Edinburgh Research Explorer

Low-Level Attacks in BitcoinWallets

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Original languageEnglish
Title of host publicationISC 2017 : 20th International Information Security Conference
PublisherSpringer, Cham
Pages233-253
Number of pages18
Volume10599
ISBN (Electronic)978-3-319-69659-1
ISBN (Print)978-3-319-69658-4
DOIs
StatePublished - 20 Oct 2017
Event20th International Information Security Conference - Ho Chi Minh City, Viet Nam
Duration: 22 Nov 201724 Nov 2017
https://www.isc-hpc.com/id-2017.html

Conference

Conference20th International Information Security Conference
Abbreviated titleISC 2017
CountryViet Nam
CityHo Chi Minh City
Period22/11/1724/11/17
Internet address

Abstract

As with every financially oriented protocol, there has been a great interest in studying, verifying, attacking, identifying problems, and proposing solutions for Bitcoin. Within that scope, it is highly recommended that the keys of user accounts are stored offline. To that end, companies provide solutions that range from paper wallets to tamper-resistant smart-cards, offering different level of security. While incorporating expensive hardware for the wallet purposes is though to bring guarantees, it is often that the low-level implementations introduce exploitable back-doors. This paper aims to bring to attention how the overlooked low-level protocols that implement the hardware wallets can be exploited to mount Bitcoin attacks. To demonstrate that, we analyse the general protocol behind LEDGER Wallets, the only EAL5+ certified against side channel analysis attacks hardware. In this work we conduct a throughout analysis on the Ledger Wallet communication protocol and show how to successfully attack it in practice. We address the lack of
well-defined security properties that Bitcoin wallets should conform by articulating a minimal threat model against which any hardware wallet should defend. We further use that threat model to propose a lightweight fix that can be adopted by different technologies.

Event

20th International Information Security Conference

22/11/1724/11/17

Ho Chi Minh City, Viet Nam

Event: Conference

Download statistics

No data available

ID: 43631683