10 reasons why SafePal S1 is secure(Part I)

10 reasons why SafePal S1 is secure(Part I)

“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”

― Benjamin Franklin

A cryptocurrency wallet plays a critical role in the protection of crypto assets. Currently there are hundreds of cryptocurrency wallets on the market with different designs, functions, and characteristics. Before choosing the most suitable wallet, customers should always put security in the first place when evaluating all purchasing strategies. This article unveils the competitive security features of SafePal S1 hardware wallet, and provides practical tips for keeping your assets safe.

1. True random number generator

* What is it?

Wikipedia definition: “A random number generator (RNG) is a device that generates a sequence of numbers or symbols that cannot be reasonably predicted better than by a random chance. Random number generators can be true hardware random-number generators (HRNG), which generate genuinely random numbers, or pseudo-random number generators (PRNG), which generate numbers that look random, but are actually deterministic, and can be reproduced if the state of the PRNG is known…Random number generators have applications in gambling, statistical sampling, computer simulation, cryptography, completely randomized design, and other areas where producing an unpredictable result is desirable. Generally, in applications having unpredictability as the paramount, such as in security applications, hardware generators are generally preferred over pseudo-random algorithms, where feasible.”

To put it in an explicit way, a random number generator(RNG) is a device to create a random number. The main difference between true random number generators(TRNGs) and pseudo-random number generators(PRNGs) is that TRNGs use an unpredictable physical means to generate numbers (like atmospheric noise), and PRNGs use mathematical algorithms (completely computer-generated). The randomness level of a true hardware random number generator(TRNG) is higher than a pseudo random number generator(PRNG).In our daily life, the RUG embedded within most of the cellphones, tablets, and PCs is PRNG.

The difference between the true random number generator and pseudo number generator
Random number generator technology is widely adopted in various industry, such as gambling

* Why does it matter?

RNG is an important technology used to create a private key in cryptography. In Bitcoin, a private key is a 256-bit number. This list of numbers controls the ownership of your bitcoin account. The more random it is, the more secure it will be. Per mentioned, The randomness level of a TRNG is higher than a PRNG. When you need to create a new wallet on a cryptocurrency wallet, having a TRNG inside the wallet meaning your private key is inherently more random and unique than the ones created on cellphones or PC.

SafePal S1 is embedded with a TRNG qualified with both the AIS31 standard from the Germany BSI and the FIPS PUB 140–2 standard from the U.S. government computer security standard, the two most well-known standards of encryption and information security. Both AIS31 and FIPS PUB 140–2 standards have utilized more advanced and strict testing criteria to test upon the quality of random number generator instead of regular randomness examinations.

Most of the random number generators installed in computer and cellphone are pseudo random number generators

2. Financial grade EAL5+ secure element

* What is it?

SafePal S1 adopts a dual-chip architect, separating sensitive security logic from general business logic inside the product. Inside SafePal S1 there is embedded with an independent security element, whose purpose is to solely protect the safety of private keys and sign every ‘sending out’ payments. Details can be found here.

* Why does it matter?

Opposite to dual-chip architect, some cryptocurrency wallets are using singular-chip architect, managing the general logic(such as push button, display and etc) and security logic(requesting the private key, signing transactions, etc) all together on a single general chip. This measure is cost-productive and easier to implement, yet the security level is worrying. Continuous hacking cases on singular-chip wallets like Keepkey, Trezor have been happening, drawing growing attention to wallet security. Though hardware wallet is normally offline already, it is also important to keep the private key isolated and secure from within, in case to prevent security breach inside the device.

SafePal is embedded with financial grade EAL5+ secure element, protecting the ultra-security of your private key

3. Multiple layers of security sensors

* What is it?

Security sensors are the components mounted around the secure element, detecting every abnormal act from the external environment. SafePal is embedded with at least 7 layers of security sensors including a light sensor, frequency sensor, temperature sensors, and others. Each sensor is allergic to a different type of external attack.

* Why does it matter?

Though a hardware wallet is inherently isolated(or partially isolated) from the internet, disabling most of the remote attack techniques, it is still important to keep it immune and protected from other types of attacks such as short distance attack or penetration attack. By building-in the multiple sensors around the secure element, the device will be sensitive to various attacks and initializing according to actions toward the malicious attempts.

4. Self-erasing mechanism

* What is it?

Per mentioned in item 3, inside SafePal S1 there lays multiple layers of security sensors. On SafePal S1, once if there is an abnormal attack detected, the sensor will trigger the self-erasing mechanism inside the secure element, wiping the private key off the device, keeping the hacker from getting a hand on the precious key.

* Why does it matter?

This measure can protect users’ assets from short distance attacks or penetration attacks. In the case of the device missing, you can still rest assured about the security of your assets. In the case of self-destroy or accidentally triggering the mechanism, users can still restore their crypto assets via SafePal recovery mechanism. By inputting the correct mnemonic phrase(or seed), the wallet account can be recovered anytime.

SafePal self-erasing mechanism protects your crypto assets from a brutal hacking attempt

5. 100% offline hardware architect

What is it?

Some users challenge the usage case of a hardware wallet saying that the so-called ‘cold storage’ of a hardware wallet is nothing different from keeping the private key in an abandoned cellphone whose internet is cut off. Yet the opponent neglects two major factors in the use cases of a hardware wallet:

1) Keeping the device offline doesn’t equal with simply cutting off the internet

Keeping the device 100% offline actually means 1)there is no communication module installed in the device, thus cannot ‘talk’ to the external environment, and 2)third parties cannot penetrate and read data from the device by any means.

Cutting the internet off on the cellphone doesn’t really disable its ability to communicate with the external world. Hackers could easily turn it on when they get hold of the device. And even if the WiFi/Bluetooth/internet module is taken off from the cellphone, it is still vulnerable to data stealing when the attacker use tools to root the system and read the data from the device.

In both ways, using a specially designed security hardware would be of the best option to protect your private key.

2) The most common use case of a hardware wallet is not just for keeping the private key safe, but also enable crypto management on a daily basis.

As blockchain and cryptocurrencies continue to scale, we are walking into a future where crypto transaction becomes more ordinary in daily life. For a hardware wallet, it is not only important to make sure the wallet does its own job in keeping the asset secure, but also be flexible and accessible in mass adoption user cases. Keeping a private key in an abandoned cellphone or hardware drive sounds reasonable if you are a long-term holder, but it makes no sense when we trade and manage crypto from time to time.

In such a case, managing crypto assets with a user-friendly hardware wallet would be the best option.

*Why does it matter?

SafePal S1 is not embedded with any communication modules such as Bluetooth, NFC, WiFi or the internet. Furthermore, there is not an external port for data acquisition. The only USB port on the SafePal S1 is limited only for charging and firmware upgrade. In the case of firmware upgrade, there are security details considered, which will be mentioned in the next chapter of ’10 Reasons why SafePal is secure(Part II)’.

To be continued in ‘10 reasons why SafePal S1 is secure(Part II)’…