Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Recent Advances in Intrusion Detection

RAID 2013: Research in Attacks, Intrusions, and Defenses pp 204–222Cite as

Side-Channel Attacks on the Yubikey 2 One-Time Password Generator

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8145))

Abstract

The classical way of authentication with a username-password pair is often insufficient: an adversary can choose from a multitude of methods to obtain the credentials, e.g., by guessing passwords using a dictionary, by eavesdropping on network traffic, or by installing malware on the system of the target user. To overcome this problem, numerous solutions incorporating a second factor in the authentication process have been proposed. A particularly wide-spread approach provides each user with a hardware token that generates a One-Time Password (OTP) in addition to the traditional credentials. The token itself comprises a secret cryptographic key that, together with timestamps and counters, is used to derive a fresh OTP for each authentication. A relatively new yet wide-spread example for an OTP token is the Yubikey 2 produced by Yubico. This device employs an open-source protocol based on the mathematically secure AES and emulates a USB keyboard to enter the OTP in a platform-independent manner. In this paper, we analyse the susceptibility of the Yubikey 2 to side-channel attacks. We show that by non-invasively measuring the power consumption and the electro-magnetic emanation of the device, an adversary is able to extract the full 128-bit AES key with approximately one hour of access to the Yubikey 2. The attack leaves no physical traces on the device and can be performed using low-cost equipment. In consequence, an adversary is able to generate valid OTPs, even after the Yubikey 2 has been returned to the owner.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM Side-Channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  2. Bardou, R., Focardi, R., Kawamoto, Y., Simionato, L., Steel, G., Tsay, J.-K.: Efficient padding oracle attacks on cryptographic hardware. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 608–625. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  3. Bos, J.W., Osvik, D.A., Stefan, D.: Fast Implementations of AES on Various Platforms. IACR Cryptology ePrint Archive, 501 (2009)

    Google Scholar 

  4. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. Bright, P.: RSA finally comes clean: SecurID is compromised (June 2011)

    Google Scholar 

  6. Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  7. Curry, S.: Don’t Believe Everything You Read... Your RSA SecurID Token is Not Cracked. blog entry (June 2012)

    Google Scholar 

  8. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Elaabid, M.A., Guilley, S.: Portability of templates. Journal of Cryptographic Engineering 2(1), 63–74 (2012)

    Article  Google Scholar 

  10. Grand, J.: Hardware Token Compromises. Presentation at Black Hat USA 2004 (2004)

    Google Scholar 

  11. Kingpin. Attacks on and Countermeasures for USB Hardware Token Devices

    Google Scholar 

  12. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  13. Langer EMV-Technik. LF1 Near Field Probe Set. Website

    Google Scholar 

  14. Langer EMV-Technik. Preamplifier PA 303. Website

    Google Scholar 

  15. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer (2007)

    Google Scholar 

  16. Moradi, A., Barenghi, A., Kasper, T., Paar, C.: On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs. In: CCS 2011, pp. 111–124. ACM (2011)

    Google Scholar 

  17. Moradi, A., Kasper, M., Paar, C.: Black-Box Side-Channel Attacks Highlight the Importance of Countermeasures. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 1–18. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  18. Moradi, A., Oswald, D., Paar, C., Swierczynski, P.: Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering. In: Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays, FPGA 2013, pp. 91–100. ACM, New York (2013)

    Chapter  Google Scholar 

  19. Oswald, D., Paar, C.: Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World

    Google Scholar 

  20. Oswald, D., Paar, C.: Improving side-channel analysis with optimal linear transforms. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 219–233. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  21. Paterson, K., AlFardan, N.: On the Security of RC4 in TLS. Website (March 2013)

    Google Scholar 

  22. Pico Technology. PicoScope 5200 USB PC Oscilloscopes (2008)

    Google Scholar 

  23. Shanmugam, K.S.: Digital & Analog Communication Systems, ch. 8.3.2. Wiley-India (2006)

    Google Scholar 

  24. Sunplus Innovation Technology Inc., http://www.sunplusit.com

  25. Vamanu, L.: Formal Analysis of Yubikey. Master’s thesis, INRIA (2012)

    Google Scholar 

  26. Weisstein, E.W.: Variance. Mathworld - A Wolfram Web Resource (December 2010), http://mathworld.wolfram.com/Variance.html

  27. Yubico, http://www.yubico.com

  28. Yubico. Download of personalisation tool, http://www.yubico.com/products/services-software/personalization-tools/

  29. Yubico. How YubiKeys are manufactured, https://www.youtube.com/watch?v=s8_I1-ErZSQ

  30. Yubico. Yubico Reference Customers: Department of Defense, http://www.yubico.com/about/reference-customers/department-defence/

  31. Yubico. Yubikey Security Evaluation Version 2.0

    Google Scholar 

  32. Yubico. The YubiKey Manual. Yubico (May 2012)

    Google Scholar 

  33. Yubico. YubiKey NEO. Website (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany

    David Oswald, Bastian Richter & Christof Paar

Authors
  1. David Oswald
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bastian Richter
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christof Paar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Columbia University, 1214 Amsterdam Avenue, 10027, NY, USA

    Salvatore J. Stolfo

  2. Department of Computer Science, George Mason University, 22030, Fairfax, VA, USA

    Angelos Stavrou

  3. Department of Computer Science, Portland State University, 97201, Portland, OR, USA

    Charles V. Wright

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Oswald, D., Richter, B., Paar, C. (2013). Side-Channel Attacks on the Yubikey 2 One-Time Password Generator. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2013. Lecture Notes in Computer Science, vol 8145. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41284-4_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41284-4_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41283-7

  • Online ISBN: 978-3-642-41284-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation