A deep dive into the BC Vault security model

Overview

BC Vault has many different security features, all necessary to ensure the security of your private keys. This article will go in depth about why certain measures were chosen instead of others, and how it affects users’ security.

We will also be listing examples and comparisons of our product and our competitors’ products, as we see it.

Figure 1 – Basic layers of BC Vault security

Each and every wallet on your BC Vault is individually encrypted with a combination of a password entered on your computer and a PIN entered on your BC Vault.  BC Vault uses industry-standard encryption algorithms and implementations. The specific of the implementation are not public as they would provide shortcuts to potential attackers.

In addition, you can specify a Global PIN and password, which adds an additional layer of security to your BC Vault, without which the device won’t even respond to public key requests. This ensures that even basic information such as wallet addresses are not exposed without your consent. A wallet’s private key is only decrypted when absolutely necessary (when signing a transaction) and not for any other function (like getting wallet addresses as in BIP39/44 wallets). After the required operation is complete the decrypted private key is securely erased from memory.

This means that in total you have following passwords and PIN’s available:

  • Global Password – Used for unlocking access to BC Vault along with the device’s Global PIN. Entered in the application.
  • Global PIN – Used for unlocking access to BC Vault along with the device’s Global Password. Entered on the device.
  • Wallet Password – Used for sending currencies from individual wallets along with the Wallet PIN. Can be different for each wallet. Entered in the application.
  • Wallet PIN – Used for sending currencies from individual wallets with along with the Wallet Password. Can be different for each wallet. Entered on the device.

All data stored in FRAM (and potential backups) is thus encrypted with a combination of all the aforementioned parameters. Your wallet private key is only decrypted when signing a transaction.

It is very important to keep these security elements safe and to remember to use a strong password (more than 8 characters, not easily guessable, upper/lower case, numbers/symbols, etc). BC Vault does not restrict your password/pin choice, you can, although this is absolutely not recommended, use an empty password and pin if you so wish. In that case make sure nobody gets your device or backup. See attack example below.

What is a crypto wallet, what needs to be private and what can be public?

Most existing cryptocurrencies today rely on public/private key infrastructure (PKI) which allows any blockchain participant to verify transactions locally. BC Vaults primary purpose is to keep your private keys accessible only to you. Hardware wallets accomplish this with a functionally limited secure device, that only responds to necessary cryptocurrency functions. This is in contrast to software wallets which are exposed to the potential security issues of the software (OS bugs, viruses, malware…) and the hardware (Malicious USB devices like the rubber ducky or even underlying hardware issues like Spectre).

Here is an example cryptocurrency wallet for the currency Bitcoin (BTC):
Address: 15rXQdxYnCKzZnUvAu9Jnc5M7djC3cdbq8
Private key (hex): 61E030D5A5C0D1F33BCB1839F1A3AAE9B4F1B760026A3B62053EE0023E81E5B5

This address can be safely shown to anyone you require payment from, for example your exchange account from which you want to withdraw your funds. This is the actual public information stored in the blockchain on every nodes’ storage.

This private key MUST be kept safe away from anyone but you. It is used to spend the cryptocurrency in your wallet. In the example of BC Vault, the private key is stored in an encrypted form in FRAM as mentioned above.  BC Vault does allow you to see your raw private key should you so wish, but all such keys are cosmetically flagged as unsecure.

What gets sent to BC Vaults servers

For any crypto wallet to function it needs a connection to the blockchain. This means that either a connection to a locally hosted node or a publicly available one is required. We considered these two options for BC Vault and settled on the latter, providing the infrastructure ourselves.

In many cryptocurrencies this would mean downloading the full blockchain (over 1TB for all BC Vault supported currencies). We would then also need to interface with a variety of inter-incompatible clients.

This means that each transaction generated locally in the BC Vault application is then sent to the hardware for signing, then returned and verified by the application again, then it is sent to our servers to be broadcast to the blockchain network. As the entire transaction is public data anyway the only additional thing sent to our servers is your IP address which is required for basic networking purposes. IP addresses are anonymized with a SHA256 salted hash as soon as we receive them. If you are concerned about your privacy we recommend a VPN service or TOR.

Everything on our servers is considered public as it is available freely on the blockchain. All we do is make it available in a more convenient and faster way. We do not send or collect any other information from you.

Entropy

Crypto wallets rely on random values to generate statistically unguessable private keys. No two people should ever in their lifetimes generate the same private key. Should that happen, they would both have FULL access to the same wallet!

Entropy is the measure of uncertainty in a random value. This means that random values with higher entropy are more difficult to predict. The issue is, computers are not good at generating random numbers, by design they are predictable and reliable.

