Eric Larcheveque, profile picture
Uploaded byEric Larcheveque
PDF, PPTX479 views

Rebooting the smartcard

1. The document discusses rebooting the smartcard concept to make it more plug and play, developer friendly, and malware resistant. 2. It proposes isolating secure and non-secure code using a microkernel architecture to improve auditability. 3. Details are provided on Ledger's latest consumer devices, the Ledger Nano S and Ledger Blue, and resources for developers including sample apps and documentation.

Embed presentation

Download as PDF, PPTX
Rebooting the Smartcard Rebooting Web Of Trust Paris Meetup November 2016 Nicolas Bacca @btchip
A trust layer between the blockchain and the physical world For industrials, enterprises and consumers Securing the first and last mile LEDGER TECHNOLOGY
Without trust, data has no actionable value node node node node nodeCloud servers User on a PC or a smartphone Industrial sensor / IoT node node node Connected object Blockchain/IT trusted zone Physical world absence of trust Is this really you? Am I allowed to executethis transaction? Critical temperature data Did the driver got switched?
The ubiquitous Safe Best technical solution for at scale (CHEAP) secure deployment Best technical solution against physical attacks (theft, evil maid)
A configurable Safe Lot of resources invested in secure remote management Great portability of Java Card, at least on paper
But not YOUR manageable identity The secrets are not YOUR secrets Or are yours but you can’t manage them (fingerprint match on card) > >
Definitely not made for YOU Not Plug & Play Cannot be reliable in a regular (malware infected) computing environment
Rebooting the Smartcard Plug and Play Developer friendly Malware resistant Auditable
Plug and Play Native browser / mobile access No driver, no middleware Reusing the FIDO standards
Malware resistant Physical user consent can be required for all sensitive operations Display the operation to be validated, in human readable format
Developer friendly Native isolation whenever possible Accelerated, low level cryptographic primitives to build on
Improving on isolation, using ARM capabilities Native application 1 Native application 2 Native application 3 Microkernel User seed MMU lock User modeSupervisor mode System call UI application
Auditable Isolate secure and non secure code Build on top of a microkernel that can be gradually opened
Ledger platform architecture Trusted / Secure component (Secure Element or enclave) with limited I/O options Non trusted component with more I/O options Screen Direct control from the Trusted component, proxied Pairing at boot time User app 1 User app 2 Button Sensor USB
Our latest consumer devices Ledger Nano S : available now Ledger Blue : pre order, Christmas delivery (larger screen, BLE)
Hardware Oracle - for machines Cryptographically attestable anti-tampering sensors ■ Secure chip ST31G480 (CC EAL6+) ■ Sensor ■ 3 axis anti-tampering MEMS ■ USB interface for blockchain computer
Getting started with development Nano-S resources : compiler and SDK - https://github.com/ledgerhq/ledger-nano-s Sample applications : https://github.com/LedgerHQ/blue-sample-apps Documentation in progress : http://ledger.readthedocs.io/ Developer Slack : http://slack.ledger.co Documentation is getting put together, so don’t hesitate to ask on Slack
Thank you @btchip

More Related Content

PDF
Make the Smartcard great again
byEric Larcheveque
 
PDF
IoT summit - Building flexible & secure IoT solutions
byEric Larcheveque
 
PDF
Blockchain solutions leading to better security practices
byEric Larcheveque
 
PDF
Cryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly
byEric Larcheveque
 
