- With Stronghold, the IOTA Foundation yesterday released a software library for the secure management of digital secrets, such as the IOTA seed within the new Chrysalis wallet.
- At a lower level, Stronghold can be used independently of the cryptocurrency IOTA and can be integrated into customer-specific hardware.
The IOTA Foundation yesterday released Stronghold, a collection of multi-purpose libraries for the secure management of passwords, personal data and private keys, thus laying another important building block for the adoption of IOTA. As Daniel Thompson-Yvetot of the IOTA Foundation describes, the secure management of digital secrets such as passwords, vehicle access codes and wallet seeds is one of the top priorities in the overall concept of IOTA.
To accomplish this mission, the IOTA Foundation has developed Stronghold to “strengthen the working environment for developers, enhance the security of applications, and give everyone better options for securely storing and safely using high-value digital secrets”. Stronghold is a software implementation with the sole purpose of isolating digital secrets from hackers and data leaks.
Stronghold uses versioned, file-based snapshots with double encryption that can be easily backed up and securely shared between devices. The main task is to isolate the activity of the “privileged” functions from other programs, as Thompson-Yvetot stated:
For example, a primary goal is to create a software enclave where private keys are used to sign messages without revealing those keys to other functions. In the near future, we expect to move the Stronghold stack to Trusted Execution Environments (TEE) and integrate it into custom hardware.
The special characteristic of the library, as Thompson-Yvetot emphasized, is that Stronghold is independent of the cryptocurrency, IOTA, at a low level and can therefore be used completely without the high-level libraries, which means that any industry can use it. While Stronghold will be used for the new Chrysalis wallet in the first phase, it will be integrated into the IOTA Identity solution and used by exchanges in the next phase.
The roadmap for IOTA’s Stronghold
Currently, Stronghold is not yet ready for production. The library has not yet been formally tested for security breaches. Yesterday’s release of Stronghold is intended to encourage the open source community to test the implementation. The IOTA Foundation is planning an external security audit in late autumn 2020, but the project will only be declared mature after the audit and the corresponding revisions have been completed.
As first step Stronghold will be used to secure the new Chrysalis wallet:
The very first internal test of Stronghold will be in its integration with the forthcoming official wallet built for Chrysalis. It will be the storage mechanism for securing seeds and personally identifiable information.
Specifically, Stronghold will ensure that the new IOTA wallet is protected in such a way that activities in the wallet are monitored and dangerous events are prevented, as shown in the figure below.
In the long run, Stronghold is flexible and offers numerous potential use cases. In addition to integration through exchanges, it can be used as a password management tool, on streaming platforms to unlock videos, for the secure and privacy-compliant management of personal data, or by software developers as a local secret and retrieval system for system daemons, as Thompson-Yvetot said.
Dominik Schiener, co-founder of IOTA, commented on the release of Stronghold as follows:
The backbone of the upcoming #IOTA Wallet: Stronghold, our approach to secure private key and data management written in #Rust. The building blocks for the new future of IOTA and #Chrysalis are coming together.