The YubiKey 5’s Hidden Weakness: A Side-Channel Vulnerability Threatens Two-Factor Authentication
Two-factor authentication (2FA) has become a cornerstone of online security, adding an extra layer of protection beyond passwords. Hardware tokens, such as the popular YubiKey 5, play a crucial role in this security paradigm, offering a secure and convenient way to generate and store authentication codes. However, recent research has revealed a concerning vulnerability within the YubiKey 5, jeopardizing the very security it aims to provide.
NinjaLab, a security research firm, discovered a side-channel vulnerability in the YubiKey 5 series, affecting all models running firmware versions prior to 5.7. This flaw, residing within a widely used microcontroller, could allow a determined attacker with temporary physical access to clone the device, effectively hijacking the user’s online accounts.
Understanding the Side-Channel Attack
Side-channel attacks, unlike traditional attacks that exploit software vulnerabilities, focus on extracting sensitive information by observing physical characteristics of a device during computation. In this case, the vulnerability lies in the Infineon Optiga Trust M microcontroller, specifically in how it implements the Elliptic Curve Digital Signature Algorithm (ECDSA), a widely used digital signature scheme.
ECDSA relies on a secret key stored within the YubiKey to generate digital signatures, which are then used to verify the authenticity of transactions. The YubiKey 5 utilizes a technique called ephemeral key generation to create unique keys for each authentication attempt. However, the Infineon implementation of modular inversion, a crucial mathematical operation used in ECDSA, suffers from a timing attack vulnerability.
The attacker, equipped with specialized equipment, can measure the time required for the YubiKey to perform modular inversion operations. These timing discrepancies, known as "timing side channels," reveal crucial information about the ephemeral key used during the authentication process.
"This vulnerability lies in the ECDSA ephemeral key (or nonce) modular inversion, and, more precisely, in the Infineon implementation of the Extended Euclidean Algorithm (EEA for short). To our knowledge, this is the first time an implementation of the EEA is shown to be vulnerable to side-channel analysis," explains Thomas Roche, cofounder of NinjaLab.
The Impact of the Vulnerability
The consequences of this vulnerability are significant. An attacker with temporary physical access to a YubiKey 5 can exploit this flaw to recover the device’s secret ECDSA key. This compromised key can then be used to impersonate the legitimate user, granting unrestricted access to their online accounts.
Yubico, the manufacturer of YubiKey, has acknowledged the vulnerability and released firmware version 5.7, which replaces the Infineon cryptographic library with a custom implementation. However, updating the firmware on the YubiKey 5 is not possible, meaning that all affected devices remain vulnerable.
"An attacker could exploit this issue as part of a sophisticated and targeted attack to recover affected private keys," Yubico’s security advisory confirms. "The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM; knowledge of the accounts they want to target; and specialized equipment to perform the necessary attack."
A Deeper Look at the Issue
The modular inversion operation used in ECDSA relies on the Extended Euclidean Algorithm (EEA) to find the multiplicative inverse of a number within a finite field. The Infineon implementation of the EEA, however, fails to implement a common side-channel defense known as constant time.
Constant time implementations ensure that the execution time of cryptographic operations remains uniform, regardless of the specific key being used. This prevents attackers from gleaning information based on timing differences, effectively mitigating side-channel vulnerabilities.
"By using an oscilloscope to measure the electromagnetic radiation while the token is authenticating itself, the researchers can detect tiny execution time differences that reveal a token’s ephemeral ECDSA key, also known as a nonce," explains a security researcher from another firm. "Further analysis allows the researchers to extract the secret ECDSA key that underpins the entire security of the token."
A Widespread Problem?
The vulnerability in the YubiKey 5 is not isolated. The Infineon Optiga Trust M microcontroller is widely used in various security applications, including banking, electronic passports, and access control systems. While NinjaLab has focused on the YubiKey 5, they suspect that other devices using the same microcontroller could be affected.
"In fact all products relying on the ECDSA of Infineon cryptographic library running on an Infineon security microcontroller are affected by the attack," Roche warns in their disclosure report. "We estimate that the vulnerability exists for more than 14 years in Infineon top secure chips."
A Call to Action
This vulnerability highlights the crucial need for robust security practices in the design and implementation of cryptographic algorithms. It underscores the importance of constant time implementations to mitigate side-channel vulnerabilities, even in the most secure devices.
The YubiKey 5 vulnerability serves as a stark reminder that even seemingly secure technology can be vulnerable to sophisticated attacks. It emphasizes the need for continued vigilance and proactive security measures in the face of evolving threats.
For users of the YubiKey 5, upgrading to firmware version 5.7, if possible, is essential. However, it is crucial to note that the vast majority of YubiKey 5 devices cannot be updated due to hardware limitations.
For manufacturers and developers, this vulnerability reinforces the need for thorough security audits and the use of secure cryptographic libraries. The use of constant-time algorithms, combined with proactive threat modeling and security testing, can help prevent similar vulnerabilities from emerging.
This discovery has significant implications for the future of hardware tokens and two-factor authentication. By addressing these vulnerabilities and bolstering security practices, we can ensure that these essential technologies continue to provide strong and reliable security for users online.