PDF
Edcon - Hardware wallets and smart contracts
byEric Larcheveque
 
PDF
Bitcoin hardware wallets security
byEric Larcheveque
 
PPTX
IoT Security: Cases and Methods [CON5446]
byLeonardo De Moura Rocha Lima
 
PDF
The 5 elements of IoT security
byJulien Vermillard
 
Make the Smartcard great again
byEric Larcheveque
 
IoT summit - Building flexible & secure IoT solutions
byEric Larcheveque
 
Blockchain solutions leading to better security practices
byEric Larcheveque
 
Cryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly
byEric Larcheveque
 
Edcon - Hardware wallets and smart contracts
byEric Larcheveque
 
Bitcoin hardware wallets security
byEric Larcheveque
 
IoT Security: Cases and Methods [CON5446]
byLeonardo De Moura Rocha Lima
 
The 5 elements of IoT security
byJulien Vermillard
 

What's hot

PPTX
IoT Saturday PN 2019 - Eurotech
byLuca Dazi
 
PDF
IoT security fresh thinking 2017 sep 9
byArvind Tiwary
 
PPTX
Azure IoT Hub
byWinWire Technologies Inc
 
PPTX
Application layer Security in IoT: A Survey
byAdeel Ahmed
 
PDF
Scaling IoT Deployments: DevOps for the Internet of Things
byBalena
 
PDF
Azure Sphere
byMirco Vanini
 
PDF
1 importance of light weight authentication in iot
byChintan Patel
 
PPTX
Password Security System
bySyedAbdullah127
 
PPTX
IoT Security: Cases and Methods
byLeonardo De Moura Rocha Lima
 
PPTX
Iot security and Authentication solution
byPradeep Jeswani
 
PPTX
DotNetToscana - Azure IoT Hub - Il Concentratore
byRiccardo Cappello
 
PPTX
IoT on Azure
byVinoth Rajagopalan
 
PDF
SecurEntry by PrehKeyTec
bycshergi
 
PDF
CIS14: Securing the Internet of Things with Open Standards
byCloudIDSummit
 
PPTX
Connecting Stuff to Azure (IoT)
byMark Simms
 
PPTX
Securing the Internet of Things
byPaul Fremantle
 
PDF
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
byDesign World
 
PDF
iot hacking, smartlockpick
byidsecconf
 
PDF
IoT Security in Action - Boston Sept 2015
byEurotech
 
PPTX
Demystifying Internet of Things with Azure IoT Suite
byWinWire Technologies Inc
 
IoT Saturday PN 2019 - Eurotech
byLuca Dazi
 
IoT security fresh thinking 2017 sep 9
byArvind Tiwary
 
Azure IoT Hub
byWinWire Technologies Inc
 
Application layer Security in IoT: A Survey
byAdeel Ahmed
 
Scaling IoT Deployments: DevOps for the Internet of Things
byBalena
 
Azure Sphere
byMirco Vanini
 
1 importance of light weight authentication in iot
byChintan Patel
 
Password Security System
bySyedAbdullah127
 
IoT Security: Cases and Methods
byLeonardo De Moura Rocha Lima
 
Iot security and Authentication solution
byPradeep Jeswani
 
DotNetToscana - Azure IoT Hub - Il Concentratore
byRiccardo Cappello
 
IoT on Azure
byVinoth Rajagopalan
 
SecurEntry by PrehKeyTec
bycshergi
 
CIS14: Securing the Internet of Things with Open Standards
byCloudIDSummit
 
Connecting Stuff to Azure (IoT)
byMark Simms
 
Securing the Internet of Things
byPaul Fremantle
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
byDesign World
 
iot hacking, smartlockpick
byidsecconf
 
IoT Security in Action - Boston Sept 2015
byEurotech
 
Demystifying Internet of Things with Azure IoT Suite
byWinWire Technologies Inc
 

Similar to Rebooting the smartcard

PDF
CeBIT SCALE 11 pitch
byEric Larcheveque
 
PDF
From Bitcoin Hardware Wallets to Personal Privacy Devices
byMecklerMedia
 
PDF
Bitcoin hardware security
byrdykester
 
PPTX
emtech blockchain.pptx
byrecoveraccount1
 
PDF
Future of hardware wallets bip 001
byEric Larcheveque
 
PPTX
Seattle Bitcoin Meetup
byEric Voskuil
 
PDF
Trust Data Sharing and Utilization Infrastructure for Sensitive Data Using Hy...
byKoshi Ikegawa
 
PDF
Blockchain for Business - The Ledger - ARENA
byKnight Moves
 
PDF
Banking on blockchains
byRuben Tan
 
PDF
An introduction to blockchain and hyperledger v ru
byLennartF
 
PPTX
Blockchain
byLiam Moore
 
PPTX
Blockchain Explained for Devlopers
byPaula Peña (She, Her, Hers)
 
PPTX
Security for io t apr 29th mentor embedded hangout
bymentoresd
 
PPTX
Overcoming the Barriers to Blockchain Adoption
byMongoDB
 
PPTX
MongoDB and BlockChain
byMassimo Brignoli
 
PDF
Making Blockchain Real for Business Explained - ibm
byDiego Alberto Tamayo
 
PDF
Blockchain explained-v2.09
byMilan Hazra
 
PDF
Blockchain v 2 (1)
byRavi Bijlani , MBA
 
PDF
The presentation on the Blockchain_Introduction_KR.pdf
bynehapatil1600
 
PDF
TBBUG - Deep Dive (Part 1) - 2022Nov29.pdf
byParesh Yadav
 
CeBIT SCALE 11 pitch
byEric Larcheveque
 
From Bitcoin Hardware Wallets to Personal Privacy Devices
byMecklerMedia
 
Bitcoin hardware security
byrdykester
 
emtech blockchain.pptx
byrecoveraccount1
 
Future of hardware wallets bip 001
byEric Larcheveque
 
Seattle Bitcoin Meetup
byEric Voskuil
 
Trust Data Sharing and Utilization Infrastructure for Sensitive Data Using Hy...
byKoshi Ikegawa
 
Blockchain for Business - The Ledger - ARENA
byKnight Moves
 
Banking on blockchains
byRuben Tan
 
An introduction to blockchain and hyperledger v ru
byLennartF
 
Blockchain
byLiam Moore
 
Blockchain Explained for Devlopers
byPaula Peña (She, Her, Hers)
 
