HSM/Security Key for signing/key storage

AtmosphericIgnition

Hello,

starting next year, I will be required to sign some documents digitally using a signing certificate. I'm beginning to look around for a security key/HSM to store the keys on, as well as my SSH credentials.
I currently have an older Yubikey 5 series, but from what I've heard, it's impossible to update the firmware on it, which seems like a massive security issue.
Reading the product listings of some other security key manufacturers, my BS detector is keeps going off the charts.
Does anyone here have some general advice on what I should be looking for, or avoiding when buying a security key/HSM?

Thank you.

de0u

AtmosphericIgnition I currently have an older Yubikey 5 series, but from what I've heard, it's impossible to update the firmware on it, which seems like a massive security issue.

This cuts both ways. Yubico's position is that if there is no way at all to update the firmware then there is no way at all for a hostile party who has physical possession of your key to maliciously update the firmware. Obviously providers of other keys differ.

I suspect that part of Yubico's thinking is that when a problem does arise with their firmware it is not all that expensive for people to get a new device... especially not compared to the time cost of doing a firmware upgrade. I suspect that some of their customers would prefer that model (which includes being 100% certain at any moment which firmware version each employee's YubiKey is running) to a model that includes the risk of malicious firmware updates.

In general, higher levels of security include higher costs. Yubico's policy here seems consistent with that. Personally I would not call it a "massive security issue".

Please note that I am not affiliated with Yubico (or any other hardware keystore maker).

DeletedUser728

AtmosphericIgnition which seems like a massive security issue

While building up fear promoted by competitors, you may want to read the real case re their pre 5.7fw to estimate how bad was it in reality.
Also, estimate the wild area of risks for "bad hackers" flashing your key with malicious fw that otherwise is not possible on Yubikey.
Its now around $50 to buy new, selling the old one for $25.

schweizer

AtmosphericIgnition would think that the risk of a bad actor flashing my key with bad firmware could be effectively prevented by only allowing loading of firmware signed by the manufacturer's keys.

This is naive! Those HSM manufacturers are relatively small companies. I.e. Nitrokey GmbH has a capital stock of 25000€. Companies can be sold any time. The buyer gets the power of updating the keys if they are updateable.

AtmosphericIgnition Does anyone here have some general advice on what I should be looking for, or avoiding when buying a security key/HSM?

Think about the format first. Do you prefer a key with USB or a smartcard? Contact based keys (they can be cards as well) are in risk of you forgetting them plugged into the device. Flat cards fit better in your mobile cover or purse. You can even put them in a finger ring.

Then, think about the security level. The strongest standard is cc eal6. But that applies only if your whole process is certified. FIDO2 Level 1 devices on the other hand do not have certified hardware at all, they are designed for over the internet attacks only.

Finger rings are inherently safer because you wear them all the time. Not easy for an attacker to tamper them while you are asleep or showering.

That said I think the perfect solution does not yet exist.

AtmosphericIgnition

Thank you for the replies. I would think that the risk of a bad actor flashing my key with bad firmware could be effectively prevented by only allowing loading of firmware signed by the manufacturer's keys.

The more pressing issue to me is that I have no idea if the firmware on my key has any security issues, and I don't exactly want to run out to buy a new key every 1-2 years.

DeletedUser728

AtmosphericIgnition the only effective (100%) prevention is the lack of flashing mechanism as a whole. Stolen keys etc...

de0u

AtmosphericIgnition I would think that the risk of a bad actor flashing my key with bad firmware could be effectively prevented by only allowing loading of firmware signed by the manufacturer's keys.

True! Assuming the firmware-upgrade code doesn't contain a vulnerability.

AtmosphericIgnition The more pressing issue to me is that I have no idea if the firmware on my key has any security issues, and I don't exactly want to run out to buy a new key every 1-2 years.

This is a tradeoff... What's the probability of needing to buy a new key before it physically fails, times the cost of a new key? What's the probability of a vulnerability in the firmware-update path versus the value of the secrets?

Maybe current devices will need to be replaced soon anyway due to the quantum apocalypse? Maybe the ones with upgradeable firmware still won't be able to handle giant keys?

Overall I don't see a clear case for upgradeable firmware being clearly better or clearly worse.

AtmosphericIgnition

DeletedUser728 Yeah, but to me, the risk of a firmware bug seems to be much greater than that of a company's signing keys being stolen. The ratio of security bugs to stolen signing key incidents is historically heavily, heavily skewed towards the security bugs side.

TrustExecutor

@GrapheneOS discussed HSM's and Yubico recently. They also hinted they maybe in the future will release functionality within GrapheneOS to use the Titan M2 as a HSM for code signing.

Chipper

AtmosphericIgnition so we are speculating on remote exploitation of a hardware key (only ever present briefly for signing) via a firmware exploit, vs a regular user initiated firmware check/upgrade... Seems more likely to be exploited in a user initiated action to me then a notoriously complicated to engineer remote exploit.

Johnnyloans

AtmosphericIgnition

Maybe a nitrokey will suit you. It is open source, updateable, designed & manufactured in Germany.

https://www.nitrokey.com/products/nitrokeys

AtmosphericIgnition

Chipper I'm not really afraid of an RCE on the HSM/security key. I'm more worried about physically loosing my key, and someone potentially being able to exploit it then.

This post from the GrapheneOS team talks about some of the issues with Yubico's approach.

Chipper

AtmosphericIgnition could you mitigate this risk by purchasing 2 keys 1 as a backup stored in a safe place, then if 1 is taken you retrieve the second and change keys.

The-Man

Johnnyloans

I bought two Nitrokey 3a minis one failed the day I received them in the post, the second failed within 24 hours of the first.
Both became unresponsive, red LED flashing, both had secrets and passwords on them so they could not be returned to Nitrokey. I destroyed them both.
Fair play to Nitrokey I was refunded without question.

The standard size Nitrokeys are flimsy and I could open them up with my fingernails, revealing the circuit board inside.
I use Yubikey, yes they cant be updated, just like EOL pixels, but are unable to be opened without destroying them, I tried.

Johnnyloans

The-Man thanks, that's good to know