YAST security token

An open source highly secure USB dongle for security applications like OpenPGP card or FIDO2

Similar projects worth following
Starting from
mimok has 17 orders / 0 reviews
Ships from France
YAST (Yet Another Security Token) is an open source USB security token which can be used to implement standards like OpenPGP card of FIDO2. Unlike others open source security tokens (as far as i know), YAST embeds a CC certified at EAL6+ secure element allowing to securely store and protect secrets. SE050 secure element can be binded to the LPC55Sxx main MCU using the LPC internal PUF (Physical Unclonable Function).

Purpose of this token

This security token is intended to be used as a development platform for security applications.

It is built around a LPC55Sxx chip and a SE050 secure element both from NXP.
This token has the same form factor as the OpenSK token
from Google therefore its case can be reused.

What is the added value of YAST?

On the market there is already a large amount of security tokens. Most of them are based on proprietary designs while some others are open source. On one hand, closed source tokens seem to be based on secure elements while on the other hand, as far as I know, open source tokens are based on standard, not security certified, chips like STM32 chips. This design choice seems to be mainly dicted by concerns about NDA which come with Secure Elements.

From my point of view this is a real problem. I agree some tokens based on secure elements are not exempt from vulnerabilities like the Titan security key from Google. In fact, this token is based on a pretty old secure element A7005 from NXP and therefore things which were secure almost ten years ago are no more secure now. However if a old secure element is now vulnerable (but more than 4 months of work were needed to discover and exploit the vulnerability), old non secure chips are **far more** vulnerable. For example, it is possible to extract the firmware from an STM32F1 chip using a pure software attack (ok this is not entirely true as an access to the SWD port is needed). This is this chip which is used in the Nitrokey Start key from Nitrokey.

While using a secure element is not a "cure-all", using non-secure and non-certified chips for secure application is almost always a bad idea as you relies on a "untrusted" (not certified) chip executing an "untrusted" (not certified) code. Here openess is not really a huge advantage as there is very few people around the world which have the required skills needed to perform a valuable security assessment of a security token.

So how a security token can be built using a secure element and still be open source? SE050 security chip from NXP is a preprogrammed secure element embedding a really versatile security applet. All documentation is freely accessible on NXP's website (some documentation requires an account to be accessible) and therefore no NDA is required. The YAST key embeds both a LPC55Sxx chip and the SE050 SE. LPC55Sxx chip can be binded to its SE050 companion using its embedded PUF (Physical Unclonable Function). The resulting hardware comes with both the flexibility and the power of the LPC55 chip and the security of the SE050 secure element which has been certified at level EAL6+ (Hardware and OS) according to the Common Criterias.

For which application the YAST token can be used?

YAST token is made of a LPC55Sxx MCU connected to a SE050 coprocessor which acts as a secure cryptographic library. SE050 is designed to prevent both leakage of cryptographic keys and their usage by unauthorized users. In consequence, YAST token is suited for applications which extensively use cryptographic primitives. However, others processing taking place on LPC55 side do not benefit from SE050 high security level. So before using YAST token for a given application, you should be sure that the following hypothesis are verified:

  • LPC55Sxx does not implements any security functions and it is only used as an interface between SE050 chip and the host PC.
  • Or, LPC55Sxx implements some security functions but they can only be used if the user is properly authenticated by the SE050 AND the legitimate user is not willing to attack his own token.

Concretely, the YAST token can be used to implement application like OpenPGP card (demo application available), FIDO2 protocol (but YAST token does not have any led) or HSM-like application.

SE050 has some limitations which can be circumvented:

  • PIN object cannot be atomically updated. You have to first delete then
    create a new PIN object. If a power loss occurs between PIN...
Read more »

  • RNG firmware available and future works on FIDO2

    Michael Grand03/12/2021 at 21:23 0 comments

    The RNG firmware is now available on Github. This firmware generate a continuous stream of random bytes through a VCOM port. Three modes of operation are available:

    Mode of operation
    Throughput (B/s)

    This is a demo firmware and, for a given security strength, throughput can certainly be improved. 

    I'm going to start to work on a Fido2 demo application. I will let you know when I will have made substantial progress. I also plan to work on a open source contactless Java Card implementation of the FIDO2 standard. I have ordered an ACOSJ dual interface smart card as development platform.

  • YAST now available on tindie

    Michael Grand03/02/2021 at 09:18 0 comments

    YAST is now for sale on Tindie.

    In parallel, I'm working on an RNG firmware which would provide a continuous random number stream through a virtual com interface. Expected throughput goes from 15kB/s using directly the RNG feature of the SE050 up to 210kB/s when a DRBG is executed on the LPC55 and seeded by the SE050.

  • OpenPGP card firmware available for download

    Michael Grand02/20/2021 at 19:10 0 comments

    The Open PGP card firmware for YAST token is available on github. This firmware implements the OpenPGP Card standard version 3.4.The following features are available:

    • RSA 2048 keys (up to 4096 by modifying
    • 6-digit PW1 password, 8-digit PW3 and RC passwords
    • Get challenge (up to 3070 bytes per call)
    • Factory reset
    • Key on-chip generation and key import trough GPG application.

    The token hardware and firmware are specifically designed to prevent the usage of the keys without the consent of the user. Keys stored onto the token cannot be extracted by any means.

    YAST token will be on sale on Tindie soon. By the way, this firmware can be ported on LPC55S28 dev. kit (see. repo If your are interested by separately evaluating the SE050 secure element using a Raspberry PI, a breakout board is already on sale on Tindie.

View all 3 project logs

Enjoy this project?



Ken Yap wrote 02/20/2021 at 02:19 point

Isn't the project name a pleonasm? 😉

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates