Ledger Nano S Security Target, Lecture notes of Marketing

Threat #2: Using a not genuine Ledger Nano S . . ... mode, the 24-word recovery phrase is displayed word by word and must be written down on ...

Typology: Lecture notes

2022/2023

Uploaded on 02/28/2023

ambau
ambau 🇺🇸

4.5

(11)

250 documents

1 / 36

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Ledger Nano S Security Target
Release 1.2
Oct 18, 2018
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24

Partial preview of the text

Download Ledger Nano S Security Target and more Lecture notes Marketing in PDF only on Docsity!

Ledger Nano S Security Target

Release 1.

Oct 18, 2018

  • 1 Introduction
    • 1.1 Acronym
    • 1.2 Terminology
    • 1.3 ANSSI References
    • 1.4 Bitcoin Improvement Proposal References
    • 1.5 Additional References
    • 1.6 STMicroelectronics Main Hardware References
    • 1.7 BOLOS Python Loader
    • 1.8 Ledger Technology Details
  • 2 Ledger Nano S
    • 2.1 Operational Environment
    • 2.2 Features
    • 2.3 Services
      • 2.3.1 Hardware Wallet Service
      • 2.3.2 Cryptographic Platform Service
      • 2.3.3 Password Manager Service
      • 2.3.4 FIDO Service
      • 2.3.5 Additional Innovative Services
    • 2.4 Dual Architecture
    • 2.5 Identification
    • 2.6 Target of Evaluation
    • 2.7 Assumptions
    • 2.8 Environment Measures
    • 2.9 End-User
  • 3 Assets
  • 4 Threats
    • 4.1 Threat Agent
    • 4.2 Threat #1: Generating a biased or a deterministic random number
      • 4.2.1 Context
      • 4.2.2 Threat
    • 4.3 Threat #2: Using a not genuine Ledger Nano S
      • 4.3.1 Context
      • 4.3.2 Threat
    • 4.4 Threat #3: Bypassing the Access Control to Sensitive Services
      • 4.4.1 Context
      • 4.4.2 Threat
    • 4.5 Threat #4: Compromising the Post-Issuance Capability
      • 4.5.1 Context
      • 4.5.2 Threat
  • 5 Security Functions
    • 5.1 Security Function #1: True Random Number Generator
      • 5.1.1 Description
        • 5.1.1.1 Assets
    • 5.2 Security Function #2: Attestation Mechanism
      • 5.2.1 Description
      • 5.2.2 Assets
    • 5.3 Security Function #3: End-User Verification
      • 5.3.1 Description
      • 5.3.2 Assets
    • 5.4 Security Function #4: Post-Issuance Capability over a Secure Channel
      • 5.4.1 Description
      • 5.4.2 Assets
  • 6 Summary: Threats - Assets - Security Functions
    • 6.1 Mapping Between Assets and Security Functions
    • 6.2 Mapping Between Security Functions and Threats
  • 7 Use Cases
    • 7.1 On-Boarding
    • 7.2 Typical scenarios
  • 8 Annex
    • 8.1 On-boarding Flow
    • 8.2 External References

Ledger Nano S Security Target, Release 1.

Security Target Identification

Identification Ledger Nano S Security Target Release 1. Date 2018-10- Diffusion Public

Security Target History

Version Date Author Role Comments 1.0 2018-07-27 Alain DESTRES Security Certification Engineer Initial Version 1.1 2018-10-04 Alain DESTRES Security Certification Engineer Add clarifications 1.2 2018-10-18 Alain DESTRES Security Certification Engineer Add clarifications

Security Target Review

Date Release Reviewer Role 2018-07-20 1.0 Charles GUILLEMET Chief Security Officer 2018-07-23 1.0 Pierre OSDOIT Marketing Manager in Marketing & Communication 2018-10-01 1.1 Charles GUILLEMET Chief Security Officer 2018-10-15 1.2 Charles GUILLEMET Chief Security Officer

