Recall that the Darling Think Tank previously explained the "three ones" elements that define the security of encrypted wallets: the three are that encrypted wallets must have network isolation, system integrity protection, and seed confidentiality; the third is "no system attack and defense assumption". The "three ones" element is to analyze the security features that wallets should have from a defensive perspective. This article analyzes the guiding principles of encrypted wallet security design from two dimensions including attack and usability:

1. Dimension of attackability

Guo Weiji, chief scientist of Mishen Technology, decomposes the cost-benefit of attacking wallets into three levels from four aspects: technical threshold, economic cost, crime cost, and expected income:

The first level, high attackability, corresponds to low technical threshold, low economic cost, low crime cost, and high expected return;

The second level, medium attackability, corresponding to low technical threshold, low economic cost, high crime cost, and low expected return;

The third level, low attackability, corresponds to high technical threshold, high economic cost, high crime cost, and low expected return.

Comparison of attackable dimensions, source: Darling Think Tank

These three levels can guide us to adopt targeted security design.

2. Availability dimension

Usability of crypto wallets includes security and user experience. Unlike the usual practice of equating usability with user experience, here we list security as a key indicator of usability. The reason is simple, as a wallet product, security is of the utmost importance. If an encrypted wallet has poor security, there are many restrictions on its use, especially the assets it manages can only be very small, even if it is lost, it does not matter much, which makes the wallet unusable in many cases.

In addition, bad user experience can also lead to loss of security. For example, if the security of a certain wallet mainly depends on the user entering a relatively complex password, the user experience will be poor; and due to human laziness, users may use passwords that seem complex but are easy to crack.

An ideal encrypted wallet has high security and a very good user experience. But it's extremely difficult to balance the two. To this end, Guo Weiji proposed a formula:

Technology Advanced Index ≥ Safety Index x User Experience Index

At a given technical level, the safety index and the user experience index are at most inversely proportional to each other, and cannot be considered at the same time. Fortunately, by adopting more advanced technologies, both the safety index and the user experience index can be improved at the same time. It can be considered that the ceiling of the usability of encrypted wallets depends on the adopted security design and its technical implementation.

Comparison of usability dimensions, source: Darling Think Tank

After analyzing the advantages and disadvantages of various wallet architectures from the dimensions of attackability and usability, this paper will further propose a thinking paradigm to guide the security design of wallets.

3. Software Wallet for Dimensional Analysis

1. Dimensions of attackability

Due to the low technical threshold for attacking software wallets, low economic costs, low crime costs, and high expected returns, software wallets are highly attackable.

From the perspective of technical threshold, software wallets do not have the "three haves" elements: connecting to the network will lead to insecure storage of mnemonics, setting weak passwords for transaction passwords, and replacement of currency price trend data; if the system is incomplete, it is mainly based on The Android system, the Android system will cause the mobile phone to be unaware of physical attacks; because the first two cannot guarantee security, the confidentiality of the wallet seed will not be safe. Therefore, the technical threshold for attacking software wallets is relatively low.

From the perspective of economic cost, because software wallets are often connected to the Internet, hackers can remotely attack countless software wallets just by sitting in front of a computer, and the same attack method can be used repeatedly, without the cooperation of many people and high operating costs.

From the perspective of crime costs, hackers can steal across borders through the Internet, and can hide their IP or place it in other places, making it almost difficult to track the real identity of the hacker.

From the perspective of expected income, investors have not yet paid enough attention to the confidentiality of encrypted assets at this stage, so many users store encrypted assets in software wallets, giving hackers a large user base to attack. Hackers can easily attack a large number of software wallets behind the computer, and once successful, the profits will be considerable.

2. Availability dimension

At present, there are not many security technology options that can be used on software wallets. The low technical level makes it extremely difficult to balance security and user experience, so the overall usability is at a relatively low level.

In China, software wallets are often equivalent to mobile app wallets, and fewer users use software wallets on PCs. However, in any case, the primary problem facing software wallets is how to keep the private key or seed secret. The WannaCry ransomware virus has been popular on PCs, encrypting user assets and files and demanding ransom. In fact, if you can blackmail, you can transfer files.

The other is to steal the encrypted private key file from the PC or mobile phone, crunch the database, or use the flaws in the encryption scheme to crack it. Of course, the technical threshold of the latter is higher, but it is not so high. According to a study by the MIT Computer Science and Artificial Intelligence Laboratory, more than 10% of faulty cryptography implementations manifest themselves in hardcoding the decryption key into the code. Readers, don't think this seems like a fantasy. Think carefully about where else can a software wallet store the decryption key? Putting obfuscation in the code is an obvious option, and the other options are not much better unless the underlying operating system provides sufficiently robust security measures.

