A comprehensive threat modelling framework for Ledger hardware wallets using automated planning (PDDL) and formal methods (Alloy).
This project provides formal security models and threat analysis for Ledger hardware wallets, including:
- Attack Planning Models (PDDL): Automated discovery of attack paths and vulnerabilities β Working
- Formal Security Models (Alloy): Mathematical specifications of device architecture and security properties
β οΈ Work in Progress - Comprehensive Attack Scenarios: Physical, software, supply chain, and wireless attacks
- Security Property Verification: Automated checking of key confidentiality, display integrity, and device genuineness
ledger-threat-modelling/
βββ pddl/ # PDDL planning models (WORKING)
β βββ domains/ # Attack domain definitions
β βββ problems/ # Specific attack scenarios
β βββ plans/ # Generated attack plans
βββ alloy/ # Alloy formal models (WIP)
β βββ models/ # Core security property models
β βββ instances/ # Concrete attack scenarios
β βββ analysis/ # Analysis and verification files
βββ docs/ # Documentation
βββ examples/ # Example analyses and results
βββ tools/ # Tool installation scripts
βββ requirements.txt # Python dependencies
βββ install.sh # Automated setup script
βββ README.md # This file
- Java 8+ (for Alloy Analyzer)
- Python 3.8+ (for PDDL tools and scripts)
- Git (for cloning the repository)
-
Clone the repository:
git clone https://github.com/your-username/ledger-threat-modelling.git cd ledger-threat-modelling -
Run the automated setup:
chmod +x install.sh ./install.sh
This will:
- Download and install Alloy Analyzer
- Set up PDDL planners (Fast Downward, FF)
- Install Python dependencies
- Verify the installation
-
Manual setup (alternative):
# Create Python virtual environment python3 -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate # Install Python dependencies pip install -r requirements.txt # Download Alloy Analyzer mkdir -p tools wget -O tools/alloy.jar https://github.com/AlloyTools/org.alloytools.alloy/releases/download/v6.0.0/org.alloytools.alloy.dist.jar
-
Run attack planning:
# Using Fast Downward planner python3 tools/planners/downward/fast-downward.py \ pddl/domains/ledger-comprehensive.pddl \ pddl/problems/ledger-nano-s.pddl \ --search "astar(lmcut())"
-
Analyze generated plans:
# Plans are saved in the current directory as sas_plan cat sas_plan -
Available attack scenarios:
pddl/problems/ledger-nano-s.pddl- Nano S physical attackspddl/problems/ledger-nano-x.pddl- Nano X wireless + physical attackspddl/problems/ledger-stax-comprehensive.pddl- Stax multi-vector attacks
-
Open Alloy Analyzer:
java -jar tools/alloy.jar
-
Load a security model:
- Open
alloy/instances/ledger_security_properties.als - Execute commands to check security properties
- Analyze counterexamples for attack scenarios
- Open
-
Key commands in the model:
// Check if key confidentiality can be violated check KeyConfidentialityAssertion for 4 but 1 Device, 1 Attacker // Find attack scenarios run SimpleSeCompromiseAttack for 4 but 1 Device, 1 Attacker run SupplyChainAttack for 4 but 1 Device, 1 Attacker
Note: The Alloy models are currently under development. Some assertions may not find counterexamples as expected.
- Nano S: USB-only device with MCU-driven display
- Nano X: Bluetooth-enabled device with SE-driven display
- Stax: NFC/Bluetooth device with touchscreen
- Fault injection attacks on Secure Element
- Side-channel attacks (power, EM, timing)
- Evil maid attacks with device replacement
- Bootloader exploitation
- Pre-compromised devices
- Malicious firmware installation
- Component substitution
- Bluetooth Man-in-the-Middle
- NFC eavesdropping
- Proximity-based attacks
- Malicious applications
- Host OS compromise
- Rogue HSM servers
- Key Confidentiality: Private keys cannot be extracted
- Display Integrity: Display shows authentic information
- Device Genuineness: Device authenticity can be verified
- PIN Security: PIN cannot be bypassed without physical access
-
Working Attack Paths: PDDL successfully generates attack sequences for:
- Physical access β PIN bypass β seed extraction
- Supply chain compromise β pre-compromised device
- Wireless proximity β BLE MITM β communication eavesdropping
- Multi-vector attacks combining physical, software, and social engineering
-
Verified Attack Scenarios: All device types (Nano S, Nano X, Stax) have validated attack paths
-
Current Limitations:
- Key confidentiality assertions not finding expected counterexamples
- Model constraints may be too restrictive for counterexample generation
- Under active development to resolve assertion checking issues
-
Theoretical Coverage: Models cover SE compromise, supply chain attacks, and multi-vector scenarios
- Alloy Models: Add new predicates in
alloy/instances/attack-scenarios.als - PDDL Models: Create new problem files in
pddl/problems/ - Verification: Add corresponding check commands
# Test Alloy model syntax
python3 tools/test_alloy_syntax.py
# Verify PDDL domain validity
python3 tools/test_pddl_domains.py- Alloy Model Documentation
- PDDL Domain Specification
- Attack Scenario Catalog
- Security Analysis Results
- Fork the repository
- Create a feature branch (
git checkout -b feature/new-attack-model) - Commit your changes (
git commit -am 'Add new attack model') - Push to the branch (
git push origin feature/new-attack-model) - Create a Pull Request
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
- Alloy Analyzer for formal specification
- Fast Downward for automated planning
- Ledger for hardware wallet architecture insights
For questions or collaboration opportunities, please open an issue or contact the maintainers.