CONTENTS: 1

CHAPTER

ONE

INTRODUCTION

1.1 Acronym

AES Advanced Encryption Standard API Application Programming Interface ANSSI Agence Nationale de la Sécurité des Systèmes d’Information BIP Bitcoin Improvement Proposal BOLOS Blockchain Open Ledger Operating System CC Common Criteria DES Data Encryption Standard EC Elliptic Curve ECDSA Elliptic Curve Digital Signature Algorithm ECDH Elliptic-Curve Diffie-Hellman FIDO Fast IDentity Online GPIO General Purpose Input Output GUI Graphical User Interface HSM Hardware Security Module HTTPS HyperText Transfert Protocol Secure IC Integrated Circuit MCU Micro Controller Unit Nonce Number used once OLED Organic Light Emitting Diode PIN Personnal Identification Number PKI Public Key Infrastructure PSD Personnal Security Device (synonym for the Ledger Nano S) RGS Référentiel Général de Sécurité RSA Rivest Shamir Adelman SE Secure Element SEPROXYHAL Secure Element PROXY Hardware Abstract Layer SEC Standards for Efficient Cryptography SF Security Functions SHA Secure Hash Algorithm SPI Serial Peripheral Interface ToE Target of Evaluation TRNG True Random Number Generator U2F Universal 2 (Second) Factor UM User Manual USB Universal Serial Bus Continued on next page

Ledger Nano S Security Target, Release 1.

Table 1 – continued from previous page UX User eXperience

1.2 Terminology

Adversary Person trying to compromise the Ledger Nano S Attestation One of the core security features developed by Ledger to prove the Ledger Nano S is gen- uine. The attestation mechanism implementation relies on a set of cryptographic protocols based on Elliptic Curve BOLOS The open native Operating System developed by Ledger. One of BOLOS’s features is to manage Apps (delete, install) while the Ledger Nano S has already been issued on the field. This capability offering a great flexibility allows to enrich the Ledger Nano S experience. Blockchain A list of blocks which are all linked together and validated via a consensus mechanism Companion App Ledger Live (or third-party like Mycelium, MyEtherWallet, Coinomi) running in the Host to support the Legder Nano S services. For instance, the Bitcoin application, included in the Companion App displays accounts, balance, last transactions... The Companion Apps can be either desktop/laptop or smartphone oriented. Consent The Ledger Nano S security design is strengthened by the End-User. As soon as a sensitive operation is required, the End-User must confirm the operation via the 2 buttons Crypto Asset One of the digital asset whose value is saved on the blockchain Crypto Asset address It is a public address provided by the End-User to transfer crypto assets. This address is derived from the Public Key. Device App Software running in the SE on top of the BOLOS. These device Apps can be either devel- oped by Ledger or a third-party. A Device App offers a service. End-User Happy owner of a Ledger Nano S. End-User is defined by general public. Firmware Software running on top of an hardware (both MCU -SEPROXYHAL- and SE -BOLOS) Hardware Wallet Physical wallet leveraging an hardware to secure sensitive assets and sensitive operations Host End-User machine (laptop, desktop, smartphone and tablet) running a Companion App Key Pair Includes both a Private Key and a Public Key Nano S State-of-the-art device designed, developed and manufactured by Ledger offering a set of secure services. In this Security Target, Personal Security Device (PSD) means Nano S. NESCRYPT Coprocessor for public key cryptography algorithm embedded in [ST31H320]. Ledger leverages NESCRYPT to perform some operations on the elliptic curve. On-boarding Set of operations (seed generation, PIN configuration... ) performed during the initializa- tion of the Ledger Nano S Private Key Set of secret data involved for signing a transaction under the End-User Control Public Key Set of data, generated from the private key, which can be distributed SE Firmware The SE firmware is composed of: BOLOS OS & BOLOS UX Dashboard Device App secp256k1 Elliptic Curve defined by Certicom Research in Standards for Efficient Cryptography ([SEC_2]) Secure Element A Secure Element is composed of a secure IC and a Secure Software Secure IC It is an hardware embedding a set of physical security countermeasures. The Secure IC including in the Ledger Nano S is Common Criteria certified [ST31H320CCCertificate]. Secure Software It is a software embedding a set of logical security countermeasures. In the Ledger Nano S, Ledger has developed BOLOS and a set of Device Apps for the Ledger Nano S. Seed Set of data located at the top of a hierarchical tree SEPROXYHAL Firmware name running on top of [ST31H320] Service Crypto asset management, Password Manager, Second Factor Authentication are typical services offered by the Ledger Nano S Wallet Solution to manage your crypto assets Wallet Type There are 2 types of wallet: non-deterministic wallet and deterministic wallet

4 Chapter 1. Introduction

Ledger Nano S Security Target, Release 1.

This script performs a mutual authentication between the Ledger HSM and the PSD. Firstly, the PSD ensures that the HSM is genuine, then the HSM ensures that the PSD is genuine.

  1. genCAPair This script generates a Certification Authority key pair (elliptic curve secp256k1) that will be used to perform a mutual authentication.
  2. deleteApp / listApps / signApp As Ledger offers the opportunity to develop some Apps, these scripts aim at managing the Apps developed by a third-party.

