Replies: 3 comments
-
|
I would add from my site that I would like to have the device's dedicated wallet written both in C and GO starting from GO implementation. |
Beta Was this translation helpful? Give feedback.
-
|
The problem to solve is as follows. |
Beta Was this translation helpful? Give feedback.
-
|
https://www.cryptologie.net/article/500/hardware-solutions-to-highly-adversarial-environments-part-2-hsm-vs-tpm-vs-secure-enclave/ The MAC is easily faked so it will be stupid to use that. The only way to make the wallet part of the device is by using hardware security module (HSM), a secure element (SE), a smart card, a trusted execution environment (TEE) or a secure enclave (SE again) |
Beta Was this translation helpful? Give feedback.
-
Based on a discussion with @dmatusiewicz-consult-red, his idea is to make a wallet to issue transaction signatures containing hardware-related information. This will couple the wallet and hardware and prevent coping wallet and issuing or signing transactions from different devices.
For example, the wallet will always issue transactions with the device's MAC address and the signature will add this hardware information to the signed message. We can go even further and compile the wallet binary to be only executed on the dedicated device.
This will add to the security preventing duplications of the wallet in an environment where the device is the entity we want to secure and easily validate its parameters like a fleet of cars or tags.
Beta Was this translation helpful? Give feedback.
All reactions