Yubico announces tiny, cheap YubiHSM 2(yubico.com) |
Yubico announces tiny, cheap YubiHSM 2(yubico.com) |
If Intel/AMD have a backdoor into every PC and server, then so does the US gov't (NSA, CIA, FBI, etc.) and of course other uninvited hackers from even hostile countries.
And how did Western society just accept all of this anti-democratic craziness?
If you trust this YubiHSM but not Intel CPUs, then it is very useful since encryption/decryption occurs on the YubiHSM, not the connected CPU. Just plug it into a computer with a CPU you do trust first to get the official public key(s) for future verifications!
If you don't trust this YubiHSM because of the example of Intel CPUs, then please share at what point you do trust third party hardware, so we can discuss how to get to useful encryption from there.
Would you only trust RAM you wire-wrapped yourself?
Would you only trust a motherboard you built from 7400 series logic gates, each of which you personally verified using X-rays?
The line has to be drawn somewhere, but without knowing where you want to do so your comment serves mostly to hijack discussion (which is fine).
A HSM does make attacks more difficult, and that is important. On the other hand, computers without backdoors would be _the_ significant step, though, to change the game.
I fundamentally dislike Intel and AMD for their stance on this. And I'm not alone.
Western societies, so as not to upset the guise of freedom and personal rights to privacy, do so in secret but it's not exclusive to them. China publicly mandates government backdoors into their equipment too.
However that is no reason not to use good security otherwise.
> And how did Western society just accept all of this anti-democratic craziness?
Because people buy it voluntary.
EDIT: On further thought, the small form factor would be good for physical verification. I could get a good, high-quality server, plug this into the front USB port, and then use some sort of transparent epoxy to seal it in. Having it on the front of the server would make it easy to quickly confirm that it's in place (instead of hunting around the back of the server, and it would be small enough to seal into the USB port.
The performance specs [1] say "HMAC-SHA-(1|256): ~4ms avg" which I guess is for 256 bits [2], compared to [3] which list a 6th gen Skylake 3.1 GHz doing it at 535 MB/s.
[1]: https://www.yubico.com/products/yubihsm/
[2]: But I have no idea, perhaps this is a stupid interpretation, in which case I'll turn around and blame them for being unclear.
The SC4-HSM also includes dedicated I/O (a display and two buttons) which makes it more secure than the Yubikey.
Disclosure: this is my product.
>mdewinter(2016Jul): They [undisclosed HSM vendor] did, with undocumented commands, export the key from the device in an unencrypted format and loaded it into the other model so that we could continue our operation.
(The first comment I ever favorited on HN.)
I looked briefly but can anyone link to where to buy one? Thanks in advance (either way: "buy" link or no) for the info.
[0]: https://github.com/RaymiiOrg/gnuk/blob/master/README
[1]: http://www.fsij.org/gnuk/howto-make-gnuk-usb-token-by-stm32-...
Yubico has a Type C Yubikey called the 4C Nano https://www.yubico.com/product/yubikey-4-series/#yubikey-4c-... of you're just looking for keys.
Though I can't see why you'd be so interested in a tiny HSM, could you tell me your use case?
(Disclosure: I once took a hardware product through the FIPS process)
https://en.wikipedia.org/wiki/FIPS_140-2#Security_levels
It's a subsection of the larger FIPS 140.
Tamper resistant/Tamper evident (and not being able to simply pop the hsm in your pocket while walking by) are important considerations around physical security.
These look great for home or SMB use, but wouldn't work in PCI-DSS or Classified environments.
https://www.yubico.com/support/knowledge-base/categories/art...
Presumably, the original YubiHSM sold well enough to justify the R&D to make the YubiHSM 2, even one that's not FIPS 140-2!
I've worked on several FIPS projects, and there's not a big demand for FIPS 140-2 unless the customer is handling government contracts and/or data. It's a good checkmark to have though.
This HSM has limited key storage capabilities to a hundred or so security objects.
The "pizza box vendors" stores hundreds to thousands of keys.
We typically employ key wrapping to reduce HSM key storage requirements, but only in certain situations.
It was also featured on HN: https://news.ycombinator.com/item?id=12053181
If you--not "we"--want a Kickstarter for something like this, you should go try it. It's much, much more difficult than you think, even without FIPS compliance.
Even most 'dedicated' systems do NOT have a direct link to the input terminals most of the times since they are simple usb keypads. Some smartcard readers for PC have pin-pads but this is rarely the case and they are way more expensive than a keyboard and a regular reader. The normal way is to process transaction data through the hsm, and onto the terminal after which the user has to see/check (on the terminal) if the data is correct. This is how the better (not best) Bank-transaction-verifiers work. A secure connection to the pinpad/terminal has and can be set up (either in advance, via a pre-known mechanism or ad-hoc), but there are some attack vectors there as well.
