Improving YubiKey Physical Security

April 30, 2014 5 minute read

Yubico has been working with world-renowed cryptographers at the Ruhr-Universität Bochum to improve resistance against physical attacks directed at the YubiKey. This has been ongoing process over the last year. The results were made public at the RAID2013 conference, and have also been presented at 30C3. To follow our principles of openness and transparency, we will describe below, at high level, what we did over the last year to address the issues presented in their study. Our general philosophy around security is to tell you what we are doing, to ensure you stay informed.

First, let’s recap some basic things about physical attacks and the YubiKey. The YubiKey Standard was designed to combat security threats where someone spends a small amount of effort to attack a large number of YubiKeys. This is the kind of “asymmetric” threats usually found on the Internet. For example, a software trojan that manages to infect many machines (which is common) will not be able to generate One-Time Passwords (OTPs) because someone has to physically trigger the YubiKey touch button. Attacks where someone gets physical access to your YubiKey has been outside of our threat model, and we have urged users to use common sense to prevent such attacks, such as keeping your YubiKey on your person on in a secured location, instead of leaving it in a publicly accessed computer – essentially the same measures used for the key to the front door of a home or office.

For most environments, and we recommend this as a general rule, you should combine multiple factors to authenticate a user. Usually the YubiKey is used in a way where you combine something you know (a password) with something you have (a YubiKey). This means that temporary loss of a YubiKey is not a disaster — the attacker would still need to acquire the password. To acquire the password and temporarily borrow your YubiKey is still feasible, but it has a higher cost to the attacker compared to just acquiring passwords. Further, it provides the legitimate owner of the YubiKey time to contact the services they were using it with to disable it, preventing that YubiKey from having any access to secure sites or services.

The novel attack demonstrated last year was on how to extract the AES key from a YubiKey (version 2.3 and eariler) using a “side-channel” attack. Side channel attacks work via other channels into a system, such as power consumption, elctromagnetic emission, computation time, or audio information. Preventing this class of attacks is more challenging than preventing the direct attacks, since you must be aware of the attack vector before being able to build a defense against it. Some side channels, like time and power analysis, have been around for a couple of years now so that some common defense mechanisms have been established. For example, one way to deal with side-channel time analysis is to implement the software so that computations take a constant amount of time regardless of inputs.

The attack uses power and electromagnetic analysis of the YubiKey, and requires physical access to the YubiKey for an extended period of time; a typical attack would require access to the YubiKey over-night. The setup requires the YubiKey to be mounted in a special rig to measure power consumption, EM emission, and to fake YubiKey touch button presses. With this setup, and custom-built post-processing software, the researchers were able to extract the AES key used to generate OTPs from a YubiKey. In a sense, the YubiKey was “leaking” some information that could be used to calculate the AES key after many YubiKey touch button presses.

Yubico was informed of this research early last year. While the YubiKey Standard was not intended to resist physical attacks, we aspire to exceed expectations. So we worked with the researchers to produce an updated version of the firmware. The new firmware was tested by the researchers, and they confirmed that the attack was prevented, and also that they were unable to find another attack vector. This firmware was called version 2.4 and started to ship during May 2013 for the black YubiKey Standard, and incrementally rolled out for all form factors and colours, before the research was made public.

Q: What YubiKey products are affected?
A: Only the YubiKey Standard and YubiKey Nano with firmware before version 2.4. The YubiKey NEO is NOT affected.

Q: I’m using the YubiKey Standard in OATH or challenge response mode, am I affected?
A: No. Only the Yubico OTP mode.

Q: How do I find out what firmware version my YubiKey has?
A: You may use our Personalization tools. If you use a recent version of Debian/Ubuntu, the tools are part of that operating system.

Q: Should I be concerned about this attack?
A: Not really. Even if someone has physically access to your YubiKey, the attack requires sophisticated tools to extract the encryption keys, making it practically impossible for most people. Also, the majority of systems using YubiKey requires a second factor, such as a PIN or password.


Share this article:

Recommended content