The internet can be a dangerous place, and 2020 seems to be a year where literally anything goes. Whether deep-fakes, DDoS attacks, ransomware, clipboard leaks, zoom insecurity or the dark-patterns of browser fingerprinting — these risks touch all of our digital lives each and every day. At the IF, we are painfully aware of the extent to which third-party dependencies can introduce risks.
What we have learned from the perpetual attacks on our ecosystem is that security must be a guiding principle in Distributed Ledger Technologies, not an afterthought. We need to be vigilant about our entire stack and operations. The mindset of “security-first” must affect not only our practices but also drive our software design decisions.
As a foundation committed by charter to the dual notions of contributing to open-source and furthering education, we are morally compelled to put our energies into improving the greater good — not merely our own lot.
In this context of being a “good digital citizen”, the best thing we can do is to offer a means to enhance the security posture of all types of software, including cryptocurrencies, distributed ledger technologies, and even financial infrastructure like exchanges and custody wallets. Specifically, we seek to strengthen the working environment for developers, enhance the security of applications, and give everyone better options for securely storing and safely using high-value digital secrets.
There are many challenges involved in securely managing digital secrets like passwords, vehicle access codes, and wallet seeds:
- High-value secrets like private keys need to be encrypted at rest, using modern and secure algorithms
- Such secrets need to be purged from device memory immediately after use
- Users must be able to configure systems to their security needs
- Applications need to run on any type of hardware from phones to cars, where possible leveraging Trusted Execution Environments.
- Must be extensible with hardware security like Yubikey and Ledger Nano
- Must use as few external dependencies as possible
- Must be fully audited by third-party security professionals
- The underlying libraries need to be managed by a reliable and active maintainer
We spent some time investigating existing projects, but unfortunately, we couldn’t tick all the boxes and decided to forge ahead and build the Stronghold to secure all of the above.
Stronghold is a secure software implementation with the sole purpose of isolating digital secrets from exposure to hackers and accidental leaks. It uses versioned, file-based snapshots with double-encryption that can be easily backed up and securely shared between devices. Written in Rust, it has strong guarantees of memory safety and process integrity. The high-level developer-friendly libraries integrate the IOTA protocol and serve as a reference implementation for anyone looking for inspiration or best-in-class tooling. The low-level libraries have no notion of cryptocurrency embedded within them and can be used in their entirety without the high-level libraries. In other words, anyone from any industry can use it.
At IOTA, we will begin rolling out the IOTA Stronghold to secure the new wallet. In the next phase, we will have tight integration with IOTA Identity. We look forward to working with exchanges to discover new patterns of usage for Stronghold and are also excited about the many possibilities it brings to our work with smart contracts.
The primary task of Stronghold is to isolate the activity of “privileged” functions from other programs. For example, a primary goal is to create a software enclave where private keys are used to sign messages without revealing those keys to other functions. In the near future, we expect to move the Stronghold stack to Trusted Execution Environments (TEE) and integrate it into custom hardware.
It is based on a suite of low-level libraries known as Stronghold Engine that provide tooling and algorithms to build secure systems in Rust in a way that can be embedded and deployed to devices regardless of architecture and operating system. This collection of libraries deals with the obfuscation, encryption, usage, and sharing of secrets between devices. It has been in research and development for the past 8 months — beginning at https://ionary.dev — and it culminated in a successfully completed grant from the IOTA Ecosystem Development Fund. Its code can be reviewed here at GitHub and its principal author, Tensor, has prepared both a retrospective about its development as well as an introductory video.
Stronghold is written in stable Rust and has four primary components:
- low-level, modular libraries for building a secure blackbox of versioned data with a file-backed snapshot-oriented persistence layer that enables users to securely share their data between devices (beta quality)
- high-level libraries that integrate IOTA with the low-level libraries and expose them in an intuitive way (pre-alpha, currently in active development)
- an actor-model interface for security-focused applications that use Rust (pre-alpha, currently in active development)
- FFI bindings to other programming languages like C, Java and Node.js (available soon)
Because of its composability, there are many exciting applications that can be built using Stronghold — not just cryptocurrency wallets. Its low-level engine is totally use-case agnostic and so flexible that the encryption algorithms can be swapped out at your leisure, composed in new ways, and extended with other parts of virtually any stack. The high-level libraries will be so solid that you can entrust them with doing things the right way.
Here are just a few ideas of the possibilities to help you get your juices flowing:
Alice’s IOTA wallet is protected by Stronghold, which she can configure (as seen in the image above) to watch over the activity in her wallet and prevent dangerous events from taking place.
Alice the daytrader and her exchanges can collaboratively use Stronghold distributed key generation and BLS threshold signatures for enhancing the auditability of high-volume IOTA token transfers.
Password Management Tools
Securely scrubbing memory after using a password is a common vulnerability in password managers. Stronghold will help Alice to be safer.
Alice rents a movie using her Phone to playback on her Smart TV. The movie is sent to the TV as an encrypted stream and a decryption key is synced to her device’s Stronghold. After 48 hours the key is deleted from her Stronghold by the service and the video can no longer be played.
GDPR Data Processors and Controllers
Instead of storing personally identifiable information in a centralized database that can get stolen in one fell swoop, Alice can choose to share and revoke access to her data directly from her Stronghold-powered application.
Alice securely shares her passport information with her travel agent, and because of the way that Strongholds sync with each other, when the travel agent no longer needs the passport data, she can remove his access to it.
Using the Stronghold command-line interface or system daemon as a local secret and retrieval system enhances Alice the programmer’s operational security and helps prevent accidental disclosure.
Stronghold has not yet been formally audited for security vulnerabilities and is moving toward the next phase of public community engagement. We are now making this work public, in the hopes that the open-source and security communities find the opportunity to review the design and implementation. At any rate, in late Autumn 2020, Stronghold will undergo a full external security audit. After the audit’s conclusion and respective revisions, we will declare the project mature enough to be used in your projects.
The very first internal test of Stronghold will be in its integration with the forthcoming official wallet built for Chrysalis (which will be externally audited before release). It will be the storage mechanism for securing seeds and personally identifiable information. Stronghold will also enable users to enhance their wallet security with Ledger secure storage and Yubikey access.
Official Repository: https://github.com/iotaledger/stronghold.rs
Low-Level Video Introduction: https://youtu.be/pd-XWaGLIck
As always, you can join our Discord to give feedback, comments, and join the discussion.