Authenticator made from Arduino look-alike ... opinions?

I want to get your opinions on something I have been working on for the last few days.

This is basically an Arduino-compatible “LeoStick” with a couple of switches soldered onto it.

The intention was to produce something that works similarly to a YubiKey.

These are small devices (about the same size as a USB stick) which plugs into your USB port. When you need to authenticate yourself to a supporting web site you press the capacitive button and it spits out a one-time password (by emulating a keyboard).

Example:

vvccbdefghijdhiugvebctchbigbulutujgbkuifccdc
vvccbdefghijlvgdjigefvjtitibchhturcjkjgtfvfi
vvccbdefghijlitdvcundhfriegcnnglhtegidjtnllj

The first 12 characters are fixed (this is your “public” ID) and the rest are an AES-encrypted 128-bit block. The funny letters are because of a scheme for encoding that lets it be used on keyboards around the world without change (the USB keyboard interface sends scan codes, not ASCII codes). Think of it as hex with a one-to-one mapping between each letter and the characters 0-9 and A-F. For example, 0x0 is “c” and 0xF is “v”, and the other digits fall in-between.

The security lies in the fact that most of it is encrypted (the server works out which decryption key to use based on the public part). Also the message includes a counter which increments every time it is pressed, so the server knows to never accept the same counter twice (or indeed, any counter lower than or equal to the last valid one).

In my implementation the AES key, plus the private and public identifiers which comprise the protocol, are stored in EEPROM of the Atmega32U4. The counter is also stored in EEPROM, so the device can remember what counter it used last, without needing any sort of battery or clock.

One button causes a one-time password to be output to the keyboard, the other button enters configuration mode via a USB port where you can type in the keys, user ID, etc.

There is a tri-colour LED which can be used to indicate statuses, etc.

This all works pretty well, and I am very happy to document how it was done (basically, that just involves posting the source).


Now to the question …

I am a bit concerned about the legality of this after reading the Yubico had applied for patents on their device. It sounds like they are selling thousands of these gadgets (they are about $US 25 each), so they might want to protect their business interests.

However:

  • The source is publicly provided as open source (see COPYING.txt attached)
  • The source and specifications are all made publicly available via GitHub and their web site
  • I have not attempted to reverse engineer the actual hardware, in fact I don’t possess one, nor have I ever seen one (apart from pictures of it)
  • The LeoStick (which sells for $US 29.95) is actually more expensive than the YubiKey, so you would hardly buy them to save money
  • Even if you did make one out of a LeoStick it wouldn’t be as nicely packaged
  • It seems to me that Yubico is doing a lot of business providing validation web servers, programming stations, etc., and if I published the source to my version this would not threaten any of that

I just thought it would be an interesting exercise to show how they work, and if you were really keen, you could make one up yourself (eg. by using a Leonardo, or a Arduino Micro).

In my case I was thinking of adding an extra level of authentication to my own forum (principally for me) so that if I happen to be on holidays somewhere, I don’t have to worry about keyloggers capturing my forum password.

What do you think? Should it be safe to publish the source? It is after all, my own work, but calling functions in their open-source library in places.

COPYING.txt (1.29 KB)

[quote author=Nick Gammon link=topic=205339.msg1511198#msg1511198 date=1387339816]I am a bit concerned about the legality of this after reading the Yubico had applied for patents on their device.[/quote]

In the U.S., patents are free from restrictions for personal use. It is when you try to sell the device you get into trouble.

Also the message includes a counter which increments every time it is pressed, so the server knows to never accept the same counter twice (or indeed, any counter lower than or equal to the last valid one).

Does the server look ahead a few keys?

What do you think? Should it be safe to publish the source?

I can't think of any reason why not. (at least here in the U.S.)

Perhaps you should just ask Stina?

[quote author=Coding Badly link=topic=205339.msg1511343#msg1511343 date=1387356268] Does the server look ahead a few keys? [/quote]

No, it's just that if you get message 20, then the server should only accept 21 onwards.

In essence the message is:

  • Private user id (for validation)
  • Message count (incremented each time)
  • Some random number for added entropy
  • A CRC check

So, once decrypted, if the CRC check is valid, and the private client number agrees with what you expect from the public client number, and the message number is > than any previous message number, it should be valid.

It's the server's job to store the last used message number. It also needs to know the encryption/decryption key for that particular user.