Threat Model

Clique Wallet's security architecture is designed to protect against a comprehensive range of threats:

• Insider Threats: Traditional custodial wallets are vulnerable to insider attacks where service operators or employees could potentially access user private keys. Clique Wallet mitigates this by ensuring all cryptographic operations occur within the TEE, making private keys inaccessible even to our own development and operations team.

• External Attackers: Malicious actors attempting to breach our systems cannot access private keys because they are never exposed outside the TEE's encrypted enclaves. Even if an attacker gains access to our servers or databases, encrypted data remains unreadable without the TEE's decryption keys.

• Host OS and Cloud Provider Compromise: Even if the host operating system is compromised or the cloud provider's infrastructure (such as Azure, GCP, or AWS) is breached, the TEE's hardware-protected enclaves remain secure. The TEE creates an isolated execution environment that is cryptographically protected from the host OS, hypervisor, and cloud provider, ensuring that private keys remain inaccessible even in the event of a complete system compromise.

• Software Vulnerabilities: Software bugs, zero-day exploits, or compromised dependencies could potentially expose sensitive data in traditional systems. Clique Wallet's TEE-based architecture isolates cryptographic operations from the rest of the system, ensuring that software vulnerabilities in non-critical components cannot compromise private keys.

• Network Attacks: Man-in-the-middle attacks, packet interception, or network-based exploits are mitigated through end-to-end HTTPS encryption. All communications between users and Clique Wallet services are encrypted, preventing attackers from intercepting or tampering with data in transit.

• Database Breaches: Even if an attacker successfully breaches our database, all sensitive user data is encrypted at rest. Without access to the TEE's encryption keys, the stolen data remains cryptographically protected and unusable.

• Client-Side Attacks: Cross-site scripting (XSS) attacks or malicious browser extensions cannot access session tokens or authentication credentials due to Http-Only session cookies and secure session management practices.

• Key Extraction Attempts: Attempts to extract private keys through memory dumps, debugging, or reverse engineering are prevented by the TEE's hardware-level protection, which ensures keys never exist in plaintext outside the secure enclave.