Smartcard features on the YubiKey NEO

YubiKeys are a line of small and low-cost hardware security tokens popular for their one-time password (OTP) functionality.

While the basic YubiKey model is limited to generating OTPs when plugged into a USB port,

the more expensive NEO model adds contactless NFC support for OTP

and it can be configured as a smartcard—which opens up the possibility of several other use cases.

When we first looked at the NEO in April, the smartcard functionality was in a temperamental state.

Fortunately, things have matured quite a bit since then, which significantly increases the YubiKey NEO's value as a security tool.

To recap, both the regular YubiKey and the NEO include two virtual configuration "slots"

that can be set up independently.

Each slot can be loaded with a secret credential that the device will use to generate a security code in response

to a button press (one slot is bound to a short tap, the other to a longer press-and-hold).

The YubiKey presents itself as a standard USB human interface device (HID) keyboard,

so there are no drivers required on any platform:

one plugs it in and it works.

In this basic mode, each slot can be set up to send

a static password,

an Open Authentication (OATH)-compatible Hash-based message authentication code (HMAC)-based One-Time Password (HOTP),

a password for Yubico's own OTP service, or

an HMAC-SHA1 challenge-response code.

But this set of options is a bit of a limitation.

HOTP is not widely deployed, at least not in comparison to the other OATH standard, Time-based One-Time Passwords (TOTP).

The YubiKey cannot compute TOTP passwords internally, because doing so requires a realtime clock.

A YubiKey can generate a TOTP password when used in conjunction with a software program running on the computer

that the YubiKey is plugged into (using the HMAC-SHA1 challenge-response mode);

Yubico provides both a desktop Qt application and an Android app for this purpose.

This is a useful feature, since so many services use TOTP, but the YubiKey is still limited to storing two credentials.

Software-based competitors, like the Google Authenticator app for Android, can store any number of credentials.

But this is where the smartcard features can make up some of the difference.

The NEO includes a Common Criteria–certified JavaCard secure element, which can be loaded with several JavaCard applets. One of the applets developed by Yubico is an OATH implementation that can store multiple TOTP credentials, essentially allowing the NEO to serve as a Google Authenticator substitute—at least, a substitute on any device that the NEO can be connected to (which, of course, does not include every Android device on the market).

Smarts and cards

Back in April, however, the tools required to get the JavaCard applets running on the NEO

were in a bit of a rough state and the relevant information was limited

to whatever one could find by scouring the forums.

To be fair, of course, anyone without prior experience in the world of configuring

and using JavaCard hardware will face a difficult learning curve when tackling the task,

but the YubiKey software was spotty and the documentation sparse.

For example, it relied on an external tool to manage and upload applets to the JavaCard element—

one that suffered from incompatibilities with modern Linux systems.

Subsequently, though, Yubico wrote its own command-line program for interfacing with the NEO's JavaCard element,

developed a Qt-based graphical tool for configuring the NEO's mode and applet settings,

and put a considerable amount of work into developing a suite of applets.

A handful of these applets come with the NEO firmware, which spares new users the pain of compiling

and installing the applets altogether. But, if users so choose, they can still update the applets manually.

All of Yubico's client software is available from the Yubico site,

although most of it is also now packaged by mainstream Linux distributions.

Running:

    ykneomgr -a

will return the applets currently installed on an attached NEO, listed by their JavaCard Application Identifiers (AID). For example:

    0: a000000527200101
1: d2760000850101
2: d2760001240102000000000000010000
3: a000000308000010000100
4: a000000527210101

Determining which applets correspond to the AIDs, though, requires some searching, as there is no official list.

In this instance, there is a forum thread that sheds some light.

In order, these applets are

the basic NEO OTP functionality,

the NFC data-exchange functionality,

an OpenPGP applet,

a Personal Identity Verification (PIV) applet,

and the HOTP/TOTP OATH applet.

A new applet can be installed with

ykneomgr -i

and an existing applet deleted with

ykneomgr -D.

The basic OTP and NFC applets should not be deleted;

they implement the core functionality of the device and (at least as of today) source code is not available for them.

Source is provided only for the OATH applet and OpenPGP applet

(the latter of which is a slightly modified version of Joeri de Ruiter's GPLv2+ licensed JavaCard OpenPGP applet).

The JavaCard element can be protected with a PIN code to prevent unauthorized users from removing or replacing applets;

it is clearly a good idea to enable this protection, lest some attacker replace an applet on one's YubiKey.

Time for TOTP

The OATH applet is, for many users, the key piece of JavaCard functionality,

because it effectively removes the two-slot credential limitation

(how many HOTP/TOTP secrets it can hold varies, depending on their size, but the number is quite large)

and is compatible with the majority of two-factor authentication options in widespread usage.

To use it, the NEO must first be placed into the proper mode (by default, the JavaCard functionality is switched off, for wider compatibility).

The graphical neoman application sports a selector for toggling OTP mode and JavaCard mode (labeled CCID) independently.

The other half of the OATH applet is the client-side YubiOATH application.

The desktop version is Python-based; instructions and dependencies are listed on the application web page,

though the instructions for launching it are incorrect.

