Security hardening for digital wallets
1. Introduction
This article discusses security controls that reduce the risk of unauthorized access or misuse, information leakage and unauthorized physical access, mostly. These controls may be applied in any situation but this article focuses on controls that reduce the risk of an attacker accessing the private key or seed of a digital wallet.
Everyone wants there to be simple answers in security, but sometimes there are no simple answers.
— Tavis Ormandy (@taviso) December 15, 2017
1.1. Strategy
For an easier usage and better risk management, wallets can be segregated. Ideally, the main wallet (the one containing most of your resources) should be isolated from the device used every day as if it were a safe. Your computer may have another wallet, for everyday payments and your phone another one, for small payments when you are away from home. There are several options for the “safe”:
a) A hardware wallet, like Ledger wallet or Trezor (if the currency is supported) b) A dedicated hardware, like a laptop c) Dual boot on USB drive or external HD (needs to evaluate free disk space if it is going to host various blockchains) d) A virtualized system (dedicated) e) A paper wallet (not for PoS miners) f) Shared device with other activities (less secure)
User that choose one of the strategies from a) to e), already solved most of their problems and may read the recommendations on sections 3 to learn more about information security. Users that shared a device that hosts a digital wallet with other activities must read section 3 very carefully.
1.2. Approach
In this article the suggested security controls use a whitelist approach.
1.2.1. Blacklist
A blacklist approach defines everything that is forbidden, making everything else allowed.
1.2.2. Whitelist
A whitelist approach defines everything that is allowed. Everything else, not explicitly allowed, will be forbidden. This is a more practical and secure approach. More secure because it is not possible to imagine all kinds of attacks that may be executed, all malicious websites, all infected software. At some point one of them will bypass the blacklist. It is more practical because it is quicker and easier to allow only a small set of connections, websites, browser extensions, etc., than trying to block all threats that arise everyday.
2. Threat model
Some of the threats considered for the recommendation of security controls in section 3:
2.1. Unauthorized logical access
Depending on the exploited vulnerability it is possible for the attacker to access the wallet file, capture typed keys and mouse movements, take screenshots and read content from the memory to obtain all or part of the private key or seed.
2.2. Information leakage
Even if the attacker cannot access the private key or seed, he may try to obtain the greatest amount of information available to try to log on Exchange platforms and transfer resources, by scavenging emails, passwords and other information about the user that may help him answer security questions in case of password loss.
2.3. Unauthorized physical access
If the device includes dual-boot options, it is possible to boot a Linux OS in a USB drive and copy the wallet files from the HD. See recommendation 3.18.
3. Recommendations
Disclaimer: The following recommendations are based only in studies, professional experience and personal preferences. Always do your own research, evaluate your risks and perform backups before implementing any security control.
Many recommendations here are very difficult for the average user to implement. In an ideal world information security would be a very easy topic, like checking a check box. Unfortunately, security isn’t always trivial. The average user should, at least, follow the recommendations on sections 3.1, 3.2, 3.4, 3.5, 3.6, 3.9, 3.11, 3.12, 3.13, 3.14, 3.15, 3.17, 3.19. Exactly, almost the entire list.
3.1. Do not use pirate software
Any expert will say that almost all, if not all, pirated copies of Windows are infected with some malicious code. A few years ago the goal was to steal Internet Banking credentials. Even in this subject the banks are losing space. It is much easier for the hacker to steal digital coins. They do not leave traces, they do not depend on other security controls like the banks and they have been widely adopted in the market. These malicious code usually prevent the antivirus from detecting its presence, so never trust the antivirus running on a cracked copy of Windows.
The same recommendation applies to other pirated software (cracked): do not use them, they may be infected. Some of them require administrative credentials, even if only at installation. Others will try to exploit operating system vulnerabilities or read keys and passwords from memory. There are even those who will attempt to locate in the user’s folder password files and wallets to transfer resources to the attacker.
3.2. Do not use administrative credentials regularly
Any task performed with administrative privileges has much more reach within the operating system than it does with regular user privileges. Regular users have access to their own environment only while administrative users can do just about anything depending on the operating system. Keep administrative credentials reserved for administrative tasks.
