First Level Security Certificate (CPSN) Given To Ledger Nano S By France’s ANSSI
Ledger Nano S was originally developed by the French crypto hardware wallet Ledger. Having already planned on fixing issues with the firmware update for this product, impacting the storage capacity of the device, it looks like the Ledger Nano S is making new progress. According to CoinTelegraph, the hardware wallet has recently received the First Level Security Certificate (CPSN), which was given by the ANSSI national cybersecurity agency of France.
All matters of defense and national security involving ANSSI are reported to the National Defense and Security (SGDSN) to support the French Prime Minister. Presently, since ANSSI began evaluating the 261 products for certification in June 2018, there have been 122 products certified.
Any company that aims to get its product a CPSN certificate has to first go through multiple evaluations by an ANSSI lab. The lab’s testing process often involves multiple attack scenarios that will examine the strength of the product’s security protection. The evaluations particularly involve the firewall, user identification, secure communications, and embedded software.
With their fast entry into the crypto hardware wallet industry, Ledger has placed high importance on being certified by a third party that can attest to how secure their product is. Presently, Ledger believes that the Ledger Nano S wallet is just the first of many products that they will ultimately have certified with the CPSN.
Along with the third-party evaluation, the blog post announced that Ledger already has a security evaluation, performed through the “Attack Lab,” which is also known as Ledger Donjon. The evaluation goes through multiple threat scenarios to see how well the products could hold their own. Ledger also has the Blockchain Open Ledger Operating System (BOLOS), which is a customized operating system that pairs both software and hardware protocols that improve security for products.
The new certificate covers multiple embedded security functions, like a true random number generator that the hardware creates. From there, it is post-processed by BOLOS, following the French security guidelines that are detailed in the Security General Referential.
The security verification has become even more important to Ledger lately after researchers demonstrated how easy it is to hack Ledger Nano S in December last year. The researchers showed the same results for the Trezor One hardware wallet and the Ledger Blue wallet, which is the most expensive hardware offered. Right after the report, Ledger released a statement to indicate that the vulnerabilities were not considered critical.