In a Web of Trust (WoT), your identity is a private key. If someone knows that key, they can impersonate you. And if you lose a key, you lose that identity. So what happens when your key gets lost or stolen?
It's possible to create and manage private keys in software like any other data, but for greater security, keys are also managed in secure hardware. These are dedicated chips often called a Trusted Execution Environment.
Apple implemented Secure Enclave
The Secure Enclave is isolated from the main processor to provide an extra layer of security and is designed to keep sensitive user data secure even when the Application Processor kernel becomes compromised. [... it has] an AES engine for efficient and secure cryptographic operations
Android introduced Secure Element
[it enables] tamper-resistant key storage for Android Apps using StrongBox. StrongBox is an implementation of the Keymaster HAL that resides in a hardware security module.
And Microsoft has its Trusted Platform Module
A TPM [is used to] securely create and store cryptographic keys.
The idea is that these dedicated hardware chips create and store cryptographic keys and never let them leave the chip. This is very secure.
With secure hardware, cryptography will revolutionize the way we log in, with FIDO and passkeys and hardware authentication devices like Yubikeys. This stuff also lets crypto hardware wallets keep large amounts of crypto safe from hackers, by storing private keys and never exposing them. There's a whole world of exciting technology here, all based on public-private key cryptography.
...But everything is hackable. Vulnerabilities may exist in both software and hardware (Like this trezor hack). On one hand, "a junior developer is born every minute", and on the other hand, hackers are determined. With physical access, with enough tools and skill, a hacker can read from a secure hardware module (for example, with a cold boot attack.
It's very unlikely for
Top comments (0)