With the CCID-enabled NEO plugged into a USB port, the user can launch the OATH client application with

    python ./ui_systray.py &

This spawns a system-tray/taskbar application; right-clicking on its icon, one can open the main window,

which shows a list of the configured OATH accounts, the current codes for each account,

and a timer indicating how long the TOTP codes have before they expire and a new code regenerated.

In the Android YubiOATH app, one can swipe the NEO past the device NFC sensor

and see the TOTP codes generated.

The user experience is more or less identical to that of mobile apps like Google Authenticator

(in fact, the Android version of Yubico's client software even mimics the Google Authenticator icon).

But there are a few differences.

The important distinction is that the desktop OATH application has no access

to any cameras attached to the system (nor other image-input methods);

it can therefore not be used to load any HOTP/TOTP secrets that are only presented as QR codes.

In my tests, only about half of the two-factor authentication services

I configured displayed a text version of the HOTP/TOTP secret credential in addition to the QR code version.

The good news is that, because HOTP/TOTP credentials are stored on the NEO,

the NEO can be set up with the Yubico Authenticator app on an Android device,

and it will subsequently work on the desktop software, too.

But for those without an Android device, the Yubico desktop software will not work

with a QR-code–only configuration process.

PGP and other applet options

After the OATH applet, the most popular JavaCard applet for the NEO seems to be the OpenPGP applet.

Support for smartcard configuration and usage is built in to GnuPG,

and the NEO's OpenPGP applet works without too much trouble.

With the NEO plugged in, all configuration is done through the GnuPG command-line tools.

Typing gpg –card-edit opens the connection to the card;

the admin command enters configuration mode,

generategenerates a key pair, and so forth.

Earlier versions of the applet could only generate a new key pair

on the card itself (and could not import an existing key),

but this has been fixed in subsequent releases.

The one limitation to be aware of with the OpenPGP applet is

that the hardware has limits on the size and types of key it can store.

It supports maximum key sizes of 2048 bits for RSA keys

and 320 bits for Elliptic Curve Cryptography (ECC) keys (of the finite-field, ECC-over-GF(p) variety),

due to the limitations of the cryptographic coprocessor on the NXP A700x security microcontroller chip.

There are several key types allowed, but each must be explicitly supported—in fact,

GnuPG's ECC support was only added in the GnuPG 2.1 development branch,

and is regarded as unstable.

Yubico's Klas Lindfors told forum members that the company has been experimenting with other elliptical curve keys,

although at the moment it does not feel that GnuPG 2.1 has stabilized enough to roll out support.

For those interested in exploring the OpenPGP functionality in detail,

Yubico's Simon Josefsson has written a detailed account of how the NEO's OpenPGP applet can be used—

including quite a few less-than-common options like embedding a JPEG photo into the key.

The PIV applet implements an US National Institute of Standards and Technology (NIST) identity standard calledSP 800-73-3.

This is a FIPS specification that stores a secret key on the device, which is then usable to encrypt or sign messages.

In practice, this is far less likely to be of practical value than the OpenPGP applet

for those who do not have to work with US Government–mandated FIPS-compliant systems.

But other applets are certainly possible, and there appear to be users on the discussion forum

who have undertaken development of their own applets—including, for example, a Bitcoin wallet applet.

Yubico also seems to be working on other possibilities;

it has evidently developed a yet-to-be-released Bitcoin applet of its own

(which has been alluded to on the forums and is evident in the company's GitHub repository).

U2F and more

One final tidbit of trivia concerns Yubico's support for the

Universal 2nd Factor (U2F) two-factor authentication standard.

The standard is published by the FIDO Alliance, an industry group to which Yubico belongs.

Back when the first public drafts began to appear in early 2014,

Yubico announced its intention to support U2F in the YubiKey product line,

although exactly how it would do so remained unclear.

The company has now released two separate U2F-capable products.

One is a U2F-only token called the FIDO Security Key.

The other, however, is a refresh of the NEO that adds U2F functionality alongside the OTP and smartcard functions.

But only those NEOs shipped from Yubico after October 1 support U2F,

since it is implemented as a firmware-level feature.

Older NEOs cannot be field-upgraded to support U2F

because all YubiKey models—by design—cannot be reflashed with new firmware.

Since the product name was unchanged and there is no easy way to tell one NEO from another on the outside,

this refresh spawned a fair amount of confusion among YubiKey customers.

Some of them, in fact, took the company to task for advertising that the NEO was certified for U2F

but neither clearly stating that some NEOs would remain incompatible, nor offering purchasers any upgrade path.

On the other hand, it does seem like implementing U2F support in a JavaCard applet would be possible.

That idea has been floated multiple times on the forums, so far with no response either way from the company.

Then again, NEO owners' frustration with the U2F feature

may simply motivate some third-party developers to undertake the task on their own.

As always, it is difficult to form an objective conclusion about the value proposition that the YubiKey NEO provides.

The NEO remains quite a bit more expensive than the other YubiKey models ($50 compared to $25),

but with working smartcard functionality, it does quite a bit more.

