Skip to main content
SpringerLink
Log in

YubiSecure? Formal Security Analysis Results for the Yubikey and YubiHSM

  • Conference paper
Book cover Security and Trust Management (STM 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7783))

Included in the following conference series:

Abstract

The Yubikey is a small hardware device designed to authenticate a user against network-based services. Despite its widespread adoption (over a million devices have been shipped by Yubico to more than 20 000 customers including Google and Microsoft), the Yubikey protocols have received relatively little security analysis in the academic literature. In the first part of this paper, we give a formal model for the operation of the Yubikey one-time password (OTP) protocol. We prove security properties of the protocol for an unbounded number of fresh OTPs using a protocol analysis tool, tamarin.

In the second part of the paper, we analyze the security of the protocol with respect to an adversary that has temporary access to the authentication server. To address this scenario, Yubico offers a small Hardware Security Module (HSM) called the YubiHSM, intended to protect keys even in the event of server compromise. We show if the same YubiHSM configuration is used both to set up Yubikeys and run the authentication protocol, then there is inevitably an attack that leaks all of the keys to the attacker. Our discovery of this attack lead to a Yubico security advisory in February 2012. For the case where separate servers are used for the two tasks, we give a configuration for which we can show using the same verification tool that if an adversary that can compromise the server running the Yubikey-protocol, but not the server used to set up new Yubikeys, then he cannot obtain the keys used to produce one-time passwords.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bonneau, J., Herley, C., van Oorschot, P.C., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of Web authentication schemes. Technical Report UCAM-CL-TR-817, University of Cambridge, Computer Laboratory (March 2012); Shorter version appears in Proceedings of IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  2. Yubico AB: Yubico customer list, http://www.yubico.com/references

  3. Yubico AB: Yubikey security evaluation: Discussion of security properties and best practices v2.0. (September 2009), http://static.yubico.com/var/uploads/pdfs/Security_Evaluation_2009-09-09.pdf

  4. Björck, F.: Yubikey security weaknesses. On Security DJ Blog (February 2009), http://web.archive.org/web/20100203110742/http://security.dj/?p=4

  5. Björck, F.: Increased security for yubikey. On Security DJ Blog (August 2009), http://web.archive.org/web/20100725005817/http://security.dj/?p=154

  6. Vamanu, L.: Formal analysis of Yubikey. Master’s thesis, École normale supérieure de Cachan (August 2011), http://n.ethz.ch/~lvamanu/download/YubiKeyAnalysis.pdf

  7. Schmidt, B., Meier, S., Cremers, C.J.F., Basin, D.A.: Automated analysis of diffie-hellman protocols and advanced security properties. In: Proceedings of the 25th IEEE Computer Security Foundations Symposium, CSF 2012, pp. 78–94 (2012)

    Google Scholar 

  8. Kaminsky, D.: On the RSA SecurID compromise (June 2011), http://dankaminsky.com/2011/06/09/securid/

  9. Yubico Inc.: Yubihsm 1.0 security advisory 2012-01 (February 2012) (published online), http://static.yubico.com/var/uploads/pdfs/SecurityAdvisory%202012-02-13.pdf

  10. Yubico AB Kungsgatan 37, 111 56 Stockholm Sweden: The YubiKey Manual - Usage, configuration and introduction of basic concepts (Version 2.2) (June 2010), http://www.yubico.com/documentation

  11. Yubico AB Kungsgatan 37, 111 56 Stockholm Sweden: YubiKey Authentication Module Design Guide and Best Practices (Version 1.0), http://www.yubico.com/documentation

  12. Kamikaze28, et al.: Specification of the Yubikey operation in the Yubico wiki (June 2012), http://wiki.yubico.com/wiki/index.php/Yubikey

  13. The yubikey-val-server-php project: Validation protocol version 2.0. (October 2011), http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV20

  14. Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of bounded security protocols. In: Heintze, N., Clarke, E. (eds.) Proceedings of the Workshop on Formal Methods and Security Protocols — FMSP, Trento, Italy (1999), Electronic proceedings, http://www.cs.bell-labs.com/who/nch/fmsp99/program.html

  15. Blanchet, B.: Automatic verification of correspondences for security protocols. Journal of Computer Security 17(4), 363–434 (2009)

    Google Scholar 

  16. Arapinis, M., Ritter, E., Ryan, M.D.: Statverif: Verification of stateful processes. In: CSF, pp. 33–47. IEEE Computer Society (2011)

    Google Scholar 

  17. Mödersheim, S.: Abstraction by set-membership: verifying security protocols and web services with databases. In: [25], pp. 351–360

    Google Scholar 

  18. Guttman, J.D.: State and progress in strand spaces: Proving fair exchange. J. Autom. Reasoning 48(2), 159–195 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  19. Yubico AB Kungsgatan 37, 111 56 Stockholm Sweden: Yubico YubiHSM - Cryptographic Hardware Security Module (Version 1.0) (September 2011), http://www.yubico.com/documentation

  20. Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). RFC 3610 (Informational) (September 2003)

    Google Scholar 

  21. Yubico AB Kungsgatan 37, 111 56 Stockholm Sweden: Yubicloud Validation Service - (Version 1.1) (May 2012), http://www.yubico.com/documentation

  22. Habets, T.: Yubihsm login helper program, http://code.google.com/p/yhsmpam/

  23. Rogaway, P., Shrimpton, T.: Deterministic authenticated encryption: A provable-security treatment of the keywrap problem (2006)

    Google Scholar 

  24. Meier, S., Cremers, C.J.F., Basin, D.A.: Strong invariants for the efficient construction of machine-checked protocol security proofs. In: [25], pp. 231–245

    Google Scholar 

  25. Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4-8. ACM (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LSV & INRIA Saclay – Île-de-France, France

    Robert Künnemann

  2. INRIA Project ProSecCo, Paris, France

    Robert Künnemann & Graham Steel

Authors
  1. Robert Künnemann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Graham Steel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Informatics, University of Oslo, P.O.Box 1080, 0316, Blindern, Oslo, Norway

    Audun Jøsang

  2. Dipartimento di Informatica, Università degli Studi di Milano, Via Bramante, 65, 26013, Crema, CR, Italy

    Pierangela Samarati

  3. National Research Center(CNR), Institute of Informatics and Telematics(IIT), Via G. Moruzzi, 1, 56124, Pisa, Italy

    Marinella Petrocchi

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Künnemann, R., Steel, G. (2013). YubiSecure? Formal Security Analysis Results for the Yubikey and YubiHSM. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds) Security and Trust Management. STM 2012. Lecture Notes in Computer Science, vol 7783. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38004-4_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38004-4_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38003-7

  • Online ISBN: 978-3-642-38004-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation