The secure element, also known as the security chip, is a tamper-resistant microprocessor used in hardware wallets to protect sensitive information and perform cryptographic operations. These chips are integral to secure data storage and encryption and are also utilized in various products such as IC cards, SD cards, SIM cards, eSEs, USB security keys, and wearable devices.
Security of the Secure Element
In 1999, the International Organization for Standardization (ISO) introduced ISO/IEC 15408, commonly referred to as the Common Criteria (CC), for evaluating IT security. This framework provides stringent guidelines for assessing the security functionalities of IT products and systems, thereby enhancing user confidence and system security while reducing the need for repeated assessments.
Security chips undergo rigorous evaluations under the CC framework and are assigned a numerical grade from EAL 1 to EAL 7, indicating the assurance level of security. Higher levels denote more stringent security requirements met from various perspectives. For example, EAL 4+ and EAL 5+ products are standard in the financial sector, whereas EAL 6+ products are employed for military applications.
Key Features of EAL 6+ Secure Elements
OneKey hardware wallets incorporate EAL 6+ secure elements. This EAL 6+ secure element has the following key features:
- Robust Security Functionalities: These include environmental sensors, TRNG abnormality checks to prevent malfunctions, memory encryption, bus masking, random branch insertion, clock jitter techniques for leakage protection, dedicated shielding, data integrity checks, and memory/bus encryption to guard against physical manipulation and probing. Additionally, there is a test access control mechanism to prevent unauthorized access.
- True Random Number Generator (TRNG): The TRNG comprises entropy sources, a self-test circuit, and a post-processing circuit to ensure proper functioning and compliance with the AIS20/31 PTG.2 level.
- Support for Cryptographic Algorithms: The secure element supports TDES (implemented with hardware co-processors and software crypto libraries, supporting Triple-DES with two or three 56-bit keys in ECB mode) and RSA (providing the RSA CRT algorithm for key sizes ranging from 256 bits to 4096 bits). It also includes functionalities for SHA-1, SHA-256, ECC, and AES.
These advanced security chips ensure that private keys are stored in a highly protected environment, preventing unauthorized access and physical tampering. By integrating EAL 6+ secure elements, hardware wallets provide users with the highest level of security assurance, safeguarding their cryptocurrency assets against both digital and physical threats. This robust security foundation is essential for maintaining trust and confidence in the management and protection of digital assets.