Rebooting the smartcard

Rebooting the Smartcard

Rebooting Web Of Trust Paris MeetupNovember 2016

Nicolas Bacca @btchip

A trust layer between the blockchain and the physical world

For industrials, enterprises and consumers

Securing the first and last mile

LEDGER TECHNOLOGY

Without trust, data has no actionable value

node

node

node

node

nodeCloud servers

User on a PC or a smartphone Industrial

sensor / IoT

node

node node

Connected object

Blockchain/ITtrusted zone

Physical worldabsence of trust

Is this really you?

Am I allowed to execute this transaction?

Critical temperature data

Did the driver got switched?

The ubiquitous Safe

Best technical solution for at scale (CHEAP) secure deployment

Best technical solution against physical attacks (theft, evil maid)

A configurable Safe

Lot of resources invested in secure remote management

Great portability of Java Card, at least on paper

But not YOUR manageable identity

The secrets are not YOUR secrets

Or are yours but you can’t manage them (fingerprint match on card)

> >

Definitely not made for YOU

Not Plug & Play

Cannot be reliable in a regular (malware infected) computing environment

Rebooting the Smartcard

Plug and Play

Developer friendly

Malware resistant

Auditable

Plug and Play

Native browser / mobile access

No driver, no middleware

Reusing the FIDO standards

Malware resistant

Physical user consent can be required for all sensitive operations

Display the operation to be validated, in human readable format

Developer friendly

Native isolation whenever possible

Accelerated, low level cryptographic primitives to build on

Improving on isolation, using ARM capabilities

Native application 1

Native application 2

Native application 3

MicrokernelUserseed

MMU lock

User modeSupervisor mode

System call

UI application

Auditable

Isolate secure and non secure code

Build on top of a microkernel that can be gradually opened

Ledger platform architecture

Trusted / Secure component (Secure Element or enclave) with limited I/O options

Non trusted component with more I/O options

Screen

Direct control from the Trusted component, proxied

Pairing at boot time

User app 1

User app 2

Button

Sensor

USB

Our latest consumer devices

Ledger Nano S : available now

Ledger Blue : pre order, Christmas delivery(larger screen, BLE)

Hardware Oracle - for machines

Cryptographically attestable anti-tampering sensors

￭ Secure chip ST31G480 (CC EAL6+)￭ Sensor￭ 3 axis anti-tampering MEMS￭ USB interface for blockchain computer

Getting started with development

Nano-S resources : compiler and SDK - https://github.com/ledgerhq/ledger-nano-s

Sample applications : https://github.com/LedgerHQ/blue-sample-apps

Documentation in progress : http://ledger.readthedocs.io/

Developer Slack : http://slack.ledger.co

Documentation is getting put together, so don’t hesitate to ask on Slack

Thank you @btchip