Linux
On Linux, create a regular user. Install sudo (Super User do) and add the user to the sudo group (group of users that can execute the sudo command). From then on, use sudo to run commands that require root privileges.
# apt-get install sudo
# usermod -aG sudo [username]
To verify if the user is member of sudo group:
# groups [username]
Mac and Windows
On Mac and Windows you must log on with a regular user and provide the administrative credentials when necessary.
3.3. Set up a firewall
The firewall is just another security control and it will not solve all the problems. The purpose of the firewall is to filter unwanted packets and connections. As a general rule no connection should be allowed if there is no reason to do so.
Linux
Linux users already have a native firewall inside the kernel: iptables. As a general recommendation the following rules are applicable (the lists below are not exhaustive):
$ sudo iptables -A INPUT -i lo -j ACCEPT
$ sudo iptables -A INPUT -m state --state INVALID -j DROP
$ sudo iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
$ sudo iptables -A INPUT -j LOG
$ sudo iptables -P INPUT DROP
$ sudo iptables -P FORWARD DROP
Rules with the target DROP reject all packets without reply; the second rule allows only localhost (internal) traffic, and the fourth rule allows only traffic related to connections initiated by the device. A rule could be enforced to restrict the output of packets to prevent malicious code from communicating with the attacker. This rule would have practically no effect since many of these codes communicate via HTTPS (TCP/443) and in obfuscated channels. It would be necessary to block all outbound traffic to the Internet and prevent even updates via HTTPS.
$ sudo iptables -A OUTPUT -o lo -j ACCEPT
$ sudo iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -A OUTPUT -m multiport -p tcp --dports 80,443 -j ACCEPT
$ sudo iptables -A OUTPUT -m multiport -p tcp --dports 9108,9109 -m comment --comment "dcrd p2p, RPC" -j ACCEPT
$ sudo iptables -A OUTPUT -m multiport -p tcp --dports 19108,19109 -m comment --comment "testnet dcrd p2p, RPC" -j ACCEPT
$ sudo iptables -A OUTPUT -p udp --dport 53 -m comment --comment "DNS Queries" -j ACCEPT
$ sudo iptables -A OUTPUT -p tcp --dport 53 -m comment --comment "DNS Extended Queries" -j ACCEPT
$ sudo iptables -A OUTPUT -p tcp --dport 11371 -m comment --comment "GPG HKP" -j ACCEPT
$ sudo iptables -A OUTPUT -j LOG
$ sudo iptables -P OUTPUT DROP
To allow external access to dcrd (Decred) it is necessary to open other ports in the firewall (chain INPUT) and configure the NAT in the router. Learn more: https://github.com/decred/dcrd/blob/master/docs/default_ports.md
The package iptables-persistent can be installed to save the rules and reload them automatically after every reboot:
$ sudo apt-get install iptables-persistent
To save the new rules use:
$ sudo iptables-save > /etc/iptables/rules.v4
Mac
Mac users may try to use the native network firewall pfsense and enable the native application firewall, or evaluate friendliest solutions like Little Snitch and Hands Off.
Windows
Windows users can use the Windows Firewall (which is better than nothing) or seek a more robust solution.
3.4. Keep the operating system and applications updated
All operating systems and applications, on all platforms, come with vulnerabilities that are frequently discovered, patched and updated. Keep all your devices updated. Enable automatic updates or use the system tool to search for updates every day.
Mac
Open the App Store and click Updates.
Debian Linux
$ sudo apt-get update && apt-get upgrade
Redhat Linux
$ sudo yum update
Windows
Run Windows Update (located somewhere inside the Control Panel)
3.5. Choose hard-guessing passwords
A hard-to-guess password makes it almost impossible for the attacker to guess it through brute force for the time needed to test the all (or almost all) possible combinations. Such passwords would have more than 14 characters, upper case letters [A-Z], lower case letters [a-z], numbers [0-9] and symbols [!@#$%^&*();:-=+], to name a few. Never use words from any dictionary, in any language. Never use data that can be obtained by the attacker in databases of service providers such as names, emails, birth dates, etc.
