It just makes sense to put the tightest security on the servers that store the guarded secrets for all user authentications. If those servers are compromised it means the security of all cryptographic keys and passwords resident on that server are compromised — or in other words, a disaster.

Yubico originally developed the YubiHSM to process the encryption, decryption, and storage of secrets on its own servers. Today, the Hardware Security Module (HSM) is Yubico’s offering for easy, affordable, and secure protection of authentication secrets related to the YubiKey OTP stored on the authentication or key server. The device protects data at rest against remotely conducted intrusion attacks and internal threats like employees copying secrets.

The new YubiHSM 1.5 features a secure element and a switch from the original larger form factor to a smaller Nano design with a molded plastic harness.

CORE FEATURES

  • Works with any standard USB port, across multiple operating systems including Linux and Windows.

  • Offers encryption with a Message Authentication Code (MAC), HMAC-SHA1 hashing, AES encryption/decryption, and cryptographic True Random Number Generation.

  • Provides a physically isolated environment for cryptographic processing.

  • Has no moving parts and requires no additional maintenance once installed.

  • Capable of supporting any counter-based OTP protocol including YubiKey OTP and OATH-HOTP authentication.

  • Works with Yubico Validation Server.

EASY AND AFFORDABLE

The YubiHSM installation does not require any specialized setup and it is quickly configured. It consumes less than 0.2 W compared to over 300 W for some HSM hardware, and at $500 is priced tens of thousands of dollars below traditional HSM hardware.

ENCRYPTS AND PROTECTS SECRETS

The YubiHSM is configured by default to support YubiKey OTP validation, but can be configured to handle AES encryption/decryption, secure comparison of decrypted data or HMAC-SHA1 validation with the key stored on the YubiHSM. In addition, it can be used to generate truly random numbers derived from the physical characteristics of the computer and USB port to which it is attached.

SECURING YUBIKEY OTP SECRETS

The YubiHSM processes the encryption, decryption, and storage of keys. When called to validate a YubiKey OTP, it will load the OTP and the associated encrypted key into its onboard processor and perform the decryption and comparison. Subsequently, it will only pass the validation results and associated data (such as usage counters) back to the host machine; the decrypted key and plaintext OTP never leave the YubiHSM hardware. This provides a great level of security for secrets, should an authentication server become compromised –- the secrets themselves remain encrypted with a 128-bit AES key.

TRUSTED SOLUTION

The YubiHSM has been validated by Internet security experts and is currently used by more than 100 organizations, including leading Internet companies and U.S. Department of Defense contractors. YubiHSM also protects the YubiCloud, Yubico’s hosted validation service.

A RANGE OF USE CASES

The YubiHSM offers a subset of the functionality provided in typical HSMs. Here is a list of scenarios we are most often asked about:

Authentication Service
You run an authentication service; secrets are stored on a computer that has to be accessible from the Internet and you are concerned it will be hacked some day.
Restrict Access
You want to prevent system administrators and staff who have physical access to the server to copy the database and get access to sensitive data.
Prevent Compromise
You need an architecture that prevents a hacker from compromising your secrets, but allows you to run your service full speed.
Support YubiKeys
You have a smaller fleet of Yubikeys and want to do the authentication yourself without having to implement a complete authentication server with a database.
Cost Sensitive
You have rejected typical HSMs on cost grounds ($15k per unit or more + maintenance fees)

DRIVERS

YubiHSM.inf
YubiHSM.cat
MonHSM.exe

LEARN MORE

YubiHSM Reference Manual
Basic YubiHSM Windows Monitor Utility Manual
YubiHSM Security Advisory
Python framework

FAQs:


Is the YubiHSM for symmetric encryption only?

YES – the YubiHSM at the current level does not support asymmetric cryptography. We will introduce support for asymmetric operations in a later version.

Is the YubiHSM security certified (FIPS 140 or similar)?

NO – we may consider this in the future for a premium version (due to cost). We will decide later on when the final functionality is fully defined and has been tested out thoroughly.

Is the YubiHSM protected against physical intrusion?

Yes, YubiHSM 1.5 uses a secure element. On top of that, the key store can be stored encrypted with AES-256 (passphrase needed on startup).

Are keys deleted on intrusion events?

Yes, the YubiHSM 1.5 uses a secure element that is designed to destroy data in the case of an intrusion.

Is the internal CPU a designated security CPU or just an ordinary COTS one?

It is a designated security CPU.

Why is USB CDC used rather than a custom driver?

This is because the Windows, Linux and Mac platforms all support USB CDC. USB CDC communication is very simple and straight-forward using normal file I/O functions.

The USB interface is only full-speed. Why not high-speed?

With the current design, the communication speed is not a practical performance limiting factor.

The internal Yubikey key storage is just 1024 entries. I want more!

We needed to set the limit somewhere and onboard storage represents a cost driver. We may introduce a version with more internal storage later on.

Can the device firmware be upgraded via USB, a.k.a. DFU?

No, we explicitly decided to not include an upgrade feature due to security concerns. The only interface and protocol available is USB CDC under firmware control.