HSMs are not "MITM proof", the system at-large has to be. Using a HSM does not give you MITM proofness, but makes it sure the old-fashioned 'steal the private key and act like nothing happened' won't happen. Stupid design choices or even simple "call them and ask for a new intermediary certificate" sometimes cause more harm. You CA Root/CSP keys are safe but you are still screwed. Unless you steal the usb drive of course. There are still other ways to do a mitm though.
The main advantage is for small and medium businesses that they won't have to buy a hugely expensive ethernet/pcie HSMs from the known companies which are hugely overpriced (I have several on my desk and they range from 1-2K to 10K+, which are the cheap ones). It also helps with some legal compliance if YubiCo can get it FIPS 140-2 approved (which I doubt).
Considering they made it small, I guess they need to provide some form of duplication/backup since people are going to lose them.
> Most companies consider MITM an external compromise since the malicious actor is not on the machine itself or has no-longer access to the machine(s).
Securing HSM+Laptop is impossible compared to HSM. If laptop is secure, why even need HSM ?
> Even most 'dedicated' systems do NOT have a direct link to the input terminals most of the times since they are simple usb keypads. Some smartcard readers for PC have pin-pads but this is rarely the case and they are way more expensive than a keyboard and a regular reader.
If usbkeypad is not connected to a network and not attacked by evil maid, HSM+usbkeypad is still secure. But laptop is complex system, always connected to internet and has loosly regulated physical access.
> HSMs are not "MITM proof", the system at-large has to be.
Again if whole system is secure why need HSM ?
If user satisfy few conditions of using HSM, such as being rubberhose attack proof, the secrets MUST be secure irregardless of how insecure the larger system is.
This can be done using some ultra-slow homebrew whatever-level-you're-willing-to-trust custom hardware is necessary to satisfy the associated degree of paranoia.
Any user customization to HSM should be considered unsafe. The new system would be expensive and "brittle".
Cryptographically, this is possible (otherwise we wouldn't have public-key crypto. Humanely that's right, at some point in time someone will fuck up and reveal the backdoor.
The YubiHSM draws the line for "MITM-proof" (per your original comment) after initial key setup, in exchange for an order of magnitude reduction in price. The main difference between this and regular Yubikeys is the performance, things like supporting 16 concurrent connections. Yubico doesn't seem to use "MITM-proof" on their product page; is this basically a straw man? I guess it makes for an interesting discussion about the various theoreticals.
I am very much more interested in details on the tools you (as someone concered enough to ensure no one is misled) use to implement secure computing, most specifically how they have worked out for you in practice. Relatively inexpensive tools like Trezor and others with screens and buttons built-in may meet your criteria and suffice for personal use, but server-level performance isn't going to be there without a couple extra zeroes on the price.
Whats the point ? We already have a secure system.
Trezor is an ideal HSM. Chromebook C201 can make most secure (not sure if its enough) HSM laptop. And I dont think performence is a requirement.
I more suprised why people are using YubiHSM like devices to store root keys. I dont mean to shit on someoneelse's party.
I would be interested to see a performance comparison between a Trezor and the YubiHSM, v1 and/or v2. I assume the Trezor compares within an order of magnitude to a regular Yubikey of the same vintage. Trezor may even make sense as a "getting started" tool for server security under light load, especially if 6 of them combined even come close to matching the performance characteristics of the YubiHSM2. Perhaps this is the next logical market for the Trezor manufacturer to pursue?
Yubico is very up-front about the limitations of their device once you get to the point of reading the YubiHSM1 manual (couldn't find v2):
https://www.yubico.com/wp-content/uploads/2015/04/YubiHSM-Ma... [PDF] section "2.14 Security Considerations"
Although the physical security is a part of the concept, it should be explicitly underlined that the main design objective for the YubiHSM is to protect symmetrical keys and other sensitive in transit and data stored on servers from being compromised by remote attacks.
...
As a kind of final word on this subject, the reader may wish to bear in mind the practical and theoretical attacks in this realm must be soberly considered both rationally and practically and should neither be exaggerated nor neglected. The intention with YubiHSM is not the right product for all authentication needs, but to provide the most cost efficient vs. security compromise consistent with the YubiKey philosophy.
Today(-ish)? HN's anointed crypto expert says no.
https://news.ycombinator.com/item?id=14317331
>tptacek(2017May): The point of modern RSA is that we use a modulus that can't be factored by any conceivable computer, with limits derived from the physics of computation and projected far out into the future. We aren't a supercomputer advance away from factoring 2048 bit moduli.
I could put it another way with regards to the EC algorithms. Many people do not trust the P-series curves, or the brainpool curves, and so for them there is support for curve 25519.
plaintext <-> crypto <-> blob <-> *compromised server/anything but quantum computing* <-> blob <-> crypto / YubiHSM
*my compromised PC* <-> plaintext <-> crypto <-> blob <-> crypto / Yubikey
My point is that I could securely "crypto" from my academic-dreamland/whatever secure computer through any transport to a YubiHSM connected to a compromised PC, if I trust Yubico (and the supply chain delivering their hardware) and the YubiHSM's initial/one-time setup.
1. A somehow convinces the remote party that the actual public key is X' instead of X. Ciphertext comes in, attacker decrypts it. Done.
2. A intercepts ciphertext, feeds it to Yubikey for decryption, and gets the resulting plaintext over USB (or whatever). Note: this is assuming that the Yubikey doesn't have encrypted filesystem support or similar.
Combining 1&2, A can use the Yubikey as an oracle to perform unlimited authentications, signing, and decryptions.
The only advantage provided by a Yubikey is that your keys cannot be remotely exfiltrated. Physical attacks on the hardware are still possible though.
It is true that hardware tokens without an integrated external I/O (not through the PC it is plugged into) are vulnerable to this type of attack during initial key setup. Maybe they should support using the indicator LED to morse code thumbprints or something, but if you can't trust I/O to the device during setup you're going to have a bad time. I will quote my original caveat here:
> Just plug it into a computer with a CPU you do trust first to get the official public key(s) for future verifications!
Your second point seems to be that the plaintext has to be exposed (either going in or coming out) at the USB/hardware interface level, which makes more sense to discuss. The sales page promises the following, but I didn't quickly find any details on how it works:
https://www.yubico.com/products/yubihsm/
Secure session between HSM and application
The integrity and privacy of commands and data in transit between the HSM and applications are protected using a mutually authenticated, integrity and confidentiality protected tunnel.
I don't know about Yubikeys, but if they can sign their emitted plaintext, they could be used to similar effect.
As long as you mitigate the current exploit, you've stopped any forgeries from that point forward.
The module only supported two interfaces:
1. Network -> Buffer, where it takes a packet with a particular structure and encrypted data and emits a signed plaintext.
2. Buffer -> Network, where it takes a request, result, and proof object and sends them out after signing and encrypting.
We were using it to front solvers that did a lot of work to solve constraints and emitted a proof object, so clients would send us requests (not our problem how they generate them) and then we had to show we did the right thing. The CPU didn't know either key, so it could either:
1. Compute the right thing, have results signed.
2. Compute something that doesn't match the signed request; have its faulty proof signed and returned. (Detected by the consumer when they verify.)
3. Fail to compute.
So this was guarding the case where a CPU was compromised and could possibly emit faulty (or malicious) results.
The point is that HSMs can allow for securing a computation chain if you can securely sign the root, even against compromised CPUs.
Most interactions with remote servers involve higher-level crypto primitives, but if a secure client has these keys it should be possible to interact securely with a remote YubiHSM (assuming secure initial setup, keys must remain secure, etc.).
Take TLS/HTTPS as an example. The underlying assumption is that your browser's and/or OS certificate store are trusted. If an attacker compromises your machine and adds a new certificate to that "trusted" store, all secure communication is broken. That is the inherent weakness of public-key crypto.
Back to the Yubikey scenario. Let's say a remote server R wants to talk to the Yubikey Y on your PC. Y initially generates a key pair and then (somehow) securely delivers the public key to the remote server R. Clearly, whenever R sends something to Y, an attacker wouldn't be able to decrypt the message unless it has the private key which is securely stored on the HSM.
Scenario (1) above was looking at the case of an attacker who somehow "tricks" R into updating/replacing/revoking the original public key and inserting his own key into the remote key database. If successful, the attacker could then intercept all inbound communication from the remote server and decrypt it.
> The sales page promises the following, but I didn't quickly find any details on how it works:
It looks like marketing speak to me honestly. If the computer/server the Yubikey is talking to is compromised, there really is nothing stopping an attacker from using the Yubikey to perform arbitrary encryptions and decryptions.
[edited] That is why I don't see this as relevant, it is outside the threat model any HSM attempts to protect against. More mitigation is possible than the YubiHSM provides, using a display/inputs on the HSM itself to verify keys and choose/confirm operations.
I appreciate your patience in carefully explaining your perspective, and this issue is definitely something to keep in mind in general.
I agree completely. It's just something to keep in mind.