Comparison of blockchain e-wallet implementations

Eliasi, Behnam, Javdan, Arian

January 2019

With the rise of blockchain technology and cryptocurrency, secure e-wallets also become more important. But what makes an e-wallet secure? In this report, we compare different aspects of ewallets to see which alternatives are secure and convenient enough to be used.This report contains comparative analyses of different implementation for e-wallets. The problem area is divided into three smaller areas: Key storage, authentication, and recovery. These problem areas have defined criteria for what is considered good qualities in each respective area.The results show that for key storage, the best options are, Android’s keystore/IOS’ secure enclave, offline storage or a hybrid hot/cold storage. For authentication, the best alternatives proved to be BankID and local authentication through the phone’s OS. Good Recovery alternatives include recovery seeds that recover the whole e-wallet or using multiple keys for both signing and recovery.The proof of concept made for this project uses three different storage methods with the authentication methods for each one and with the possibility of recovery in case a key should be lost. The storage methods used are offline storage thought QR-codes, online storage with firebase and local storage with Android keystore or Secure enclave. Authentication is done with Facebook/Google sign in or local authentication. / Med blockkedja och kryptovalutornas ökande popularitet blir säkra e-plånböcker allt mer viktiga. Men vad gör en e-plånbok säker? I detta arbete ska olika implementationer för e-plånböcker undersökas för att se vilka alternativ som är tillräckligt säkra samt användarvänliga.Problemområdena delas upp i följande delar: nyckellagring, autentisering och återhämtning av stulen/förlorade nycklar. Arbetet innefattar jämförelser mellan olika lösningar till dessa områden med definierade jämförelsekriterier.Resultatet visar att för nyckellagring är de bästa alternativen Androids keystore system/IOS secure enclave som båda är en form av säker lagringsplats på telefonen, offline lagring och hybridlagring som enkelt förklarat är en tjänst som bevarar data offline och gör den online när användaren väl vill ha tillgång till datan. För autentisering är de bästa alternativen BankID och lokal autentisering genom telefonens operativsystem. För återhämtning av nycklar är de bästa alternativen recovery seed eller att använda multipla nycklar för både signering och återhämtning.En proof of concept gjordes där lagringsmetoderna papper (exempelvis QR-kod), online-lagring med Firebase och lokal lagring med Android keystore eller Secure enclave implementerats. Autentiseringen sker med hjälp av Facebook/Google login och lokal autentisering. Återhämtning görs med två utav tre nycklarna som används för både signering och återhämtning.

Blockchain

key storage

mobile payment

e-wallet

authentication

Blockkedja

nyckellagring

mobilbetalningar

e-plånbok

autentisering

Computer and Information Sciences

Data- och informationsvetenskap

On Statistical Properties of Arbiter Physical Unclonable Functions

Gajland, Phillip

January 2018

The growing interest in the Internet of Things (IoT) has led to predictions claiming that by 2020 we can expect to be surrounded by 50 billion Internet connected devices. With more entry points to a network, adversaries can potentially use IoT devices as a stepping stone for attacking other devices connected to the network or the network itself. Information security relies on cryptographic primitives that, in turn, depend on secret keys. Furthermore, the issue of Intellectual property (IP) theft in the field of Integrated circuit (IC) design can be tackled with the help of unique device identifiers. Physical unclonable functions (PUFs) provide a tamper-resilient solution for secure key storage and fingerprinting hardware. PUFs use intrinsic manufacturing differences of ICs to assign unique identities to hardware. Arbiter PUFs utilise the differences in delays of identically designed paths, giving rise to an unpredictable response unique to a given IC. This thesis explores the statistical properties of Boolean functions induced by arbiter PUFs. In particular, this empirical study looks into the distribution of induced functions. The data gathered shows that only 3% of all possible 4-variable functions can be induced by a single 4 stage arbiter PUF. Furthermore, some individual functions are more than 5 times more likely than others. Hence, the distribution is non-uniform. We also evaluate alternate PUF designs, improving the coverage vastly, resulting in one particular implementation inducing all 65,536 4-variable functions. We hypothesise the need for n XORed PUFs to induce all 22n possible n-variable Boolean functions.

PUF

Boolean function

function distribution

arbiter path

digital fingerprint

secure key storage

cryptography

system security

hardware security.

Computer and Information Sciences

Data- och informationsvetenskap