Steem Airgap Hardware Wallet (@Utopian-IO)

in utopian-io •  4 months ago 

Repository

https://github.com/steemit/steem

Components

  • Raspberry Pi ($35) or other offline computer.
  • Smartphone with camera
  • Display device (monitor)
  • Airgap data transfer via QR codes.

secure-security.jpg

Introduction

When you are your own bank, security is of the utmost importance. Using the magic of decentralization, we can create open source solutions that not only give every user the power of being their own bank, but also better security than one. I've been thinking about this idea for a few months now, and I think I've finally flushed it out.

Proposal Description

Steem is in an extremely unique position to situate itself as the most secure cryptocurrency in the world by a wide margin. The technology that makes this possible are its multiple layers of cryptographic permissions.

If the majority of value is staked or temporarily locked on a given account, only the master key needs the upmost security while the rest can be exposed to the Internet with relatively little worry. The problem is as soon as the master key is created or changed it has been exposed to the internet and could theoretically be immediately compromised.

airgap1.png

Airgap

By never exposing the master key to the Internet, we can maintain a level of security unmatched by every other product in the world.

Versus Hardware Wallets

Hardware wallets are not secure compared to an airgapped machine that never touches the Internet in any way. These wallets must connect to potentially compromised machines using USB.

In addition, hardware wallet users are forced to trust the vendor they buy from. Technically, anyone who had access to the hardware wallet before the end-user receives it could hack the wallet and steal all funds deposited thereafter.

create-steem-account.png

By encrypting the Steem master key on a Raspberry Pi, stake holders can be 100% positive that no one else has ever had access to the software installed within, and said device will never have internet access or be connected to a machine with internet access.

We need a technology that turns valid public signed Steem transactions into QR codes.

QR-code-wifi.png

QR codes

By developing the feature that allows one to turn a legitimate signed operation into a QR code, users will be able to utilize their smartphone to scan said code to create the airgap, thereby ensuring that the hardware wallet (Raspberry Pi or other offline device) never has an Internet connection.

I repeat, we can use our smartphone cameras to conveniently give our encrypted private keys unidirectional access to the Internet, allowing them to attain 100% guaranteed network security at all times.

qrcode_big_250x250.png

Limitations

QR codes can contain an astonishing amount of information. It would be quite easy to store 2KB (2048 characters) on a single code, and if the desired transaction was bigger than that, multiple QR scans could be chained together to create the full operation. Considering the maximum size of a Steem block is 65KB this should not be an issue. From there the smartphone would easily be able to broadcast the transaction to the network, or be exported to text form and executed on another machine or cloud service.

example-qr-airgap.png

Example

I want to change my keys. I run an app on the Raspberry Pi that uses my current master key to sign the operation. That operation is converted into a QR code and scanned by an app on my phone. My phone then broadcasts the transaction to the network. My new private keys have now never been exposed to any network in any possible way. Airgap achieved.


airgap2.jpg

This series of events could be used to broadcast any transaction on Steem, even blog posts. If someone wanted to airgap their posting key (however overkill that would be) they could do it.

Benefits Over Competition

Hardware wallets are expensive ($50-$100). There is a lot of overhead surrounding these devices and their demand is high because the financial stakes are paramount. The companies creating them need to pay for this overhead and capitalize on this niche demand in the form of severe markup.

In addition to being expensive, hardware wallets only do one thing: store crypto. A Raspberry Pi is a full fledged computer that can run a fully functioning operating system and a suite of other applications for a cheaper price.

This functionality is not desirable when connecting to the Internet to make a transaction. Thus, traditional hardware wallets thrive on being as closed off and minimalist as possible. However, if the device is airgapped and never becomes exposed to the Internet in any way, it doesn't matter how hackable the underlying device is. Needless to say, the Linux distribution Raspbian is much more secure than mainstream operating systems, even if it doesn't necessarily need to be.

vested trade politicians back door.jpg

Selling points and middle men.

Obviously not everyone will be tech savvy enough to get these devices working as intended. This gives an opportunity for more diehard Steemians to setup these devices and sell them at a reasonable markup. This could be the beginning of a decentralized free market economy.

Because the device is a computer and not a quarantined piece of hardware, updates would be much easier to install, and if the project was a success for Steem, it could branch out and start providing the same service for other blockchains. This would allow functionality to be added indefinitely without having to buy a new device.

Diversification consensus community.jpg

Vendors selling this hardware could also sweeten the deal with other features. At one point I wanted to sell Raspberry Pi computers that contained an emulator with every single NES and SNES game in existence. This is clearly illegal pirating in most locales, but it would very hard to crack down on in a decentralized marketplace where anyone can follow a simple tutorial to get the software installed.

