This document discusses making smartcards more useful for security applications by building a trust layer between blockchains and the physical world. It proposes using secure elements like smartcards combined with secure microcontrollers to create cryptographically authenticated hardware security tokens. These devices would allow installing applications securely, authenticating to blockchains, and improving on smartcard limitations regarding developers and auditing. Examples given include the Ledger Nano S hardware wallet and plans to implement bitcoin, ethereum, and other cryptocurrency applications as well as password management and OpenPGP.

1. Make the Smartcard great again
Bitcoin Milano
November 2016
Nicolas Bacca
@btchip

2. A trust layer between the blockchain
and the physical world
For industrials, enterprises and consumers
Securing the first and last mile
LEDGER TECHNOLOGY

3. Without trust, data has no actionable value
node
node
node
node
nodeCloud servers
User on a PC or a
smartphone Industrial
sensor / IoT
node
node node
Connected
object
Blockchain/IT
trusted zone
Physical world
absence of trust
Is this really you?
Am I allowed to executethis transaction?
Critical temperature data
Did the driver got switched?

4. Why ? Cryptocurrencies come with built-in bug bounties
#SFYL
CO 2.0
(Etienne Daho, theoretical
singer, so it makes
a good joke, at least in
french)

5. The Smartcard is great
Best technical solution for at scale (CHEAP) secure deployment (see SIM cards)
Best technical solution against physical attacks (theft, evil maid)
Lot of resources invested in secure remote management
Great portability of Java Card, at least on paper

6. The Smartcard is not so great
Absolutely not made for the web, or use in an untrusted terminal, or any user
Not really open to developers (Java Card is the best try)
Totally not auditable (NDA’ed chips, closed operating systems)

7. Making the Smartcard great again
Build on top of the great things
Change the problems

8. Why using MCUs for security applications is a bad idea
No protection against physical attacks
No dedicated chip delivery means no traceability : no attestation, no endorsement
Side effect : you can’t tell which firmware version the device is actually running
Price can’t scale in volume
Acceptable use case : DIY for hobbyists, assembled and flashed by you

9. Our latest consumer devices
Ledger Nano S : available now
Ledger Blue : end 2016
(larger screen, BLE)

10. Hardware Oracle - for machines
Cryptographically attestable
anti-tampering sensors
￭ Secure chip ST31G480 (CC EAL6+)
￭ Sensor
￭ 3 axis anti-tampering MEMS
￭ USB interface for blockchain computer

11. Ledger platform architecture
Trusted / Secure component
(Secure Element or enclave)
with limited I/O options
Non trusted component
with more I/O options
Screen
Direct control from the Trusted component, proxied
Pairing at boot
time
User app 1
User app 2
Button
Sensor
USB

12. GlobalPlatform / Java Card isolation

13. Improving on isolation, using ARM capabilities
Native application 1
Native application 2
Native application 3
Microkernel
User
seed
MMU lock
User modeSupervisor mode
System call
UI application

14. Device authentication
Host or remote server Ledger dashboard
Get device keys
Ephermeral key, signed by device key, signed by root of trust
Send public key
ECDH secret used as an AES key
Encrypted data exchange

15. A secure app store model
Install applications on demand
Allows private data / applications, regarding provisioning or secrets
Master seed derivation path can be locked per application, preventing escalation
Bitcoin Ethereum OpenPGP U2F
44’/0’ 44’/61’ 13’ or 17’ 5583430’

16. Discardable applications
New use case created by the app store
Secure Element space is limited : remove non frequently used applications
Typical targets : paper wallet sweepers

17. Security summary
SE authenticates MCU, hashing its full flash
Applications are authenticated at launch (prompt if unsigned)
Special UI application is authenticated at boot time (prompt if unsigned)
Applications interact with user data through kernel APIs
Seed derivation parameters can be locked in per application
Kernel can be open sourced in several stages
https://blog.ledger.co/secure-hardware-and-open-source-ecd26579d839

18. Portability
C source code
Secure Element
ARM cross compiler
Ledger secure
application
Secure enclave or HSM
Moxie cross compiler
Nano S, Blue
Hardware Oracle
HSM
TEE, SGX

19. Handling an untrusted host
Display information on screen
Request user presence for all sensitive operations
Use specific applications to make generic information understandable
Example : ETC/ETH split
https://blog.ledger.co/splitting-your-ethers-securely-on-your-nano-s-147f20e9e341

20. Building a Plug and Play device
Generic HID interface - no driver required
Unfortunately USB support in web browsers is not yet standardized
Worse the best support (Chrome applications) is getting phased out
Following a long line of failures (ActiveX, Java applets, browser plugins)
Looking for a replacement ideally requiring nothing to install

21. U2F standard (FIDO Alliance)
2FA mechanism backed by cryptographic hardware, pushed into modern browsers
Send nonce, application ID
Generate keypair
Send public key, encrypted private key (keyhandle)
Send nonce, application ID, encrypted private key (keyhandle)
Send nonce signature
Registration
Authentication

22. A little twist on U2F authentication
Send nonce, application ID, encrypted private key (keyhandle)
Send nonce signature
Command
Response
Tested on MyEtherWallet
Bitcoin implementation coming soon

23. Getting started with development
Nano-S resources : compiler and SDK - https://github.com/ledgerhq/ledger-nano-s
Sample applications : https://github.com/LedgerHQ/blue-sample-apps
Documentation in progress : http://ledger.readthedocs.io/
Developer Slack : http://slack.ledger.co
Documentation is getting put together, so don’t hesitate to ask on Slack

24. Bitcoin wallet
https://github.com/LedgerHQ/blue-app-btc
Integrated with GreenAddress / GreenBits, Copay, Electrum, Mycelium
Base code to create additional Bitcoin applications
Hardware Oracle reporting a Colored asset
Hot Wallet applying quotas on third party accounts

25. Ethereum wallet
https://github.com/LedgerHQ/blue-app-eth
Integrated with MyEtherWallet (pilot modified U2F transport)
Base code to create specific smart contract logic
ETH/ETC split

26. SSH / PGP agent
https://github.com/LedgerHQ/blue-app-ssh-agent
SSH authentication, PGP signature / decryption
Minimalistic application, compatible with https://github.com/romanz/trezor-agent
To be phased out by the OpenPGP application adding external keys support, RSA

27. U2F client
https://github.com/LedgerHQ/blue-app-u2f
U2F client implementation
Base code to create mixed U2F transports

28. UI interface
https://github.com/LedgerHQ/nanos-ui
Base UI interface (privileged application)
Can be used to create new dashboards, enrollment methods, PIN mechanisms
Electrum seed support

29. Coming soon (™)
Standalone Password Manager (typing passwords as a keyboard)
OpenPGP card application (RSA, CCID support)
Bitcoin wallet integration in the browser with no third party applications
Readable ERC-20 tokens support for ETH

30. Thank you
@btchip