All the functions and further details regarding the BOLOS Python Loader can be found:

  1. [Python_Loader_Installation]
  2. [Python_Loader_Exploitation]

1.8 Ledger Technology Details

Some additional technical details regarding the technology created by Ledger can be found in the following list:

  1. [Ledger]
  2. [Readthedocs]
  3. [GitHubLedgerHQ]

6 Chapter 1. Introduction

CHAPTER

TWO

LEDGER NANO S

2.1 Operational Environment

Ledger offers a full ecosystem to interface with the dedicated services included in the cloud, offering a smooth User Experience:

  1. The Ledger’s secure servers (based on HSM technology) ensure the Ledger Nano S is a genuine one, proving that the Ledger Nano S is issued by Ledger
  2. The optional Companion App shares the account details and connects to the corresponding blockchain network
  3. The Ledger Nano S device is leveraged to perform sensitive operations (generating seed, signing transactions, submitting passwords... )

The diagram below illustrates the main interactions between elements when the Companion App is required:

Fig. 1: Environment WITH a Companion App

The following diagram illustrates the main interactions between elements when the Companion App is not required:

Ledger Nano S Security Target, Release 1.

  1. Plausible deniability: an additional PIN linked to a passphrase can be defined to create an hidden account
  2. Genuine: sophisticated attestation mechanisms ensuring that the Ledger Nano S is a genuine one
  3. Post-issuance capability: all piece of software (MCU Firmware, SE Firmware, Device Apps) can be se- curely updated

Bold features are included in the security scope and addressed by dedicated security functions.

2.3 Services

Services are not included in the security scope. These services are not addressed in the scope because they are all protected by the End-User’s PIN. Indeed, the Ledger Nano S requires the End-User’s PIN unlocking then all services listed in the following sections. Thus, even if the services are out of scope, the secret data belonging to services are properly protected through the PIN.

2.3.1 Hardware Wallet Service

The wallet is the main service.

It is the combination of the following two elements that creates an operational wallet:

  1. Companion App executed on the Host
  2. Ledger Nano S with the dedicated crypto asset application installed and currently selected. The Ledger Nano S acts as a secure gateway to the blockchain technology.

This wallet service managing crypto assets is in charge of:

  1. Managing the balance (Companion App)
  2. Handling one or several accounts (Companion App)
  3. Supporting one or several crypto assets: Bitcoin, Bitcoin Cash, Bitcoin Gold, Ethereum, Ethereum Classic... (Companion App & Ledger Nano S)
  4. Processing transactions: receive & perform payments (Companion App & Ledger Nano S)

If you remove one of these elements, no transaction can be processed. The Host performs no security opera- tions. All sensitive operations (for instance signing a transaction, confirming the amount of the transaction, con- firming the recipient’s address) are directly performed with the Ledger Nano S based on the Secure Element technol- ogy. The security model designed by Ledger relies on the Ledger Nano S including not only a certified secure IC [ST31H320CCCertificate] but also a secure software developed by Ledger.

2.3.2 Cryptographic Platform Service

The Ledger Nano S, considered as a cryptographic embedded platform, supports several cryptographic primitives as listed below (not limited to):

  1. Symmetric cryptography: DES/3DES, AES
  2. Asymmetric cryptography: RSA (key size: 1024, 2048, 3072, 4096 bits), EC (brainpool, SECP and ANSSI)
  3. Secure Hash: SHA224, SHA256, SHA384, SHA

2.3. Services 9

Ledger Nano S Security Target, Release 1.

2.3.3 Password Manager Service

A Device App manages all your passwords making the connection step easier for an End-User.

2.3.4 FIDO Service

The FIDO U2F Device App is a two-factor authentication method specified by the FIDO Alliance. It works with several web services, like Facebook, Dashlane, Gmail, Dropbox, GitHub, etc.

For each of these web services, the End-User needs to set up the security parameters of the account to register the Ledger Nano S as a second factor security key to authenticate on it. This second factor of verification will improve the security of your log in processes, as the End-User will be first required login/password followed by the second factor via the Ledger Nano S.

2.3.5 Additional Innovative Services

As the Ledger’s ecosystem is developer-friendly, a third-party can develop a Device App to build an innovative and useful service.

2.4 Dual Architecture

The Ledger Nano S is based on an architecture leveraging two hardware:

  1. a generic MCU: [STM32F042K6]
  2. a Secure Element: [ST31H320]

The [STM32F042K6] can be considered as a supporting hardware and is in charge of:

  1. Managing the USB communication with the Host
  2. Driving the screen
  3. Receiving the notifications from the buttons
  4. Communicating with the SE

The [ST31H320], as it belongs to the Secure Element Technology and is Common Criteria certified (refer to [ST31H320CCCertificate] to get further details), ensures all sensitive operations and is in charge of (but not limited to):

  1. Generating the seed
  2. Deriving the corresponding Key Pair
  3. Signing transactions
  4. Communicating with the MCU

Note that Ledger Nano S can be used without a Companion App. Indeed, both Password Manager and FIDO Device Apps directly connect to the web service without a Companion App.

