French Cybersecurity Agency Grants Security Certificate to Ledger Nano S Hardware Wallet


0

The Ledger Nano S from French crypto hardware wallet firm Ledger has received a First Level Security Certificate (CPSN) from France’s national cybersecurity agency, ANSSI. The development was shared with Cointelegraph on March 18.

The National Cybersecurity Agency of France (ANSSI) reports to the Secretariat-General for National Defence and Security (SGDSN) in order to assist the French Prime Minister in matters of defence and national security. According to their list of certified products, 122 out of 261 products that ANSSI has started evaluating since June 1, 2018, have been certified.

Products aspiring to receive a CPSN certificate undergo a series of evaluations by an ANSSI lab, with testing for multiple attack scenarios that challenge the product’s security. Evaluations span “firewall, identification, authentication and access, secure communications, and embedded software.”

Claiming a crypto hardware wallet industry first, Ledger underscores the importance of receiving an independent third party certification to attest to the security of its offering, and says the CPSN for Ledger Nano S is the beginning of an overall effort to certify all of their products.

The blog post outlines that Ledger also operates its own in-house security evaluation “Attack Lab,” dubbed Ledger Donjon, which tests products’ resilience for a variety of threat scenarios.

The company has also reportedly developed a custom operating system, BOLOS (Blockchain Open Ledger Operating System), to couple software and hardware strategies that enhance security.  

According to the blog post, the CPSN certificate covers a gamut of core embedded security functions, including a true random number generator, which is created via hardware and then post-processed through BOLOS, in compliance with security guidelines established in France’s Security General Referential.

Other CPSN-certified security functions include a root of trust — which ensures that a given Nano S is authentically issued by Ledger — end-user verification measures, such as mandatory PIN numbers for accessing services, and post-issuance capability, which occurs over a secure channel.

As Cointelegraph reported last December, researchers have claimed they were able to hack the Ledger Nano S, as well as crypto hardware wallet Trezor One, and Ledger’s most expensive hardware wallet offering, the Ledger Blue. The day after the report, Ledger argued that the reported vulnerabilities in its hardware wallets were not critical.

This February, Ledger apologized for — and pledged to remedy —  issues with a recent firmware update for Nano S, which had inadvertently decreased the device’s storage capacity.


Like it? Share with your friends!

0

What's Your Reaction?

hate hate
0
hate
confused confused
0
confused
fail fail
0
fail
fun fun
0
fun
geeky geeky
0
geeky
love love
0
love
lol lol
0
lol
omg omg
0
omg
win win
0
win
COINTELEGRAPH

Choose A Format
Story
Formatted Text with Embeds and Visuals
Video
Youtube, Vimeo or Vine Embeds
List
The Classic Internet Listicles
Open List
Submit your own item and vote up for the best submission
Countdown
The Classic Internet Countdowns
Poll
Voting to make decisions or determine opinions
Ranked List
Upvote or downvote to decide the best list item
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Meme
Upload your own images to make custom memes
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format