• Security advisory YSA-2019-02

    Security advisory YSA-2019-02 – reduced initial randomness on FIPS keys

    Published date: 2019-06-13
    Tracking ID: YSA-2019-02

    Summary

    Who should read this advisory? Customers, IT Managers, or FIPS Crypto Officers who use or manage YubiKey FIPS Series devices.

    An issue exists in YubiKey FIPS Series devices, versions 4.4.2 and 4.4.4 (please note, there is no released firmware version 4.4.3.), where the first set of random values used by YubiKey FIPS applications after each device power-up have reduced randomness. This may impact the very first set of cryptographic operations by a YubiKey FIPS device after device power-up. This issue is specific to the YubiKey FIPS Series and is not present in any other YubiKeys, Security Key Series or Yubico products.

    The issue only affects certain use cases and scenarios. YubiKey FIPS applications utilizing ECDSA are at higher risk than other use cases. See the Technical Details section below for additional information about how this issue might impact different scenarios, as well as what mitigating factors exist.

    Yubico internally found this issue mid-March, 2019, followed by a full investigation of root cause, impact, and mitigations for customers. The issue has been fixed in YubiKey FIPS Series firmware version 4.4.5, made available to customers on April 30, 2019. Due to the firmware update, FIPS recertification was also necessary. The new firmware, version 4.4.5 is currently undergoing FIPS certification under Scenario 3 of the Implementation Guidance.

    To safeguard the security of our customers, Yubico has been conducting an active key replacement program for affected FIPS devices (versions 4.4.2 and 4.4.4) since the issue was discovered. At the time of this advisory, we estimate that the majority of affected YubiKey FIPS Series devices have been replaced, or are in process of replacement with updated, fixed versions of the devices.

    However, if you have purchased a YubiKey FIPS Series device or received one from another entity, and have not been contacted by a Yubico representative, we ask that you review this advisory to determine if you may be affected and to open a support ticket to receive updated keys.

    We are not aware of any security breaches due to this issue and are committed to always improve how we help protect our customers and continuously invest in making our products even more secure.

    Affected devices

    YubiKey FIPS Series with firmware 4.4.2 and 4.4.4 – there is no released firmware version 4.4.3.

    • YubiKey FIPS
    • YubiKey Nano FIPS
    • YubiKey C FIPS
    • YubiKey C Nano FIPS

    See the Affected Scenarios in this advisory for information about what types of use cases might be affected by this issue.

    Not affected devices

    All other Yubico products are not affected by the issue detailed in this document.

    Affected scenarios

    Please use this guide to determine if your use case may be affected. There is significant variation amongst possibly affected scenarios. Please refer to the Technical Details relevant to your use case as linked in the guide below.

    INSERT TABLE

    YubiOTP and Programmable SlotsNot affectedNo immediate action required. However, Yubico recommends replacing keys to avoid using in impacted scenarios later.
    Smart CardPossibly affected – when using EC signatures or operations occurring directly after YubiKey FIPS power-upPlease read the PIV Smart Card section for details.
    FIDO U2FAffected – when using FIDO U2F directly after YubiKey FIPS power-upPlease read the FIDO U2F section for details.
    OATH One-Time PasswordsPossibly affected – when using OATH OTPs directly after YubiKey FIPS power-upPlease read the OATH One-Time Passwords section for details.
    OpenPGPPossibly affected – RSA keys generated on YubiKey FIPS directly after power-upPlease read the OpenPGP section for details.

    Customer actions

    There are immediate actions customers can take and Yubico is offering a replacement program for affected YubiKey FIPS devices. Please review the technical details and FAQ sections in order to understand risk exposure and decide if further action is necessary.

    • If you are using a YubiKey that is not part of the YubiKey FIPS Series, your device is not affected and no action is needed.
    • If you have a YubiKey FIPS Series device that you received from your organization’s IT department, please contact them for advice and mention this advisory if necessary.
    • If you have acquired a YubiKey FIPS Series device directly from Yubico or via an e-commerce sales channel, please open a support ticket to begin the process.
    • If you have acquired a YubiKey FIPS Series device from a reseller, please contact the reseller.
    • If you have acquired a YubiKey FIPS Series device as a customer of a service that you use, please contact the service provider for instructions.

    Technical details

    An issue exists in the YubiKey FIPS Series devices with firmware version 4.4.2 or 4.4.4 (there is no released firmware version 4.4.3) where random values leveraged in some YubiKey FIPS applications contain reduced randomness for the first operations performed after YubiKey FIPS power-up. The buffer holding random values contains some predictable content left over from the FIPS power-up self-tests which could affect cryptographic operations which require random data until the predictable content is exhausted. This issue occurs only during the power-up of the YubiKey FIPS Series, version 4.4.2 or 4.4.4. After the predictable content in the random buffer is consumed, the buffer will be filled with the intended full random number generator output, and all subsequent use of randomness will not be affected.

    For RSA key generation on the YubiKey FIPS Series, the RSA key may be impacted by up to 80 predictable bits out of a minimum of 2048 bits (length will depend on user configuration). We believe 80 predictable bits does not make it imminently possible for an attacker to obtain the private key material or decrypt data that has been encrypted to a key created in this way. During RSA key generation only a portion of these bits may be used, which could further reduce the impact on the algorithm’s output.