The OATH applet support removes the two-slot configuration limit,

which is a big deal to many customers.

The case for the OpenPGP and PIV applets is harder to make.

There are many other smartcard options on the market,

most of which are cheaper than the NEO and many of which do not come with the same key-size limitations.

When it comes to getting the most value out of a piece of hardware, though,

the addition of OpenPGP functionality in such a compact and portable format is appealing, indeed.

The software side of the product remains muddled in several key places:

out-of-date or incorrect documentation,

numerous inconsistencies (even on simple matters like program names),

and very little in the way of support.

The company does seem to be committed to free software,

though—its releases tend to be GPLv3 unless they are derived from other works—

so perhaps it will simply require some additional engagement with the community

to make the simple user experience of the basic YubiKey viable for its more complex features as well.

The YubiKey NEO -- Smartcard features的更多相关文章

  1. The YubiKey NEO

    The YubiKey NEO The YubiKey line of hardware one-time-password (OTP) generators has been on the mark ...

  2. The YubiKey -- HOW IT WORKS

    A single YubiKey has multiple functions for protecting access to your email, your apps and your phys ...

  3. The YubiKey -- COMPARISON OF VERSIONS

    COMPARISON OF YUBIKEY VERSIONS   BASICSTANDARD & NANO BASICEDGE & EDGE-N PREMIUMNEO & NE ...

  4. 采访Philipp Crocoll:安卓平台上整合Java和C#

    在这个采访中,我们跟开源开发者Philipp Crocoll讨论了关于Keepass2Android的相关话题.Keepass2Android不仅具有强大的密码存储的功能,还是在一个单独的安卓应用同时 ...

  5. FIDO 标准简介

    FIDO 联盟(Fast IDentity Online Alliance)简介 网站:http://fidoalliance.org FIDO Alliance,成立于2012年7月. FIDO的目 ...

  6. Linux 工作站安全加固规范

    目标受众 这是一套 Linux 基金会为其系统管理员提供的推荐规范. 这个文档用于帮助那些使用 Linux 工作站来访问和管理项目的 IT 设施的系统管理员团队. 如果你的系统管理员是远程员工,你也许 ...

  7. ISO7816 (part 1-3) asynchronous smartcard information

    http://java.inf.elte.hu/java-1.3/javacard/iso7816.txt ============================================== ...

  8. Specific sleep staging features in EEG

    Source: MedScape Overview NREM and REM occur in alternating cycles, each lasting approximately 90-10 ...

  9. ECMAScript 6 Features 中文版

    ECMAScript 6 Features 中文版 如词不达意,欢迎提 PR & issue 采用中英混排的方式进行译制,如不解请查看对应原文 本文档将与原作者的 文档 保持同步更新,欢迎关注 ...

随机推荐

  1. JsRender 前端渲染模板常用API学习

    JsRender 常用API 1. $.templates() $.templates()方法是用来注册或编译模板的,使用的情况有以下几种. 把html字符串编译编译成模板 获取使用script标签声 ...

  2. wpf image blur

    RenderOptions.BitmapScalingMode="NearestNeighbor"

  3. gtk+学习笔记(八)

    框架(Frames)可以用于在盒子中封装一个或一组构件,框架本身还可以有一个标签.标签的位置和盒子的风格可以灵活改变. 框架可以用下面的函数创建: GtkWidget *gtk_frame_new( ...

  4. js中的异步[Important]

    js作为前端最主流的语言,主要处理页面显示变化(mutation)和异步(asynchronicity), js语言的基本要素和使用惯例的演化大都围绕着这两大主题,两者均值得总结和思考的主题, 这里先 ...

  5. hdu 5120(求两个圆环相交的面积 2014北京现场赛 I题)

    两个圆环的内外径相同 给出内外径 和 两个圆心 求两个圆环相交的面积 画下图可以知道 就是两个大圆交-2*小圆与大圆交+2小圆交 Sample Input22 30 00 02 30 05 0 Sam ...

  6. Java第三阶段学习(四、缓冲流)

    一.缓冲流: Java中提供了一套缓冲流,它的存在,可提高IO流的读写速度 缓冲流,根据流的分类分为:字节缓冲流与字符缓冲流. 二.字节缓冲流: 字节缓冲流根据流的方向,共有2个: 1.写入数据到流中 ...

  7. Linux下光盘镜像生成和刻录

    mkiosfs命令如在/root/下有文件file1 file2 file3maiosfs -o img.ios file1 file2 file3该命令将file1 file2 file3放入到im ...

  8. 初识angularJS的基本概念

    今天在这里分享分享我个人学习angular的知识点总结.在还没有接触到angular的时候,还真的不知道它到底有什么作用,直到我开始学习它,并且运用到它的时候,才知道angular这么强大.作为一个前 ...

  9. linux开启端口

    开放端口的方法: 方法一:命令行方式               1. 开放端口命令: /sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT    ...

  10. Redis的一些配置

    Redis的一些配置 daemonize 如果需要在后台运行,把该项设置为yes,默认为no pidfile 配置多个pid的地址,默认在/var/run/redis.pid bind 绑定ip,设置 ...