Paper: Low-level Attacks in Bitcoin Wallet
Andriana was awarded the best paper award for Low-level Attacks in Bitcoin Wallet at ISC 2017.
This work was part of her PhD.
Co-authors: Myrto Arapinis and Aggelos Kiayias
Currently, according to bitcoin.org the available Bitcoin wallets are the Keepkey, Digital Bitbox, Trezor and Ledger with the ones offered by Ledger to be the only ones that are certified against physical attacks. The purpose of these hardware is to ensure that an attacker cannot access the sensitive data of the user (account, funds) and to secure the user's transactions from attacks.
The purpose of our work is to show that even the most secure hardware is prune to man-in-the-middle attacks by taking advantage the low-level implementation of a wallet. In our paper, "Low-Level Attacks in Bitcoin Wallets", we demonstrate how we were able to attack the Ledger wallets by leveraging the low-level communication layer. We discuss that the Keepkey and Trezor wallets are also vulnerable to a subset of the Ledger attacks and suggest a potential way of securing such wallets. The abstract of the paper is the following:
"As with every financially oriented protocol, there has been a great interest in studying, verifying, attacking, identifying problems, and proposing solutions for Bitcoin. Within that scope, it is highly recommended that the keys of user accounts are stored offline. To that end, companies provide solutions that range from paper wallets to tamper-resistant smart-cards, offering different level of security. While incorporating expensive hardware for the wallet purposes is though to bring guarantees, it is often that the low-level implementations introduce exploitable back-doors. This paper aims to bring to attention how the overlooked low-level protocols that implement the hardware wallets can be exploited to mount Bitcoin attacks. To demonstrate that, we analyse the general protocol behind LEDGER Wallets, the only EAL5+ certified against side channel analysis attacks hardware. In this work we conduct a throughout analysis on the Ledger Wallet communication protocol and show how to successfully attack it in practice. We address the lack of well-defined security properties that Bitcoin wallets should conform by articulating a minimal threat model against which any hardware wallet should defend. We further use that threat model to propose a lightweight fix that can be adopted by different technologies."