5.4 Firmware: Overview of Features & Capabilities

Secure Channel

The descriptions below are brief summaries. For more in-depth coverage of the secure channel feature, see Yubico Secure Channel Technical Description, Secure Channel Key Diversification and Programming, and Yubico SCP03 Developer Guidance.

Secure Channel and Security Domains

SCP03 (Secure Channel Protocol 03), which is part of the GlobalPlatform standard, is a framework for mutual authentication and encrypted transport between hosts and secure elements in smart cards. Yubico has implemented a secure channel based on the SCP03 specification.

The transport key sets used for establishing the secure channels are protected in the secure channel security domain in the secure element. A transport key set contains three long-lived AES keys. When a session is established, the session AES keys are derived from the long-lived transport key set.

In the YubiKey implementation, secure channel is used for establishing an authenticated and encrypted communication channel over CCID between a host and the secure element on the YubiKey. The YubiKey security domain can store three concurrent long-lived transport key sets. In order to import new transport key sets, a secure channel must be established with the security domain. This has to be done with a previously loaded transport key set or the default transport key set.

Benefits and Usage

The secure channel feature is of particular interest to those looking to load application keys onto the YubiKey to be used with the CCID applications OATH, OpenPGP, or PIV.

_images/writing-CCID-application-keys-over-SCP03.png

Writing CCID Application Keys over SCP03

Encryption application keys may be stored at the CMS server as well as at the YubiKey. If the YubiKey is lost or compromised, it will then be possible to recover the encryption key and load it on a replacement YubiKey.

Note, however, that applications based on PKCS #11 or Microsoft CNG will typically not utilize the secure channel.

Each secure channel transport key set is written to the YubiKey security domain and stored in a server, typically a CMS system. The host that is accessing the YubiKey has an agent that connects to the CMS system to retrieve the secure channel key set. Based on the secure channel key set, both at the host and the YubiKey, a secure session is established.

_images/establish-SCP03-secure-channel.png

Establish SCP03 Secure Channel

Secure channel allows for remote access of YubiKeys over the CCID interface. This includes programming or communication from CCID functions. The main users of the secure channel and security domain will be other applications that can be used over the CCID interface, i.e., OATH-HOTP/TOTP, OpenPGP, or PIV.

Secure Channel: Key Diversification

Key diversification is the process of deriving a secure channel static transport key set from a Batch Master Key (BMK), the YubiKey identifier (part of serial number), and additional metadata.

Benefits and Usage

Key diversification enables simplified and secured distribution of secure channel transport key sets as only the BMK must be shared with the CMS system to derive the YubiKey transport key sets. The BMK could be protected by the YubiHSM2.

The secure channel transport key sets can be preprogrammed at the YubiKey batches by Yubico, if the Yubico supply chain has access to the BMK of the CMS vendor.

Another option is for the CMS system to generate the secure channel transport key sets based on the YubiKey serial numbers, the BMK, and additional metadata. The CMS can then use the initial secure channel transport key set for writing additional secure channel transport key sets to the YubiKeys.

_images/SCP03-key-diversification.png

SCP03 Key Diversification

For more technical information, see Secure Channel Key Diversification and Programming.

Secure Channel CPLC Data

Card Production Life Cycle (CPLC) data is officially deprecated from the SCP03 standard, but it is still widely used to hold card data specific to CMS services or to uniquely identify smart cards. Yubico has implemented the CPLC data object to allow for the uniqueness of YubiKeys to CMS vendors.

Benefits and Usage

Simply put, CPLC is a random dataset that is stored at the YubiKey, to be used for uniquely identifying the YubiKey in a CMS system.

PIV Enhancements

For more technical information than the brief description here, see PIV Enhancements Technical Description.

PIV Metadata

YubiKey PIV metadata enables the YubiKey PIV application to report on the characteristics of specific cryptographic keys in the requested PIV slot.

PIV metadata was introduced with YubiKey firmware v5.3.0 described on Yubico’s developer website.

Benefits and Usage

YubiKey PIV metadata enables services and client software to obtain information about the PIV keys in a centralized location, as opposed to querying PIV Attestation.

PIV Management Key (AES)

PIV management operations of the YubiKey 5 require the use of the PIV Management Key. Up until now, the PIV management key has been a 3DES key for the YubiKey 5. With the introduction of the 5.4.X firmware, the Management Key can also be an AES key.

This feature expands the management key type held in PIV slot 9b to include AES keys (128, 192 and 256) as defined in the PIV specification (SP800-78-4, section 5).

Benefits and Usage

This feature is of great interest to those marketing their products to US governmental agencies requiring PIV compliance.

PIV management key in AES format ensures YubiKey compliance with current or future FIPS-compliant CMS services.

NFC ID: Calculation Changed

The YubiKey NFC ID calculation has been modified to assist NFC readers and access management systems (door locks) in distinguishing between different YubiKeys.

The YubiKey NFC ID is now calculated in a way that a unique string is returned in the first part of the NFC ID.

Prior to the release of the 5.4 firmware, the fact that certain access control systems truncate the YubiKey NFC ID meant that YubiKey 5 NFC IDs appeared to be non-unique.

Benefits and Usage

This feature is of interest to vendors of physical access control systems and door protection systems utilizing NFC readers. This feature expands support for physical access systems using the NFC ID tag to uniquely identify NFC-enabled YubiKeys, including those without serial numbers.

For more technical information on this, see NFC ID Calculation Technical Description.

YubiHSM Auth

YubiHSM Auth is a CCID application that can store long-lived credentials (AES keys) that are used to establish secure sessions to a YubiHSM 2. By providing an external challenge, a derivation scheme that yields three session keys is executed. The session keys are not stored on the YubiKey but simply output as a result. The session keys can be used for authentication to the YubiHSM 2. The authentication scheme is based on SCP03 (see Secure Channel above). Each long-lived YubiHSM Auth credential is protected by a user access code that has to be provided to authenticate each session. Storing and deleting credentials requires a separate admin access code.

Benefits and Usage

YubiHSM Auth enables the secure storage of the long-lived credentials for accessing a YubiHSM 2. The existing authentication solution for the YubiHSM 2 is based on software credentials derived from the PBKDF2 algorithm with a password as input.

Generating keys using PBKDF2 is just for convenience; it is possible to provide AES keys directly. It is important not to lose the derivation password or the keys themselves (as those are basically the same thing), but the fact that those credentials exists outside of a secure element and need to be given to the program that uses them in clear text and which loads them into memory opens up attack vectors. With YubiHSM Auth the only thing that exists outside of a secure environment is the session keys, which are ephemeral.

For more details, see YubiHSM Auth.