Abstract
The Yubikey is a small hardware device designed to authenticate a user against network-based services. Despite its widespread adoption (over a million devices have been shipped by Yubico to more than 20 000 customers including Google and Microsoft), the Yubikey protocols have received relatively little security analysis in the academic literature. In the first part of this paper, we give a formal model for the operation of the Yubikey one-time password (OTP) protocol. We prove security properties of the protocol for an unbounded number of fresh OTPs using a protocol analysis tool, tamarin.
In the second part of the paper, we analyze the security of the protocol with respect to an adversary that has temporary access to the authentication server. To address this scenario, Yubico offers a small Hardware Security Module (HSM) called the YubiHSM, intended to protect keys even in the event of server compromise. We show if the same YubiHSM configuration is used both to set up Yubikeys and run the authentication protocol, then there is inevitably an attack that leaks all of the keys to the attacker. Our discovery of this attack lead to a Yubico security advisory in February 2012. For the case where separate servers are used for the two tasks, we give a configuration for which we can show using the same verification tool that if an adversary that can compromise the server running the Yubikey-protocol, but not the server used to set up new Yubikeys, then he cannot obtain the keys used to produce one-time passwords.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Bonneau, J., Herley, C., van Oorschot, P.C., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of Web authentication schemes. Technical Report UCAM-CL-TR-817, University of Cambridge, Computer Laboratory (March 2012); Shorter version appears in Proceedings of IEEE Symposium on Security and Privacy (2012)
Yubico AB: Yubico customer list, http://www.yubico.com/references
Yubico AB: Yubikey security evaluation: Discussion of security properties and best practices v2.0. (September 2009), http://static.yubico.com/var/uploads/pdfs/Security_Evaluation_2009-09-09.pdf
Björck, F.: Yubikey security weaknesses. On Security DJ Blog (February 2009), http://web.archive.org/web/20100203110742/http://security.dj/?p=4
Björck, F.: Increased security for yubikey. On Security DJ Blog (August 2009), http://web.archive.org/web/20100725005817/http://security.dj/?p=154
Vamanu, L.: Formal analysis of Yubikey. Master’s thesis, École normale supérieure de Cachan (August 2011), http://n.ethz.ch/~lvamanu/download/YubiKeyAnalysis.pdf
Schmidt, B., Meier, S., Cremers, C.J.F., Basin, D.A.: Automated analysis of diffie-hellman protocols and advanced security properties. In: Proceedings of the 25th IEEE Computer Security Foundations Symposium, CSF 2012, pp. 78–94 (2012)
Kaminsky, D.: On the RSA SecurID compromise (June 2011), http://dankaminsky.com/2011/06/09/securid/
Yubico Inc.: Yubihsm 1.0 security advisory 2012-01 (February 2012) (published online), http://static.yubico.com/var/uploads/pdfs/SecurityAdvisory%202012-02-13.pdf
Yubico AB Kungsgatan 37, 111 56 Stockholm Sweden: The YubiKey Manual - Usage, configuration and introduction of basic concepts (Version 2.2) (June 2010), http://www.yubico.com/documentation
Yubico AB Kungsgatan 37, 111 56 Stockholm Sweden: YubiKey Authentication Module Design Guide and Best Practices (Version 1.0), http://www.yubico.com/documentation
Kamikaze28, et al.: Specification of the Yubikey operation in the Yubico wiki (June 2012), http://wiki.yubico.com/wiki/index.php/Yubikey
The yubikey-val-server-php project: Validation protocol version 2.0. (October 2011), http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV20
Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of bounded security protocols. In: Heintze, N., Clarke, E. (eds.) Proceedings of the Workshop on Formal Methods and Security Protocols — FMSP, Trento, Italy (1999), Electronic proceedings, http://www.cs.bell-labs.com/who/nch/fmsp99/program.html
Blanchet, B.: Automatic verification of correspondences for security protocols. Journal of Computer Security 17(4), 363–434 (2009)
Arapinis, M., Ritter, E., Ryan, M.D.: Statverif: Verification of stateful processes. In: CSF, pp. 33–47. IEEE Computer Society (2011)
Mödersheim, S.: Abstraction by set-membership: verifying security protocols and web services with databases. In: [25], pp. 351–360
Guttman, J.D.: State and progress in strand spaces: Proving fair exchange. J. Autom. Reasoning 48(2), 159–195 (2012)
Yubico AB Kungsgatan 37, 111 56 Stockholm Sweden: Yubico YubiHSM - Cryptographic Hardware Security Module (Version 1.0) (September 2011), http://www.yubico.com/documentation
Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). RFC 3610 (Informational) (September 2003)
Yubico AB Kungsgatan 37, 111 56 Stockholm Sweden: Yubicloud Validation Service - (Version 1.1) (May 2012), http://www.yubico.com/documentation
Habets, T.: Yubihsm login helper program, http://code.google.com/p/yhsmpam/
Rogaway, P., Shrimpton, T.: Deterministic authenticated encryption: A provable-security treatment of the keywrap problem (2006)
Meier, S., Cremers, C.J.F., Basin, D.A.: Strong invariants for the efficient construction of machine-checked protocol security proofs. In: [25], pp. 231–245
Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4-8. ACM (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Künnemann, R., Steel, G. (2013). YubiSecure? Formal Security Analysis Results for the Yubikey and YubiHSM. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds) Security and Trust Management. STM 2012. Lecture Notes in Computer Science, vol 7783. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38004-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-38004-4_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38003-7
Online ISBN: 978-3-642-38004-4
eBook Packages: Computer ScienceComputer Science (R0)