The Ledger Nano S relies on the Secure Element technology addressing the security issues linked to the storage and manipulation of secret keys. The Secure Element technology is leveraged in sensitive applications: for instance banking card, passport, driving licence. The Ledger Nano S also leverages this Secure Element technology to protect properly the End-User’s assets.

10 Chapter 2. Ledger Nano S

Ledger Nano S Security Target, Release 1.

  1. Select “Settings”, “Device” and “Firmware” menu
  2. Verify that the version (Secure Element and MCU) displayed on the screen are identical to the ones identified in the previous table.

2.6 Target of Evaluation

The Personal Security Device is an embedded platform processing securely sensitive services. The PSD includes a set of core security mechanisms (TRNG, End-User verification via the enrolled PIN, attestation mechanism, post-issuance capability). These security mechanisms linked with a simplified User Experience makes the PSD usage secured and simple.

The security model created by Ledger is based on the Secure Element technology. This Secure Element embeds a set of hardware security countermeasures (for instance active shield, monitoring of environmental parameters, True Random Number Generator).

Nevertheless, in order to get a product resistant against high attack potential, Ledger has also implemented a set of software security countermeasures. It is the composition of hardware security mechanisms (provided by the Secure IC) and the software security mechanisms (provided by Ledger) which make the Ledger Nano S resistant against sophisticated attacks (elapsed time, expertise, equipment).

The Target of Evaluation, focused on the Ledger Nano S, is identified in the following diagram:

Fig. 4: Target of Evaluation including a zoom on the SE

The ToE includes:

  1. Physical elements (a) Two buttons

12 Chapter 2. Ledger Nano S

Ledger Nano S Security Target, Release 1.

(b) One screen

  1. Hardware (provided by STMicroelectronics) (a) MCU: [STM32F042K6] (b) Secure IC: [ST31H320] (Common Criteria certified)
  2. Software (developed and secured by Ledger) (a) SEPROXYHAL firmware running on top of [STM32F042K6] (b) BOLOS firmware running on top of [ST31H320] contains: i. an OS labelled BOLOS ii. a Device App labelled BOLOS UX Dashboard

BOLOS is in charge of:

  1. Communicating with the outside world
  2. Performing cryptographic computation
  3. Storing secret data (seed, PIN)
  4. Offering a set of API (communication, cryptographic primitives, seed) accessible to all Device Apps

The BOLOS UX Dashboard Device App, default Device App active as soon as the PIN is successfully verified, is:

  1. the entry point to select another Device App
  2. in charge of the on-boarding phase: seed generation and PIN enrollment
  3. involved in the other Device App management (delete, install)

The BOLOS UX Dashboard Device App ensures a consistency UX whatever the running Device App. This Device App manages for instance buttons and the screen. Thus, this Device App also supports a third-party developer to create his own Device App.

All Device Apps (developed by Ledger or not), except BOLOS UX Dashboard Device App are not included in the ToE.

2.7 Assumptions

Below is the list of assumptions:

  1. The Ledger Nano S is acquired from an official Ledger reseller (Ledger, Amazon stores)
  2. The HSM is properly operated by Ledger
  3. The End-User has verified that the Ledger Nano S has not been tampered ([CheckHardwareIntegrity])
  4. The End-User only installs non-malicious Device Apps

2.8 Environment Measures

Even if the Ledger Nano S can be used within a strict environment (for instance storing the device inside a vault, signing a transaction inside a secure building), the security design developed by Ledger allows the End-User to experience the PSD in a public area. The device is architectured to provide an high assurance level to the End-User whatever the environment.

2.7. Assumptions 13

CHAPTER

THREE

ASSETS

As the PSD processes sensitive operations (i.e. sign transactions, manage passwords, achieve U2F authentication,... ) and stores confidential data, the following primary assets must be secured:

  1. Random number - data
  2. Secret seed - data
  3. Secret Data (protected by the PIN) - data
  4. PSD Access Control - operation
  5. SE Firmware - data
  6. MCU Firmware - data

All the primary assets listed above is worth of interest to an adversary and are subject to a set of threats as mentioned in Threats.

Ledger Nano S Security Target, Release 1.

16 Chapter 3. Assets