Side-Channel Attacks on the Yubikey 2 One-Time Password Generator

Oswald, David; Richter, Bastian; Paar, Christof

doi:10.1007/978-3-642-41284-4_11

Cited by 26 publications

(14 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is due to the fact that they require measurements that can only be done if the attacker has physical access to the machine. These include power [24,28,32], electromagnetic (EM) emanation [30], and acoustical [17,42] analyses, where the attacker needs to measure the power consumed, the EM field produced, or the sound produced by the device, respectively. In all cases, the instructions executed often have a distinct power, EM, or sound measurement.…”

Section: Side Channel Attacks On Cryptography Implementationsmentioning

confidence: 99%

Information Leaks Without Memory Disclosures

Seibert

Okhravi

Söderström³

2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Code diversification has been proposed as a technique to mitigate code reuse attacks, which have recently become the predominant way for attackers to exploit memory corruption vulnerabilities. As code reuse attacks require detailed knowledge of where code is in memory, diversification techniques attempt to mitigate these attacks by randomizing what instructions are executed and where code is located in memory. As an attacker cannot read the diversified code, it is assumed he cannot reliably exploit the code.In this paper, we show that the fundamental assumption behind code diversity can be broken, as executing the code reveals information about the code. Thus, we can leak information without needing to read the code. We demonstrate how an attacker can utilize a memory corruption vulnerability to create side channels that leak information in novel ways, removing the need for a memory disclosure vulnerability. We introduce seven new classes of attacks that involve fault analysis and timing side channels, where each allows a remote attacker to learn how code has been diversified.

show abstract

Section: Side Channel Attacks On Cryptography Implementationsmentioning

confidence: 99%

Information Leaks Without Memory Disclosures

Seibert

Okhravi

Söderström³

2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…We demonstrate in [ORP13] that SCA attacks are a relevant threat for the tokens: A non-invasive side-channel analysis exploiting the EM emanations of the AES implementation requires approximately 500 EM measurements to recover the full key. Given approximately one hour of access to a Yubikey 2, an adversary can impersonate the legitimate owner and generate valid one-time passwords, even after the token has been returned.…”

Section: One-time Password Tokensmentioning

confidence: 99%

Sweet Dreams and Nightmares: Security in the Internet of Things

Kasper

Oswald

Paar

2014

Information Security Theory and Practice. Securing the Internet of Things

Self Cite

View full text Add to dashboard Cite

Abstract. Wireless embedded devices are predominant in the Internet of Things: Objects tagged with Radio Frequency IDentification and Near Field Communication technology, smartphones, and other embedded tokens interact from device to device and thereby often process information that is security or privacy relevant for humans. For protecting sensitive data and preventing attacks, many embedded devices employ cryptographic algorithms and authentication schemes. In the past years, various vulnerabilities have been found in commercial products that enable to bypass the security mechanisms. Since a large number of the devices in the field are in the hands of potential adversaries, implementation attacks (such as side-channel analysis and reverse engineering) can play a critical role for the overall security of a system. At hand of several examples of assailable commercial products we demonstrate the potential impact of the found security weaknesses and illustrate "how to not do it".

show abstract

“…An independent analysis was given by blogger Fredrik Björck in 2009 [6,7], raising issues that Yubico responded to in a subsequent post. Oswald, Richter, et al [21] analyze the YubiKey, generation 2, for side-channel attacks. They show that noninvasive measurements of the power consumption of the device allow retrieving the AES-key within approximately one hour of access.…”

Section: Related Workmentioning

confidence: 99%

Formal veriﬁcation of the YubiKey and YubiHSM APIs in Maude-NPA

González-Burgueño

Aparicio-Sánchez

Escobar

et al.

EPiC Series in Computing

View full text Add to dashboard Cite

In this paper, we perform an automated analysis of two devices developed by Yubico: YubiKey, designed to authenticate a user to network-based services, and YubiHSM, Yubico's hardware security module. Both are analyzed using the Maude-NPA cryptographic protocol analyzer. Although previous work has been done applying automated tools to these devices, to the best of our knowledge there has been no completely automated analysis to date. This is not surprising, because both YubiKey and YubiHSM, which make use of cryptographic APIs, involve a number of complex features: (i) discrete time in the form of Lamport clocks, (ii) a mutable memory for storing previously seen keys or nonces, (iii) event-based properties that require an analysis of sequences of actions, and (iv) reasoning modulo exclusive-or. In this work, we have been able to both prove properties of YubiKey and find the known attacks on the YubiHSM, in a completely automated way beyond the capabilities of previous work in the literature.

show abstract

Side-Channel Attacks on the Yubikey 2 One-Time Password Generator

Cited by 26 publications

References 13 publications

Information Leaks Without Memory Disclosures

Information Leaks Without Memory Disclosures

Sweet Dreams and Nightmares: Security in the Internet of Things

Formal veriﬁcation of the YubiKey and YubiHSM APIs in Maude-NPA

Contact Info

Product

Resources

About