    For ECDSA signatures, the nonce K becomes significantly biased with up to 80 of the 256 bits being static, resulting in weakened signatures. This could allow an attacker who gains access to several signatures to reconstruct the private key.

    For ECC key generation on the YubiKey FIPS Series, the key may be impacted by up to 80 predictable bits out of the minimum 256 bit key length.

    For ECC encryption,16 bits of the private key becomes known. For secp256r1 private keys, the key may be impacted by 16 predictable bits, reducing the number of unknown bits in the key from 256 to 240 bits. Similarly, for impacted secp384r1 private keys, the number of unknown bits in the key is reduced from 384 to 368 bits. 240 bit keys are not known to be defeated at the time of this advisory.

    The following sections outline how the different YubiKey FIPS applications/protocols are impacted by this issue.

    YubiOTP and programmable YubiKey FIPS slots

    The security of the YubiOTP and programmable YubiKey FIPS slots is not impacted by the issue discussed in this advisory.

    PIV smart card

    The PIV smart card application of a YubiKey FIPS uses the contents of the buffer affected by this issue for certain operations.

    When generating RSA keys on a YubiKey FIPS using the PIV application, the strength of keys generated immediately after power-up may be reduced by up to 10 bytes for affected RSA keys. This does not significantly affect RSA’s cryptographic protections.

    RSA keys generated outside a YubiKey FIPS Series device and imported onto the device are not affected.

    If, after YubiKey FIPS power-up, the first operation performed is PIV signing using an ECDSA signature, then the strength of this signature is significantly reduced. This could allow an attacker who gained access to enough signed artifacts to reconstruct the private key used to sign these artifacts. Examples of these artifacts could be signed code, software packages, PDF files or other documents that could be signed using PIV as well as signed authentication challenges that might be logged. This could allow an attacker to generate certificates indistinguishable from valid ones generated on the affected YubiKey FIPS device.

    If the PIV application GENERATE_CHALLENGE (0x87) instruction is used after YubiKey FIPS power-up, up to the full 8 bytes will be predictable data. This instruction is used during management key authentication.  This could allow an attacker to replay authentication and subsequently change the smart card management key. Using this key could allow an attacker to import and overwrite the user’s private keys and certificates on affected YubiKey FIPS Series. It would not allow an attacker to access, extract, or use any of these keys or certificates. An attacker would need to have installed specially crafted software on a target computer. The user then needs to run this software while the YubiKey FIPS device is inserted into the computer to affect this attack without the attacker having physical access to the user’s YubiKey FIPS device.

    FIDO U2F

    An attacker that was able to collect a relatively small number of weak ECDSA authentication signatures between a FIDO client and a Relying Party could be able to recompute the private key, and thus impersonate a user’s U2F Authenticator for that specific Relying Party. The FIDO specification mandates HTTPS, so the attacker must be able to decrypt the TLS communication to perform this attack.

    To successfully capture these FIDO U2F communications without physical possession of the key, an attacker would need to either compromise the target computer or leverage a TLS vulnerability. The attacker would then need to capture several responses signed by an affected YubiKey for Relying Party authentication requests immediately after key power up. It would then be possible to leverage cryptographic attacks to determine the private key created for this specific Relying Party registration. This is not the master U2F secret key of the YubiKey. The attacker would also need to obtain additional login factors as necessary (for example: username and password) for the user’s account associated with the specific Relying Party. Given this private key and knowledge of the user’s username and password, an attacker could authenticate as the user and directly sign authentication requests from the Relying Party without the presence of the user’s YubiKey FIPS device.

    The FIDO U2F master key on the YubiKey FIPS device is also affected. The master key is an AES 256 bit key and it will be affected by 16 bits of static values. If a user performs a U2F factory reset operation as the first operation after power-up then the new FIDO U2F master key would be affected by 80 bits of static values.

    Note: Refer to the YubiKey FIPS Series Technical Manual for what a U2F factory reset is and when to employ it. From this technical manual: “Resetting the YubiKey FIPS U2F sub-module will prevent the sub-module to be set to the approved FIPS mode of operation afterward. However, this in turn will prevent the YubiKey FIPS device from being set into the FIPS approved mode overall, and it can no longer be deployed as a FIPS authenticator.”

    OATH one-time passwords

    For scenarios involving the use of OATH where a password has been set, an attacker can under certain conditions capture the password validation sequence and replay authentication to the YubiKey FIPS device which allows the attacker to obtain OTP codes. An attacker would need to have installed specially crafted software on a target computer. The software then needs to be running while the YubiKey FIPS is inserted into the computer to affect this attack without the attacker having physical access to the user’s YubiKey FIPS device. The attacker could capture a password validation sequence that is performed immediately after plugging in a YubiKey FIPS device. Then any time the YubiKey FIPS device is plugged in, the attacker could attempt to replay this password validation sequence immediately after the YubiKey FIPS device is powered on to obtain an OTP code.

    OpenPGP

    When generating RSA keys on a YubiKey FIPS using the OpenPGP application, the strength of keys generated immediately after YubiKey FIPS power-up may be reduced by up to 10 bytes for affected RSA keys. This does not significantly affect RSA’s cryptographic protections.

    PGP keys generated outside a YubiKey FIPS Series device and imported onto the device are not affected.

    Frequently asked questions

    I have a YubiKey, how do I know whether it is a YubiKey FIPS or not?

    The YubiKey FIPS Series are marked “FIPS” and will have firmware version 4.4.2 or 4.4.4. (there is no firmware version 4.4.3)  If the YubiKey is not marked “FIPS” but you suspect it is a FIPS device you can also use YubiKey Manager to confirm the identity of the YubiKey.

    FIPS series yubikeys front and back

    I have a YubiKey, am I at risk?

    If you are using a YubiKey FIPS Series device, you may be at risk, please review the FAQ and the Technical Details sections to see if you require a product replacement. This issue is not present in any other YubiKey/Security Key series or form factors.

    Is there a replacement program?

    Yes, see Customer Actions in this advisory.

    How can I get a replacement key?

    See Customer Actions in this advisory.

     am using my YubiKey FIPS Series device’s YubiOTP credentials or a programmable YubiKey slot in another way, am I affected?

    No, this issue does not affect this use case. The security of these features is not impacted by the issue discussed in this advisory.

    I am using my YubiKey FIPS Series device as a smart card (PIV), am I affected?

    Yes, if you sign code, software applications, electronic documents, or other artifacts using an ECDSA signature then you are likely impacted. If you are using an RSA signature, the resulting RSA key strength is not significantly reduced for known cryptographic attacks to be significantly easier to accomplish.

    You may also be at risk from attempts to overwrite your stored PIV signatures on the YubiKey, however, this attack requires specially crafted software to first be installed on your system. See above smart card issue description for additional details.

    I store my PGP keys on my YubiKey FIPS Series device, am I affected?

    The reduction in key strength for PGP keys generated on the YubiKey may be up to 10 bytes for affected RSA keys. This does not significantly affect RSA’s cryptographic protections. PGP keys generated outside a YubiKey FIPS Series device and imported onto the device are not affected.

    I am using FIDO U2F on a YubiKey FIPS Series device to authenticate to a website, am I affected?

    For scenarios involving FIDO U2F, an attacker who successfully exploited this issue could impersonate a user to a specific Relying Party (website) without having the user’s YubiKey if they also had possession of a user’s username and password for that Relying Party. See above U2F issue description for additional details.

    I am using my YubiKey FIPS Series device to add OATH one-time passwords to my logins, am I affected?

    For scenarios involving the use of OATH, an attacker can under certain conditions capture the authentication sequence and replay authentication to the YubiKey FIPS device to gain OATH OTP codes. See above OATH issue description for additional details.

    What causes this issue?

    A random value is used as a basis for keys derivation used by RSA and ECDSA algorithms leveraged in some YubiKey FIPS Series applications. The buffer holding the value contains some predictable content making the value less random than intended. This issue occurs during power-up of the YubiKey only.

    Has this issue been addressed?

    Yes, this issue has been fixed in the latest version of YubiKey FIPS Series firmware 4.4.5.

    What is the scope of this issue?

    This issue may reduce the strength of RSA keys and ECDSA signatures generated on affected YubiKey FIPS Series devices.

    Who found this, has it been exploited?

    This was internally discovered by Yubico. We have seen no evidence that this issue has been used.

    What is FIPS?

    Federal Information Processing Standards (FIPS) is a set of standards created by the United States government to describe information technologies for use in federal use cases.

    Do YubiKey FIPS Series with firmware version 4.4.2 and 4.4.4 remain FIPS-certified?

    The FIPS certification for firmware versions 4.4.2 and 4.4.4 (there was no firmware version 4.4.3) has been revoked. Yubico has a key replacement program in effect for any customers with YubiKeys FIPS with firmware versions 4.4.2 and 4.4.4.

    If you found it yourselves why are you issuing a security advisory?

    Even when issues are discovered internally, Yubico takes security matters seriously and want all our customers to be safe. We  publish security advisories, as a mechanism to inform partners and customers who may be affected.

    Are you already shipping YubiKeys which have this issue fixed?

    All YubiKey FIPS Series that have shipped from Yubico since April 30, 2019, are not affected and contain the updated firmware version 4.4.5 and above.

    What should I do if I have affected keys and recently placed a new order?

    If you have affected keys today and a pending new order we recommend that you ensure all affected keys are replaced before deploying the new version.

    Why are only a small fraction of YubiKey customers affected?

    This issue is specific to the YubiKey FIPS Series. The issue is not present in any other Yubico products.

    If my computer transitions power states (such as sleep or hibernate) while my key is plugged in, does that count as a “power-up” when the host resumes?

    Power is managed by the hardware, host OS, and drivers. Therefore, we cannot know whether the key has been powered down in those states or not. We advise these states be treated as though the key is restarted and cryptographic operations immediately following the host wake up could be affected.