To ensure the generation of truly random numbers BC Vault uses input from the built-in hardware gyro sensor and various timings. BC Vault solves the problem of random number generation using a truly random number source: the human shaking the device in a unique way. Each wallet generated on the BC Vault is totally unique and not linked to any other wallet on the same or any other device. This is called a nondeterministic wallet.

This is important, because even if you are completely compromised, with passwords, pins, and your device or backup in the possession of an attacker, all your future wallets on the same device will not be affected. The attacker would have to get the backup again every single time you create a new wallet (if you don’t use wallet passwords or pins, in which case the attacker would also need that!).

Some other crypto wallets do not use this approach but use BIP39/44 deterministic wallets. The crucial difference is that wallet/private key entropy is only calculated once for all wallets past, present or future. This allows users a convenient backup system using 24, 12 or 8 words to encode all private keys. One serious drawback of this approach, and why we decided against it is that the attacker only needs these 24 words for total control of your wallets past, present and future.

Attack Vector Examples

Remote Attack

The most common type of attack is a remote attack against your PC. This means that the attacker has no physical access to your device or computer. Various remote attack mechanisms (malware, viruses, exploits) can result in stealing whatever information you enter into your PC. Most hardware wallets (BC Vault included) offer protection against this kind of attack because they require you to physically confirm any actions on the device itself. Better hardware wallets include a screen (the larger the better) for confirming what exactly is happening on the device. The attacker may only change the destination address of a big transaction (this is called a man in the middle attack). It is crucial to your security to verify these details, this is why BC Vault has a large readable screen.

Phishing Attack

This is also a common attack vector for practically all services. Attackers impersonate a legitimate entity over email or web and try to persuade you to give up some important security details such as passwords, pins, 24 words etc.

In the case of BC Vault the most likely information an attacker could obtain are the passwords and pins. The attacker would also need some way to obtain a backup or the physical device, which is highly unlikely.

Contrast this to wallets using deterministic wallet generation (BIP39/44) which only require the attacker to convince the victim to give them their 24, 12, or 8 words. The attacker does not need the physical device or any other information. This has already happened in practice when a user was tricked into using a pre-generated 24 word phrase. Source

Hardware/Software tampering

Attackers could possibly create altered or compromised versions of any hardware wallet or software application. This cannot be prevented with any special hardware or software. Even though this is highly unlikely, it has happened before. Source

The only way to reliably mitigate this attack vector is to buy the hardware from official resellers (no ebay or craigslist) and download software directly from the official website. This goes for any hardware wallet not just BC Vault.

BC Vault does include some mitigations to make it more difficult for attackers:

  • The device is glued shut
  • The firmware is signed by us and cannot be tampered with
  • There is currently no source code available for BC Vault application or the firmware so an attacker has to painstakingly reverse engineer the firmware and software.
  • The application verifies the signed transaction data returned from the device to protect against a rogue device that has been tampered with.

An attacker with physical access to the device

One of the most dangerous attack vectors, because the attacker gains physical access to the hardware (stolen/lost wallet, forgotten or left unattended). This should normally not be enough to compromise a hardware wallet, but it has happened before. Source

In case of BC Vault physical access is insufficient to gain access to the device (an attacker still needs all the passwords and pins). This is proven/simulated by the 1 BTC bounty wallet on every BC Vault. This simulates a worst-case scenario where an attacker has physical access and unlimited time to get inside your wallet. The encryption used in the bounty wallet is exactly the same as the encryption of other wallets on any BC Vault. It has not been emptied yet, which we think is a good sign!

Conclusion

To sum up, BC Vault features 5 separate security elements, 3 that are specific to a device, and 2 that can be set per wallet:

  • Global Password
  • Global PIN
  • Wallet Password
  • Wallet PIN
  • Device itself or a backup

For a successful compromise of your wallet stored on BC Vault an attacker needs all five components. Maybe an attacker could get away with bruteforcing the PIN (which by its nature is limited in input options but can be of unlimited length) but they would still need the passwords and the device itself.

BC Vault can be compromised like any other security device in case of a careless user or a highly motivated and skilled attacker (There is no protection or encryption against someone with a gun to your head!).

To maximize your security it is really important to follow security best practices:

  • Check that any correspondence or URL is correct (i.e. https://bc-vault.com) and that your browser trusts the domain (a green lock in the address bar)
  • Never give your password or PIN to an untrusted person. BC Vault staff will never ask for your password or pin!
  • Securely store your device and backups away even though they are encrypted and do not generally pose a risk (Remember: an attacker would also need passwords and pins)
  • Use strong and hard to guess passwords, if you choose to write them down do not store them with the backup
  • Use BC Vault on a trusted computer with a good antivirus
  • Do not export private keys if it is not absolutely necessary

You might also like