Purpose of this token
This security token is intended to be used as a development platform for security applications.
It is built around a LPC55Sxx chip and a SE050 secure element both from NXP.
This token has the same form factor as the OpenSK token
from Google therefore its case can be reused.
What is the added value of YAST?
On the market there is already a large amount of security tokens. Most of them are based on proprietary designs while some others are open source. On one hand, closed source tokens seem to be based on secure elements while on the other hand, as far as I know, open source tokens are based on standard, not security certified, chips like STM32 chips. This design choice seems to be mainly dicted by concerns about NDA which come with Secure Elements.
From my point of view this is a real problem. I agree some tokens based on secure elements are not exempt from vulnerabilities like the Titan security key from Google. In fact, this token is based on a pretty old secure element A7005 from NXP and therefore things which were secure almost ten years ago are no more secure now. However if a old secure element is now vulnerable (but more than 4 months of work were needed to discover and exploit the vulnerability), old non secure chips are **far more** vulnerable. For example, it is possible to extract the firmware from an STM32F1 chip using a pure software attack (ok this is not entirely true as an access to the SWD port is needed). This is this chip which is used in the Nitrokey Start key from Nitrokey.
While using a secure element is not a "cure-all", using non-secure and non-certified chips for secure application is almost always a bad idea as you relies on a "untrusted" (not certified) chip executing an "untrusted" (not certified) code. Here openess is not really a huge advantage as there is very few people around the world which have the required skills needed to perform a valuable security assessment of a security token.
So how a security token can be built using a secure element and still be open source? SE050 security chip from NXP is a preprogrammed secure element embedding a really versatile security applet. All documentation is freely accessible on NXP's website (some documentation requires an account to be accessible) and therefore no NDA is required. The YAST key embeds both a LPC55Sxx chip and the SE050 SE. LPC55Sxx chip can be binded to its SE050 companion using its embedded PUF (Physical Unclonable Function). The resulting hardware comes with both the flexibility and the power of the LPC55 chip and the security of the SE050 secure element which has been certified at level EAL6+ (Hardware and OS) according to the Common Criterias.
For which application the YAST token can be used?
YAST token is made of a LPC55Sxx MCU connected to a SE050 coprocessor which acts as a secure cryptographic library. SE050 is designed to prevent both leakage of cryptographic keys and their usage by unauthorized users. In consequence, YAST token is suited for applications which extensively use cryptographic primitives. However, others processing taking place on LPC55 side do not benefit from SE050 high security level. So before using YAST token for a given application, you should be sure that the following hypothesis are verified:
- LPC55Sxx does not implements any security functions and it is only used as an interface between SE050 chip and the host PC.
- Or, LPC55Sxx implements some security functions but they can only be used if the user is properly authenticated by the SE050 AND the legitimate user is not willing to attack his own token.
Concretely, the YAST token can be used to implement application like OpenPGP card (demo application available), FIDO2 protocol (but YAST token does not have any led) or HSM-like application.
SE050 has some limitations which can be circumvented:
- PIN object cannot be atomically updated. You have to first delete then
create a new PIN object. If a power loss occurs between PIN...
There has been a great deal of value to me in my involvement with the project. Would like to share it with the security companies in los angeles team so they can also read it and implement something new.