Security for io t apr 29th mentor embedded hangout
bymentoresd
 
Overcoming the Barriers to Blockchain Adoption
byMongoDB
 
MongoDB and BlockChain
byMassimo Brignoli
 
Making Blockchain Real for Business Explained - ibm
byDiego Alberto Tamayo
 
Blockchain explained-v2.09
byMilan Hazra
 
Blockchain v 2 (1)
byRavi Bijlani , MBA
 
The presentation on the Blockchain_Introduction_KR.pdf
bynehapatil1600
 
TBBUG - Deep Dive (Part 1) - 2022Nov29.pdf
byParesh Yadav
 

Recently uploaded

PPTX
Java_Inheritance_Types_With_Examples.pptx
byharry77pq
 
PDF
Black and Grey 3D Shapes How TCP/IP Works Presentation.pdf
byrk42vd8ydw
 
PPTX
Ixkxxjxjxlxkxlkzkzjzjxhxjkxkzzjbxhxkxjxxv
bypythonp121
 
PPTX
Internet of Communicating Things (IoCT).pptx
byVishal Garg
 
PPTX
Security information presentation and its importance
bybilalkingqwq
 
PPTX
CEIS114 Final Course Project Template_New.pptx
bylauramccall10
 
PPTX
computer and Technical support to maintain
byhailuatnafu62
 
PDF
Project Brainfog: Beyond the Facade - Exposing Smart Giants
byZero Science Lab
 
PDF
GPU, HBM, DDR4/DDR5, DRAM Is The New Gold
byVladislav Solodkiy
 
Java_Inheritance_Types_With_Examples.pptx
byharry77pq
 
Black and Grey 3D Shapes How TCP/IP Works Presentation.pdf
byrk42vd8ydw
 
Ixkxxjxjxlxkxlkzkzjzjxhxjkxkzzjbxhxkxjxxv
bypythonp121
 
Internet of Communicating Things (IoCT).pptx
byVishal Garg
 
Security information presentation and its importance
bybilalkingqwq
 
CEIS114 Final Course Project Template_New.pptx
bylauramccall10
 
computer and Technical support to maintain
byhailuatnafu62
 
Project Brainfog: Beyond the Facade - Exposing Smart Giants
byZero Science Lab
 
GPU, HBM, DDR4/DDR5, DRAM Is The New Gold
byVladislav Solodkiy
 

Rebooting the smartcard

  • 1.
    Rebooting the Smartcard RebootingWeb Of Trust Paris Meetup November 2016 Nicolas Bacca @btchip
  • 2.
    A trust layerbetween the blockchain and the physical world For industrials, enterprises and consumers Securing the first and last mile LEDGER TECHNOLOGY
  • 3.
    Without trust, datahas no actionable value node node node node nodeCloud servers User on a PC or a smartphone Industrial sensor / IoT node node node Connected object Blockchain/IT trusted zone Physical world absence of trust Is this really you? Am I allowed to executethis transaction? Critical temperature data Did the driver got switched?
  • 4.
    The ubiquitous Safe Besttechnical solution for at scale (CHEAP) secure deployment Best technical solution against physical attacks (theft, evil maid)
  • 5.
    A configurable Safe Lotof resources invested in secure remote management Great portability of Java Card, at least on paper
  • 6.
    But not YOURmanageable identity The secrets are not YOUR secrets Or are yours but you can’t manage them (fingerprint match on card) > >
  • 7.
    Definitely not madefor YOU Not Plug & Play Cannot be reliable in a regular (malware infected) computing environment
  • 8.
    Rebooting the Smartcard Plugand Play Developer friendly Malware resistant Auditable
  • 9.
    Plug and Play Nativebrowser / mobile access No driver, no middleware Reusing the FIDO standards
  • 10.
    Malware resistant Physical userconsent can be required for all sensitive operations Display the operation to be validated, in human readable format
  • 11.
    Developer friendly Native isolationwhenever possible Accelerated, low level cryptographic primitives to build on
  • 12.
    Improving on isolation,using ARM capabilities Native application 1 Native application 2 Native application 3 Microkernel User seed MMU lock User modeSupervisor mode System call UI application
  • 13.
    Auditable Isolate secure andnon secure code Build on top of a microkernel that can be gradually opened
  • 14.
    Ledger platform architecture Trusted/ Secure component (Secure Element or enclave) with limited I/O options Non trusted component with more I/O options Screen Direct control from the Trusted component, proxied Pairing at boot time User app 1 User app 2 Button Sensor USB
  • 15.
    Our latest consumerdevices Ledger Nano S : available now Ledger Blue : pre order, Christmas delivery (larger screen, BLE)
  • 16.
    Hardware Oracle -for machines Cryptographically attestable anti-tampering sensors ■ Secure chip ST31G480 (CC EAL6+) ■ Sensor ■ 3 axis anti-tampering MEMS ■ USB interface for blockchain computer
  • 17.
    Getting started withdevelopment Nano-S resources : compiler and SDK - https://github.com/ledgerhq/ledger-nano-s Sample applications : https://github.com/LedgerHQ/blue-sample-apps Documentation in progress : http://ledger.readthedocs.io/ Developer Slack : http://slack.ledger.co Documentation is getting put together, so don’t hesitate to ask on Slack
  • 18.