Rebooting the smartcard
Click here to load reader
-
Upload
eric-larcheveque -
Category
Devices & Hardware
-
view
268 -
download
2
Transcript of Rebooting the smartcard
Rebooting the Smartcard
Rebooting Web Of Trust Paris MeetupNovember 2016
Nicolas Bacca @btchip
A trust layer between the blockchain and the physical world
For industrials, enterprises and consumers
Securing the first and last mile
LEDGER TECHNOLOGY
Without trust, data has no actionable value
node
node
node
node
nodeCloud servers
User on a PC or a smartphone Industrial
sensor / IoT
node
node node
Connected object
Blockchain/ITtrusted zone
Physical worldabsence of trust
Is this really you?
Am I allowed to execute this transaction?
Critical temperature data
Did the driver got switched?
The ubiquitous Safe
Best technical solution for at scale (CHEAP) secure deployment
Best technical solution against physical attacks (theft, evil maid)
A configurable Safe
Lot of resources invested in secure remote management
Great portability of Java Card, at least on paper
But not YOUR manageable identity
The secrets are not YOUR secrets
Or are yours but you can’t manage them (fingerprint match on card)
> >
Definitely not made for YOU
Not Plug & Play
Cannot be reliable in a regular (malware infected) computing environment
Rebooting the Smartcard
Plug and Play
Developer friendly
Malware resistant
Auditable
Plug and Play
Native browser / mobile access
No driver, no middleware
Reusing the FIDO standards
Malware resistant
Physical user consent can be required for all sensitive operations
Display the operation to be validated, in human readable format
Developer friendly
Native isolation whenever possible
Accelerated, low level cryptographic primitives to build on
Improving on isolation, using ARM capabilities
Native application 1
Native application 2
Native application 3
MicrokernelUserseed
MMU lock
User modeSupervisor mode
System call
UI application
Auditable
Isolate secure and non secure code
Build on top of a microkernel that can be gradually opened
Ledger platform architecture
Trusted / Secure component (Secure Element or enclave) with limited I/O options
Non trusted component with more I/O options
Screen
Direct control from the Trusted component, proxied
Pairing at boot time
User app 1
User app 2
Button
Sensor
USB
Our latest consumer devices
Ledger Nano S : available now
Ledger Blue : pre order, Christmas delivery(larger screen, BLE)
Hardware Oracle - for machines
Cryptographically attestable anti-tampering sensors
■ Secure chip ST31G480 (CC EAL6+)■ Sensor■ 3 axis anti-tampering MEMS■ USB interface for blockchain computer
Getting started with development
Nano-S resources : compiler and SDK - https://github.com/ledgerhq/ledger-nano-s
Sample applications : https://github.com/LedgerHQ/blue-sample-apps
Documentation in progress : http://ledger.readthedocs.io/
Developer Slack : http://slack.ledger.co
Documentation is getting put together, so don’t hesitate to ask on Slack
Thank you @btchip