MasterPassword is an application that helps those who have difficulty creating new passwords. It generates new passwords through an algorithm that combines a master password (which needs to be chosen and memorized by the user) and the name of the sites that will be accessed. It does not make any type of external connection and does not store the passwords locally. The whole process is deterministic, nothing is random, so it can be reproduced on other devices without the need for synchronization.
Wallet passphrase
Always create your wallet with a hard-to-guess password. The wallet is a file that resides on the device and this file contains the private key that allows you to transfer the resources. If the attacker has access to a password-protected wallet, he will have to crack this password before transferring the resources.
3.6. Use 2FA everywhere
The second factor of authentication (2FA) greatly increases the protection of login credentials. It is called the second factor because the first one is usually what you know (password). Other factors are what you have (a OTP token like that) and who you are (biometric authentication). OTP stands for One-Time Password and has this name because a new number is generated every 30 seconds. Knowing the previous number does not increase the chances of predicting the next one. Using OTP forces the attacker to guess the password and this number in a 30-second window, which makes unauthorized login virtually impossible. Never disclose the seed, which usually has 16 characters (or QR code), and is used to set up the app on your phone, but back it up if you need to reinstall on another device.
Never trust the security of a website. Some sites store passwords in plain text (without encryption, which allows attackers to read them in case of invasion), others exist solely to collect users and passwords and try to steal user information on other sites. Do not use the same password on multiple sites, even with 2FA enabled.
The most commonly used 2FA applications are Authy and Google Authenticator, which makes the source code available on Github.
3.7. Disable JavaScript
Many browser attacks depend on JavaScript. Completely disabling Javascript will cause almost all websites to stop working. An intermediate solution is the installation of the ScriptSafe extension, that is available for Firefox and Chrome. In this extension it is possible to block and allow (blacklist and whilelist) websites and tags that can have JavaScript executed. It takes some time to unblock only the necessary ones that make the websites work, in addition to learning the JavaScripts related to the trackers, but then you can export the list and import it in other devices.
3.8. Enable ad blockers
Ads are pieces of HTML with JavaScript coming from untrusted sources. They are often used to violate the privacy of users (trackers) and can load in the browser unknown Javascript. One extension that can be used to block ads is uBlock.
3.9. Do not click on every link in front of you
Whenever you access a website, check the address in the browser to make sure you are not accessing a phishing website. You also need to be careful with the ads that appear on the search engine, like Google, for example. Often the attacker pays an ad for the phishing site to appear as the first result. This phishing site usually has an address very similar to the original and its structure is a faithful copy of the original. The goal is to capture login and password of the users that will be used in the original site, such as exchanges, for example. See 2FA in section 3.6.
Important: There is no such thing as “I’m just going to browse, I’m not clicking on anything”. Just open any page of a website and its code, including Javascript, will be executed in your browser.
Short URLs
Before clicking on a “shortened” URL, use a service like Unshorten.it to find out which URL has been shortened and where you will be taken. This is one of the sites that rely on Javascript to work.
3.10. Use HTTPS everywhere
When sending sensitive information such as login and password, make sure the lock (https) is present in the address bar. HTTPS Everywhere is an extension for Firefox, Chrome and Opera that forces encrypted connections to well-known websites, preventing some objects from being loaded outside the encrypted connection, which can even disclose the user’s real IP address.
3.11. Disable browser extensions
Browser extensions can read and change information entered by the user, such as passwords. Disable all extensions and keep only those that are necessary and reliable.
3.12. Install only necessary applications and services
New applications and services increase the attack surface of a device. They bring new vulnerabilities, new open ports, new configurations (which must be hardened), and new dependencies from other libraries. They increase the likelihood of an attack being successful and also the administrative effort to keep the environment up-to-date and secure.
