Ledger, the Paris based blockchain and cryptocurrency security company, announced this week that its Ledger Nano S device received CSPN (Certification de Sécurité de Premier Niveau/ First Level Security Certificate) certification, making it the first and only certified hardware wallet on the market.
The security certificate is issued by ANSSI (Agence Nationale de Sécurité des Systèmes d’Information/National Agency for Information Systems Security), the French cybersecurity agency.
The CSPN Certification scheme was established in 2008 and is a process for undergoing evaluation across several categories, including firewall, identification, authentication and access, secure communications and embedded software. To achieve certification, ANSSI’s selected laboratory puts the product through multiple attack scenarios to challenge its security.
“We are proud to announce this independent certification from ANSSI. At Ledger, security is paramount, and while anyone can claim to have a secure product, it means much more coming from a trusted third party. This is an important milestone for Ledger, but it is only the starting point of a broader effort to certify all our products.
External Assessment
Ledger constantly looks to enhance the security of its products, leveraging both external security researchers in its Bounty Program, as well as its industry-leading, in-house Attack Lab, the Ledger Donjon. Ledger’s Attack Lab looks to test the security of its products through state-of-the-art attacks to ensure the company is staying ahead of the latest threats. While internal programs are needed, an external and independent assessment further validates the company’s commitment to industry-leading security.
The Ledger custom operating system, BOLOS (Blockchain Open Ledger Operating System) and crypto-asset apps run on top of their secure hardware. It’s this combination of software and hardware that brings the highest level of security to each of the company’s products.
The Leder team says it will look to get this certification for additional Ledger products, including the recently launched Ledger Nano X, which is now available to start its certification process.
What CSPN Certifies
The following core security functions embedded in the Ledger Nano S are covered by the CSPN Certificate:
- True Random Number Generator: To be aligned with the CSPN security evaluation scheme, Ledger strictly complies with security rules defined in the Security General Referential (also known as RGS. In short, the Random Number generated by the Secure Hardware is then fully post-processed by Ledger through the BOLOS. It is Ledger’s implementation that makes a user’s hardware wallet unique related to the seed.
- Root of Trust: This security function ensures the end-user that their Nano S has been issued by Ledger. This feature can appear basic, but it is vital as it supports the security model and prevents attacks. A Root of Trust has been put in place by Ledger, acting as the Certification Authority, to ensure the user’s device is genuine. This genuineness is based on a mutual authentication between the Ledger Nano S and Ledger’s Secure Server. In other words, the Ledger Nano S authenticates the Ledger Secure Server and vice-versa — this ensures that it’s not possible to create a counterfeited and possibly backdoored device.
- End-User Verification: This security feature is the Personal Identification Number (PIN) that the End-User must enter correctly before accessing all services provided by the Ledger Nano S. Having an End-User Verification to ensure only the genuine Ledger Nano S holder can access to their hardware wallet is a good start, but having a robust and secure implementation of this PIN verification is even safer. This security function ensures that it’s not possible to get access to the critical assets (such as the user seed) without knowing the correct PIN value — even for an attacker with physical access.
- Post-Issuance Capability over a Secure Channel: On one hand, the Post-Issuance Capability is useful: Ledger not only can add new features to increase the security level of the product, but also reinforce it. When designing the Ledger Nano S, Ledger ensured implementing this security feature. For instance, this post-issuance capability is only available after successful mutual authentication is performed.