Abstract
Hardware wallets, specialized devices designed to securely manage users' credentials, play a crucial role in securing cryptocurrencies, ensuring credentials remain under user control without reliance on third-party entities. However, despite extensive research on Side-Channel Analysis (SCA) attacks, studies specifically addressing their implications for hardware wallets remain relatively limited. While previous work has demonstrated various SCA attacks on hardware wallets, most of these attacks require sophisticated environmental controls or detailed knowledge of target device. In addition, some attacks assume unrealistic scenarios that require valid credentials to conduct the attacks. This paper introduces a novel SCA attack on hardware wallets to extract master seeds - a foundational component in the security of hardware wallets. Our proposed attack leverages power traces obtained during the processing of the Keyed-Hash Message Authentication Code (HMAC), or more precisely, the Secure Hash Algorithm 2 (SHA-2) inside the HMAC. Notably, our attack is non-invasive, ensuring the integrity of the target device, thereby making it difficult for the wallet owners to detect the attack. Furthermore, our attack can be conducted without a profiling phase, excluding the excessive capabilities required for the attack.
| Original language | English |
|---|---|
| Pages (from-to) | 132677-132688 |
| Number of pages | 12 |
| Journal | IEEE Access |
| Volume | 12 |
| DOIs | |
| Publication status | Published - 2024 |
Bibliographical note
Publisher Copyright:© 2024 The Authors. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.
Keywords
- Cryptocurrency
- hardware security
- side-channel analysis
ASJC Scopus subject areas
- General Computer Science
- General Materials Science
- General Engineering