Building mudge's wallet

By ANIL JOHN on | Permalink

It is not the beauty of a building you should look at; its the construction of the foundation that will stand the test of time - David Allan Coe

The digital wallet is the killer app for the completely open source hardware and software “digital mobile safe” program led by mudge (aka Peiter) Zatko, at Google’s Advanced Technologies and Projects (ATAP) Group back in 2015. We need it today!

Digital wallets are core to enabling individual agency and control over sensitive data in online and offline interactions. In many ways, the European Union is leading this charge with the massive identity ecosystem orchestration they are currently in the midst of.

At the same time, to ensure that wallets truly remain under individual control we must pay attention to choices being made in its development such that the future does not become a collection of proprietary vertical cylinders of excellence (silos), and that individuals have true choice in how and when they select wallets for their personal use.

However, there is a curious but important missing element in all of these digital wallet conversations; everyone talks about protocols to interact with a wallet and what should or should not be stored in a wallet, but there is little to no discussion about ensuring the openness, consistency and fidelity of the core security, privacy, cryptographic and storage aspects that a wallet actually needs!

Common need across digital wallets

Let us fast forward in time to understand what is needed:

  • I am an EU Citizen with a EU Digital Identity (EUDI) Wallet who is seeking to live and work in the US. I need to interact with the US Government to provide information about who I am, and at the end of that process receive some manner of immigration or work permit related credential. Since I already have an EUDI Wallet, I would like provide information to the USG from that wallet and in turn continue to use that wallet to store any immigration credential I get from the USG.

  • I am a Canadian who is looking to live and work in the EU and when seeking employment there would like to use the digital wallet from my Province that stores my identity information as well as education credentials. My potential employer supports, per EU regulation, the ability to consume these credentials in a digital form.

  • Following upon both of the above scenarios, I would like to open a bank account using my digital wallet to present the needed information for KYC.

There are so many more variations of this that span the public and private sector, as well as a variety and combinations of credentials.

The commonality across ALL of them is not the credentials, or the protocols, but the underlying foundation and “trustability” of the digital wallet itself by a counter-party. Everything else is pipes and payloads.

And that, to my mind, is what the Google ATAP Project Vault showed could be done in a completely open manner, such that you can actually have independently verifiable confidence in that wallet when it shows up at your digital front door.

Google ATAP Project Vault

I would highly recommend folks watching the video below, which includes both a great introduction by Regina Dugan (formerly the first female director of DARPA) as well as the overview and demo of the capability by mudge.

So the question is, why build this [...]

It turns out, you already have security elements in your phones and your computers. SIM Cards; they protect the things that are important to the carriers. Trusted platform modules, or TPMs; they protect the things that are important to the OEMs and the content providers. [...]

So, where is the security element that protects the things that are important to you, that you have complete control over? So we made one!

[...] So what do developers have to do to get the phones or laptops or IOT devices ready to use Project Vault? Nothing! The host system thinks this is a regular storage device.

mudge

Link to Project Vault YouTube video

 

As I wrote back in 2015:

Project Vault is a micro-SD form-factor card that, when plugged into a device, makes available to the device a suite of cryptographic tools to enable hashing, signing, bulk encryption, streaming encryption as well as a strong hardware random number generator.

The algorithms in the vault are not exposed to the host system so you can plug it into an untrusted device while being confident that the host system will not be able to corrupt the vault’s crypto services.

It also comes with 4GB of isolated, sealed storage which can be used for enabling capabilities such as an immutable logging system where evidence of malicious activity cannot be covered up by tampering with the logs.

It is operating system agnostic, so will work with a variety of both mobile and desktop operating systems. To the OS it behaves like a proc file system without any kernel drivers, which means that developers don’t have to do anything special in order to utilize it.

The one change I would hope for in any current day implementation “… is a Security Key form-factor with USB-C …” because USB-type C is mandated to become EU’s standard by the end of 2024, and where the EU is leading with that, the world will follow.

Opportunity for personal, truly open digital wallets

There is a clear opportunity here to implement an open source hardware(!) and software foundation (the vault) to enable secure and interoperable wallets that can be used for a variety of purposes, that truly remains under the control of an individual.

