Side-Channel Attacks on the Yubikey 2 One-Time Password Generator [chapter]

David Oswald, Bastian Richter, Christof Paar
2013 Lecture Notes in Computer Science  
The classical way of authentication with a username-password pair is often insufficient: an adversary can choose from a multitude of methods to obtain the credentials, e.g., by guessing passwords using a dictionary, by eavesdropping on network traffic, or by installing malware on the system of the target user. To overcome this problem, numerous solutions incorporating a second factor in the authentication process have been proposed. A particularly wide-spread approach provides each user with a
more » ... ardware token that generates a One-Time Password (OTP) in addition to the traditional credentials. The token itself comprises a secret cryptographic key that, together with timestamps and counters, is used to derive a fresh OTP for each authentication. A relatively new yet widespread example for an OTP token is the Yubikey 2 produced by Yubico. This device employs an open-source protocol based on the mathematically secure AES and emulates a USB keyboard to enter the OTP in a platform-independent manner. In this paper, we analyse the susceptibility of the Yubikey 2 to side-channel attacks. We show that by noninvasively measuring the power consumption and the electro-magnetic emanation of the device, an adversary is able to extract the full 128-bit AES key with approximately one hour of access to the Yubikey 2. The attack leaves no physical traces on the device and can be performed using low-cost equipment. In consequence, an adversary is able to generate valid OTPs, even after the Yubikey 2 has been returned to the owner.
doi:10.1007/978-3-642-41284-4_11 fatcat:strylhjlg5bvfoopn377lphu64