Improving YubiKey Physical Security

April 30, 2014 5 minute read

Yubico has been working with world-renowed cryptographers at the Ruhr-Universität Bochum to improve resistance against physical attacks directed at the YubiKey. This has been ongoing process over the last year. The results were made public at the RAID2013 conference, and have also been presented at 30C3. To follow our principles of openness and transparency, we will describe below, at high level, what we did over the last year to address the issues presented in their study. Our general philosophy around security is to tell you what we are doing, to ensure you stay informed.

First, let’s recap some basic things about physical attacks and the YubiKey. The YubiKey Standard was designed to combat security threats where someone spends a small amount of effort to attack a large number of YubiKeys. This is the kind of “asymmetric” threats usually found on the Internet. For example, a software trojan that manages to infect many machines (which is common) will not be able to generate One-Time Passwords (OTPs) because someone has to physically trigger the YubiKey touch button. Attacks where someone gets physical access to your YubiKey has been outside of our threat model, and we have urged users to use common sense to prevent such attacks, such as keeping your YubiKey on your person on in a secured location, instead of leaving it in a publicly accessed computer – essentially the same measures used for the key to the front door of a home or office.

For most environments, and we recommend this as a general rule, you should combine multiple factors to authenticate a user. Usually the YubiKey is used in a way where you combine something you know (a password) with something you have (a YubiKey). This means that temporary loss of a YubiKey is not a disaster — the attacker would still need to acquire the password. To acquire the password and temporarily borrow your YubiKey is still feasible, but it has a higher cost to the attacker compared to just acquiring passwords. Further, it provides the legitimate owner of the YubiKey time to contact the services they were using it with to disable it, preventing that YubiKey from having any access to secure sites or services.

The novel attack demonstrated last year was on how to extract the AES key from a YubiKey (version 2.3 and eariler) using a “side-channel” attack. Side channel attacks work via other channels into a system, such as power consumption, elctromagnetic emission, computation time, or audio information. Preventing this class of attacks is more challenging than preventing the direct attacks, since you must be aware of the attack vector before being able to build a defense against it. Some side channels, like time and power analysis, have been around for a couple of years now so that some common defense mechanisms have been established. For example, one way to deal with side-channel time analysis is to implement the software so that computations take a constant amount of time regardless of inputs.

The attack uses power and electromagnetic analysis of the YubiKey, and requires physical access to the YubiKey for an extended period of time; a typical attack would require access to the YubiKey over-night. The setup requires the YubiKey to be mounted in a special rig to measure power consumption, EM emission, and to fake YubiKey touch button presses. With this setup, and custom-built post-processing software, the researchers were able to extract the AES key used to generate OTPs from a YubiKey. In a sense, the YubiKey was “leaking” some information that could be used to calculate the AES key after many YubiKey touch button presses.

Yubico was informed of this research early last year. While the YubiKey Standard was not intended to resist physical attacks, we aspire to exceed expectations. So we worked with the researchers to produce an updated version of the firmware. The new firmware was tested by the researchers, and they confirmed that the attack was prevented, and also that they were unable to find another attack vector. This firmware was called version 2.4 and started to ship during May 2013 for the black YubiKey Standard, and incrementally rolled out for all form factors and colours, before the research was made public.

Q: What YubiKey products are affected?
A: Only the YubiKey Standard and YubiKey Nano with firmware before version 2.4. The YubiKey NEO is NOT affected.

Q: I’m using the YubiKey Standard in OATH or challenge response mode, am I affected?
A: No. Only the Yubico OTP mode.

Q: How do I find out what firmware version my YubiKey has?
A: You may use our Personalization tools. If you use a recent version of Debian/Ubuntu, the tools are part of that operating system.

Q: Should I be concerned about this attack?
A: Not really. Even if someone has physically access to your YubiKey, the attack requires sophisticated tools to extract the encryption keys, making it practically impossible for most people. Also, the majority of systems using YubiKey requires a second factor, such as a PIN or password.

References:

Share this article:

Recommended content

Thumbnail

Combating ransomware attacks on your enterprise

What do a PC manufacturer, a meat supplier and a mental health clinic have in common? They have all been victims of ransomware attacks. They’re not alone. Ransomware attacks grew by over 485% in 2020, leveraging the new ransomware-as-a-service (RaaS) model of profit-sharing in exchange for ransomware tools.  One of the most infamous recent ransomware ...

Thumbnail

Top five pitfalls companies should avoid when rolling out a passwordless strategy

Given the number of breaches in the news today where passwords were at the root of the problem, many companies are now exploring the benefits of a secure passwordless future. Secure passwordless logins not only bring cost efficiencies and a more frictionless user login experience into the organization, but deliver the security that is necessary ...

Thumbnail

Built-in FIDO authenticators and YubiKeys are making the internet safer for all

In 2007, Yubico set out to protect as many people as possible by making secure login easy and available for everyone. We are happy Apple has joined Yubico, Google, and Microsoft on this journey by implementing W3C WebAuthn/FIDO compatible platform authenticators and are pleased to say that now all major platforms have adopted the standards ...

Thumbnail

Celebrating 5 impressive women in tech for International Women's Day

As Yubico’s CEO and Founder, I’m often asked about the challenges of being a female entrepreneur. My best piece of advice to other aspiring entrepreneurs - women or men - is that you will face a lot of push backs and challenges, so you better love what you do and truly believe in it – to enjoy the journey and keep going!