However, for anyone going down this path, what will become critical to their success is what they choose not to do rather than what they actually do.

In order to provide a truly open foundation for a digital wallet that is under the personal control of an individual, it will require them to:

  • keep the focus on enhancing and making production ready the foundational vault capabilities to support hardened, accelerated cryptographic operations and secure storage that are needed for any type of digital wallet
  • build well documented APIs to interact with the core vault services that are open, royalty free and free to implement for anyone
  • think through how best to put into place an independent assessment/verification mechanism with a high degree of transparency and credibility that allows counter-parties to assess the “goodness” of an implementation

I anticipate that the hardest challenges here will not be technical, but instead will be to:

  • resist the pressure from handset and platform vendors who will seek to influence the work in a manner such that the capabilities being externalized into the vault continue to be gatekeeper’d by them
  • resist the use of platform or vendor specific hardware security elements instead of the open source externalized hardware security elements demonstrated by Project Vault
  • resist getting dragged into the political infighting around directly implementing the variety of credential types or credential issuance and presentation protocols directly in the vault; it should be the responsibility of those specific communities to define and standardize how their protocols can utilize the open platform and vendor neutral vault APIs.

Building on an open source foundation

I have no visibility into or awareness of what happened with Project Vault after mudge moved on from Google ATAP. What I do believe is that he, particularly given his prior stint at DARPA, looked around the corner for what was coming, drove the work that was needed to be ready for that future, and made sure it was as widely available as possible by making it entirely open source!

That is a gift that should not be wasted!

newRecently: Commons are not tragic

Elinor Ostrom, the first woman to be awarded the Nobel Prize in Economic Sciences, debunks the “Tragedy of the Commons” which posits that “Humans, when left to their own devices, compete with one another for resources until the resources run out.”

Her research revealed that “Far from being profoundly destructive, we humans have deep capacities for sharing resources with generosity and foresight.”

The features of successful systems, Ostrom and her colleagues found, include:

  • clear boundaries (the ‘community’ doing the managing must be well-defined);

  • reliable monitoring of the shared resource;

  • a reasonable balance of costs and benefits for participants;

  • a predictable process for the fast and fair resolution of conflicts;

  • an escalating series of punishments for cheaters;

  • and good relationships between the community and other layers of authority, from household heads to international institutions.

This has implications for and provides hope to those who are building and investing in the “Internet Commons”.

  • Project Vault available under the Apache 2.0 License - “Verilog and VHDL and all the code for the security based Real Time Operating System (RTOS), the SD Controller firmware to allow communications with the host systems, the NAND flash translation layer so you can manipulate the sealed storage, the hardened and accelerated hardware crypto cores, and the interface description language so you can talk to it. Even the processor is open source - the OpenRISC1200”

  • The Wallet Wars Are Not About Money, They Are About Identity - “Around the world the transition from physical wallets to digital wallets is well underway. An Accenture survey of 16,000 customers in 13 countries found that 56% of them were using digital wallets more than five times every month (compared with only 48% using cards that often) and they interpret these results to mean that heading towards a hundred billion dollars of annual payments revenues for banks are “at risk”.”

  • OpenWallet Foundation - “The mission of the OWF is to develop an open source engine to enable secure and interoperable multi-purpose wallets anyone can use to build solutions. The OWF aims to set best practices for digital wallet technology through collaboration on open source code for use as a starting point for anyone who strives to build interoperable, secure and privacy-protecting wallets.”

  • World Wide Web Consortium (W3C) is now a public-interest nonprofit organization - “… perhaps the best insurance policy came in the form of what has been described by The Boston Globe as Berners-Lee’s “greatest act of all” in being something he “didn’t do:” require fees for patents. Instead, a royalty-free patent policy was created so that people who use patents covering technologies in their standards don’t have to pay royalties or fees. Other standards development organizations have since copied this over the years since it was developed in the early 2000s.”

Continue the Conversation

 Reply via Email


Get the best cybersecurity research, resources and insights to help secure and safeguard the digital world; via 
No Spam. Unsubscribe Anytime.

© 2014-2025 Kylas Group, LLC