A better way is to require the user to enter a password for encryption, but there will be other problems here. Weak passwords, database crashes, etc. are one aspect, and using Trojan horses to obtain keyboard input to obtain user passwords is another.

The above has made a theoretical analysis of the security of software wallets. But the real reality security situation is far worse than theoretical analysis. For example, some software wallet operators believe that the security of the wallet application does not need to exceed the security of the system where it is installed. As long as the mobile phone system is not compromised, the assets are safe; and if the system is compromised, then the assets cannot be protected by any means. In order to improve the user experience, many wallets simply store the user's wallet seed or private key in plain text in the mobile phone, causing great potential danger to the user's asset security.

A few days ago, the Blockchain Security Research Center BSRC released an attack video against an Android version of the software wallet. The video shows that the attacker can directly obtain the user's mnemonic seed through a USB connection to the user's mobile phone, and obtain the user's mnemonic seed after local cracking. The twelve mnemonic words in the plaintext, thus entering the user's account. In this attack case, the attack would not have gone so smoothly if the wallet seed had been protected with even simple encryption.

Sacrificing security for user experience is essentially an illusion of security. From the perspective of usability, both security and user experience are essential, and the convenient but insecure encrypted wallet exposes user assets to unnecessary risks, and its usability level is very low.

Therefore, software wallets with high attackability are the "attack" objects favored by hackers, while bad designs that lack theoretical guidance and sacrifice security to take care of user experience under the constraints of limited overall usability make the security of software wallets even worse. It is worse. This is why there is a need for hardware wallets.

4. Android hardware wallet for dimensional analysis

1. Dimensions of attackability

The hardware wallet developed based on the Android system belongs to the second level in terms of attackability, that is, medium attackability. Specifically, it has low technical threshold, low economic cost, high crime cost, and low expected return.

From the perspective of technical threshold, it is not too difficult to attack the Android system. This is mainly due to the fact that Android lacks system integrity protection and there are many security vulnerabilities; more importantly, once a hardware wallet based on the Android system is released, it is often difficult to make any major upgrades to the underlying operating system, causing Android hardware Wallets are constantly threatened by new vulnerabilities that are subsequently discovered. It can even be said that if the released products cannot be patched, as long as anyone learns about new vulnerabilities, they can use them to attack Android hardware wallets, resulting in a situation where the technical threshold is low.

In practice, John McAfee, Bitfi's executive president and network security pioneer, once called the Bitfi cold wallet the world's first "unhackable" device. To prove itself, McAfee launched a $100,000 reward on July 24 to find a hacker who can break into the device. Less than a week later, a fifteen-year-old reportedly managed to break into a Bitfi wallet heavily backed by John McAfee. At the Kanxue Security Summit held in July, Hu Mingde, a security expert from Zhichuangyu, cracked a domestic Android wallet by exploiting the flaw of the USB interface.

From the perspective of economic cost, whether it is a supply chain attack or an evil maid attack, the cost may be implanting malware or using known vulnerabilities to steal private key data, which does not require a high cost.

But there is a certain risk of crime. Whether the hacker has direct access to the device or bribes someone else, the attacker faces the possibility of being identified.

From the perspective of expected income, since the attacker needs to get in touch with the device first, it is possible to steal the digital assets inside, which prevents the attack from being implemented on a large scale, and its efficiency becomes very low. Therefore, the expected income is much higher than that of attacking software wallets. reduce.

From the perspective of attackability analysis, the low return expected from the comprehensive evaluation of Android hardware wallets will prevent hackers from attacking hardware wallets to a certain extent. However, as the number of users of hardware wallets gradually increases, the income of hackers will also increase accordingly. As a result, hardware wallets will gradually be favored by hackers.

2. Availability dimension

At present, the existing Android hardware wallet products on the market basically emphasize that they are offline and transmit signature information through QR codes, and the user experience is much worse than that of software wallets. At the same time, security measures cannot be simplified because there is still the possibility that the device will be lost or accessed by others. If the user is required to use a more complex password combination to keep the wallet seed secret, this is another kind of harm to the user experience. Of course, carrying a huge device with you is also a kind of harm to the user experience.

At the same time, due to the lack of system integrity protection in the Android system, on the premise that attackers can access the device, the security of Android hardware wallets is not higher than that of software wallets, and even lower than some software wallets that better use iOS security mechanisms. .

On the whole, the main advantage of Android hardware wallets over software wallets is that they remain offline, resulting in attackability, or as an attack target, they are relatively less attractive to attackers; their user experience is inferior to that of software wallets. Generally speaking, it is a typical example of sacrificing user experience for security.

If both high security and good user experience are required, according to the aforementioned formula, the only solution is to adopt a better technology platform. This is chip-level hardware wallet.