3.13. Use only trusted software, from trusted sources
In general, the recommendation is to download applications only from the manufacturer’s or developer’s website (or recommended by them). In the case of digital wallets the software must be safe in the first place and functional in the second. Try the wallet provided by the developers, see if it is open source and suits your needs. It will probably be the best choice.
3.14. Verify digital signatures
Before installing or using any software, verify its digital signature.
3.15. Restart the browser executable process
Start a new browser, with no tabs open, before doing anything related to cryptocurrencies. This is not the same as opening a new window. The (executable) process must be closed and reopened. The goal is to prevent malicious code downloaded through any website and linked to the browser process may be running at the time of access to exchange sites, for example. When finished, close the browser (process) and start another for other activities.
3.16. Enable process isolation and security contexts
If you use Google Chrome, you can enable process isolation. Each open site will be loaded into its own executable in memory, isolated from data from other sites loaded by other processes. Read more here.
If you use Firefox you do not need to do anything. Newer versions already have process isolation by default. You can check this by following the instructions in Electrolysis and you can learn more about the Sandbox.
Security contexts
Firefox users can enable sandboxed security contexts, a concept that sounds familiar for those who already know Qubes OS virtualization process. This sandboxing in different security contexts gives the user more control about the data the websites can access (ex: cookies, localStorage, indexedDB, etc).
3.17. Install an antivirus
At some point a regular user will behave like a regular user. So it is better to have some antivirus installed. If this user does not run random untrusted executables, there is no need.
Yep, but the context here is "how to not get hacked" guides. If you're not running random untrusted executables, then antivirus is a liability. If you are running untrusted exes, then you're gonna get hacked.
— Tavis Ormandy (@taviso) November 16, 2017
3.18. Encrypt the whole disk
Encrypting the entire disk reduces the threat of unauthorized physical access. If the device will not be transported and unauthorized physical access to your environment is not being considered, this should not be the major concern. However it should be noted that while on Mac it is possible to enable encryption at any time, on Linux it is necessary to partition the disk with this support BEFORE installing the system or copying the data. This means, include security in design, be proactive.
- Mac, Filevault2: https://support.apple.com/en-us/HT204837
- Debian, LUKS: https://xo.tc/setting-up-full-disk-encryption-on-debian-jessie.html
- Microsoft, Bitlocker: https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview
The backup disk can be encrypted using a solution such as Veracrypt.
3.19. Perform backups
Backups should be performed regularly, as a general recommendation of information security. The problem is that restoration is not preventative, it is corrective. This means that once the attacker accesses your private key or seed, nothing can be done. Thus, while backup files can solve many problems, wallet security must be completely preventative. Remember: always back up the wallet seed to a piece of paper, kept in a secure location.
Backing up does not mean moving all the files to an external USB stick or HDD. It means keeping a copy of the files in another location, disconnected from the Internet. The file must exist in at least two places at the same time.
Backups should preferably be performed with the device disconnected from the Internet, to reduce the risk of a ransomware encrypting both disks. A ransomware is a malicious code that encrypts all files on the device and requires the payment of a ransom so that the user receives the key to get their files back. Usually this ransom must be paid in Bitcoin or another cryptocurrency and there is no guarantee that the user will be able to access his files ever again.
3.20. Use a (reasonably) safe operating system
The most paranoid should experiment Qubes OS and Subgraph, two security-oriented Linux operating systems.
4. Recovery
If you suspect there is something wrong with your system, the only safe recommendation is: reinstall from the ground up (from the installation media, not from a backup that may have already been compromised). There is no software, technique or antivirus capable of ensuring that any malicious code that could have been installed was removed. The reason is that there is a plethora of malicious code in the world and the security companies just don’t know all of them. Also, no one knows for sure how all malicious code work and all the changes it might have implemented in your system.
During this reinstallation try not to make the same mistakes as before so you don’t reproduce the same state of insecurity. If you do the same things you will accomplish the same results.
Besides the reinstallation, in case of suspicion of unauthorized access, the user must also create a new wallet and transfer all resources from the old wallet as soon as possible. This way the user avoids the risk of having an attacker accessing the wallet (with or without a password) and transferring the resources.