Drawing_of_Raspberry_Pi_model_B_rev2.svg.png

Open source

The Raspberry Pi is an open source product that targets education of open source products. It makes perfect sense that they would be used to secure cryptocurrency.

https://en.wikipedia.org/wiki/Raspberry_Pi

The Raspberry Pi is a series of small single-board computers developed in the United Kingdom by the Raspberry Pi Foundation to promote teaching of basic computer science in schools and in developing countries.

Wifi

Obviously this product is one of very few where wireless Internet access is actually a detriment. However, it's pretty easy to turn the wifi off programmatically, and there are several models that don't have wifi capabilities at all:

raspberry-pi-stats.png

https://en.wikipedia.org/wiki/Raspberry_Pi#Specifications

raspberry-pi-wifi-wireless.png

Conclusion

This might be my best idea for Steem ever. It's cheaper and more secure than current solutions on the market, it promotes open source innovation/education, and it helps bootstrap a decentralized free-market economy. To top it all off, the amount of effort it would take to create the app that makes it all work would be relatively trivial.

Crypto security is absolutely terrifying for new users. If we can create systems that give peace of mind to stake holders, a lot more people will be willing to invest value in our platform. Steem absolutely can lead the pack and provide the absolute best security the cryptosphere has to offer, and I believe we can accomplish this goal with relatively little effort, while still staying true to the tenants of decentralization.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hello, @edicted. Thank you for your detailed idea contribution to the Steem project. I took my time to read and get myself acquainted to the message that you are trying to pass. The Airgap idea is indeed a good and a very powerful one when it comes to securing our Key(s). Recently, a friend messaged me and complained about his token missing from his wallet. He was so sure that he never gave his key(s) to anyone. But well, that is the case when one is careless with their keys or when the place which they have stored the key is not as secured as they thought it would be.

Crypto today, has become a huge asset. Even the smallest fraction of it could become very expensive. Decentralization is awesome, it, however, has its own repercussion, which is, being your own watchman by keeping your key(s) secured.

I have very little knowledge of the Raspberry Pi hardware, I am considering finding more about it. Any helpful link would be appreciated.

On the other hand, I was hoping to see some Algorithms and flowcharts, to make this proposal more practical and illustrative. You might want to consider updating this proposal with that info and perhaps, open an issue on the GitHub repo to get the opinions and thoughts from the other like mind contributor.

Again, thank you for your contribution, and I look forward to your next post.

Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Chat with us on Discord.

[utopian-moderator]

Thank you for your review, @knowledges! Keep up the good work!

Definitely some good things to digest here. Another approach, especially if you are a Windoze user, is to set up a VM with no network connection. You can encrypt the VM drive like BitLocker, then encrypt the VM file for cold storage. The OS in the VM can be anything you are comfortable with.
Remember that the Raspi OS was probably downloaded from the web, so it isn’t completely pristine (though probably more than good enough)...

I was thinking that something of this nature would make a pretty robust POS system for merchants / stores to interact effectively with their customers.

rPi w/ a touchscreen and QR codes -- and a complimentary smartphone app that can scan and broadcast.

Very compelling idea.

I'd give my landlady a Pi as well as a Steem account if this could be done. I hate handing over handy fiat for rent.

"Crypto security is absolutely terrifying for new users. If we can create systems that give peace of mind to stake holders, a lot more people will be willing to invest value in our platform. Steem absolutely can lead the pack and provide the absolute best security the cryptosphere has to offer, and I believe we can accomplish this goal with relatively little effort, while still staying true to the tenants of decentralization."

I think you're absolutely right about computer security. Most people don't have much, because their eyes glaze over when they try to figure it out. Some of the smartest people in the world are constantly breaking it, and I don't even believe it really exists. Physics doesn't really allow for it, and folks that grasp that truth and combine it with malice in their hearts and extraordinary computer skillsets simply can't be effectively countered, and certainly not by mom and pop.

Providing top of the line security will attract reasonable folks that are aware of the problems with computer security and interested in Steem. Cryptocurrency is a pretty high hurdle for many, and lowering that hurdle will put more people in the running.

Lastly, I consider myself one of the tenants of decentralization, but while I appreciate this is true to us, I reckon you actually meants tenets, as in principles, rather than tenants, as in apartments.

Thanks!

As cryptocurrency use becomes more widespread, security measures will become more and more important. This is a wonderful and educational post

This is a great idea. I would definitely be a customer!

Posted using Partiko iOS

Hi @edicted!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server

Hey, @edicted!

Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!

Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!

This is an awesome idea template, are you going to do any of the coding?

Basically Im holding my btc on an airgapped PC all the time already and we want that for steem now. ^^

Posted using Partiko Android