,
NFC, screen)
Follow up with Ledger
LEDGER
@LedgerHQ