Aragon Nest Proposal: AirGap, Secure Mobile Wallet System

Abstract

One reason for a slow crypto adoption are insecure and user-unfriendly wallet solutions. If a user wants to be his own bank and take over the responsibility to securely manage funds, an easy to use but secure solution is needed.

AirGap aims to become this solution. With the AirGap two device approach, secret-handling becomes more accessible and secure. AirGap covers security on three layers:

Advanced secret generation using multiple sources of entropy (e.g. mic, video, accelerometer, touch)
Social secret recovery using Shamir's secret sharing.
AirGap follows a two-device approach, leveraging the mobile application sandbox and permission system as well as biometrical secured enclaves (Touch ID, Face ID, Fingerprint).

These three layers cover common attack vectors and misusages concerning secret management in the context of cryptocurrencies. Even though security and user experience often result in trade-off decision between one or the other, we’ve spent a lot of effort to achieve what we call “accessible security”. We believe that security alone is not enough if crypto adoption should reach the masses, but a solution also needs to be easy and understandable to use.

How does AirGap work?

To get the highest security, the AirGap Vault application is installed on a dedicated or old smartphone, which will never be connected to any network again. With the enhanced entropy concept that adds video, audio, accelerator and touch data to the entropy seed alongside the device’s pre-shipped secure random generator it is possible to generate a cryptographically secure seed used for the secret generation on that very same device. This secret never leaves the device it was generated on. The private key is saved in the secure enclave of the mobile device and needs multi-step biometric authentication every time it is accessed to perform cryptographic primitives. AirGap Wallet on the other hand will be installed on a user’s everyday phone. With this app, users can manage their portfolio of wallets and their valuations. AirGap Wallet deals only with publicly available information as opposed to AirGap Vault, which handles the private key.

AirGap Vault and AirGap Wallet can also be installed on the same device. In this case, the communication between the two apps works with app switching through an URL scheme. This allows the two apps to be entirely encapsulated, which is crucial: For example, AirGap Vault does not have any network permissions and thus is unable to send information out over the network, guaranteed by the operating systems sandboxing.

What is next for AirGap

Our next steps will focus on improving AirGap in terms of usability, features and security. Some of the features & tasks we have on our roadmap:

AirGap Chrome Extension, connection between desktop and AirGap and provide a seamless Metamask-like integration, keeping the same level of air-gapped security.
Multi language support, many wallets currently available are not accessible for everyone because of the language barrier. We plan to not only provide multi language support for the software but also on the educational material we have, so that even countries with a lower security awareness (e.g. Latin America, Africa) can profit from the air-gapped level of security and boost adoption. We believe this will not only "bank the unbanked" but also help them directly leap frog the "old" banking system.
Support for more tokens & coins.
Multi language mnemonic wordlist support for the import
Add additional import mechanism for existing secrets and make people aware of "insecure" imported wallets.
Educational material & outreach to countries like Venezuela, to provide a safe private key storage solution.

Deliverables

Usability, features & security improvements for AirGap Vault & AirGap Wallet mobile Apps for Android & iOS.
Integration of the Aragon ANT ERC20 token.
AirGap Chrome Extension (similar to Metamask) to enable Aragon Core and dApps to use AirGap for transactions with secure secret handling.

Grant size

Funding: $200k in ETH, split into chunks paid out over achieved milestones.

We plan to engage a third-party company for the security review of the implementation. Given previous experiences, a white box pen-test would cost between $20k and $35k.

Success reward: Up to $50k in ANT, given out when all deliverables are ready.

Application requirements

Working Product

AirGap Vault & AirGap Wallet are available in the Google Play and the App store. All components are open source and available on GitHub. coin-lib a library that offers a unified API to prepare, sign and broadcast multiple cryptocurrencies is open source as well as the Cordova secure storage plugin for Android and iOS.

GitHub
AirGap Vault - Android
AirGap Wallet - Android
AirGap Vault - iOS
AirGap Wallet - iOS

Team

Alessandro De Carli, MSc. UZH – Technical Lead | GitHub | part time
Dominik Schöni, MSc. UZH – Lead Developer | GitHub | full time
Lukas Schönbächler, BSc. FHNW – Mobile Developer | GitHub | full time
Andreas Gassmann, BSc. FHNW – Mobile Developer | GitHub | full time
Pascal Brun, eidg. dipl. Informatiker – UI/UX | GitHub | full time
Niklaus Knecht, BA. ZHDK – Visual Design | part time

Legal structure Papers GmbH (Swiss GmbH)

Development timeline

The development timeline will be the following one in regards to each deliverable:

Milestone 0: Usability, features & security improvements of AirGap Vault & AirGap Wallet (8 weeks)
Milestone 1: Software development Aragon ANT integration
Milestone 2: Requirements engineering AirGap Chrome Extension (4 weeks)
Milestone 3: Software development of AirGap Chrome Extension (8 weeks)
Milestone 4: Testing and iterative bug fixing of AirGap Chrome Extension (4 weeks)
Milestone 5: Documentation and educational material for AirGap Chrome extension (1 weeks)

aragon / nest