This page is intended to describe the threat model of Ledger Nano S and Nano X devices. It first lists the main security objectives the devices intend to fulfill. Then it describes the security mechanisms implemented in order to actually reach these objectives. The associated threats to these security mechanisms are also mentioned.
The main security objective of the Ledger Nano devices is to provide a physical and logical security to users’ funds. This objective can be divided in the following sub-objectives:
- Guarantee the confidentiality of user seeds and private keys.
- Ensure the use of digital assets is performed under user consent. In particular, the device shall prevent attackers from misleading the end user (e.g. by displaying arbitrary data on the device screen).
- Provide a mechanism allowing the user to verify that her device is genuine.
- Protect users’ privacy. In particular, the device shall prevent users from being uniquely identified.
- Protect the confidentiality of the firmware and the IP of the Secure Element.
For the sake of clarity, some basic definitions are recalled. In particular, the roles, the key usage and the components of the devices are recalled.
- End user: The end user is the happy owner of a Ledger Nano S/X. She has physical access to the device.
- Firmware developer: Only some Ledger employees can develop the Firmware of the Ledger Nano devices. They are in charge of developing the OS and its cryptographic library.
- App developer: Anyone can develop an app running on top of the Ledger Nano S OS (BOLOS). Developing on Ledger Nano X requires Ledger authorization though.
- HSM: Hardware Security Modules are basically remote computers able to check the device genuineness and perform privileged operations (install/remove apps, update firmware) on the devices.
Key Usage Scenarios
- User installs apps thanks to the Ledger Live application.
- User makes cryptocurrency transaction thanks to the Ledger Live. Critical pieces of information are displayed and confirmed on the device.
- User updates her device thanks to the Ledger Live application.
High Level Architecture
The Ledger Nano S and Nano X are composed of:
- A Secure Element (ST31 for Nano S, ST33 for Nano X)
- A general purpose MCU (STM32F042 for Nano S, STM32WB55 for Nano S)
- External peripherals: screen, buttons
The following schema describes the architecture of the Nano S. On the Nano X, the buttons and the screen are directly connected to the Secure Element.
Several security mechanisms are implemented at different levels. In the following we’ll distinguish device security mechanisms, OS security mechanisms and app security mechanisms.
|Level||Security Mechanism||Security Objectives|
|Device||Secure Display and Inputs||Confidentiality of user seeds, User consent|
|Device||Physical Resistance||Confidentiality of user seeds, Confidentiality of the firmware|
|OS||PIN Security Mechanism||Confidentiality of user seeds|
|OS||Random Number Generation||Confidentiality of user seeds|
|OS||Confidentiality of Seed and Private Keys||Confidentiality of user seeds and private keys|
|OS||Confidentiality and Integrity||Confidentiality of the firmware|
|OS||Transport Security||Confidentiality of the firmware|
|App||Isolation||Confidentiality of private keys, User consent|
|App||User Consent||User consent|