Getting Started with YubiHSM 2
YubiHSM 2 is a Hardware Security Module (HSM) device manufactured by Yubico for cryptographic key management and cryptographic operations. It provides a high level of protection for sensitive data like cryptographic keys, digital certificates, passwords, and code signing operations. It is Yubico’s latest hardware security module focused on cryptographic key protection and management. It was launched in 2019 as the successor to the original YubiHSM device.
Key Features of YubiHSM 2
- FIPS 140-2 Level 3 certified secure hardware platform.
- Tamper-resistant metal enclosure with physical security protections.
- Secure element hardware chip for cryptographic operations.
- True random number generation for key material.
- Extensive cryptographic algorithm support, including RSA, ECC, AES, etc.
- Strong access controls using YubiKeys for authentication.
- Administrative smart card for configuration and management.
- SOAP and YubiHSM native APIs for integration.
- USB, Ethernet, and Wi-Fi network connectivity.
- High availability and disaster recovery options.
- Secure backups to encrypted USB drives.
YubiHSM 2 is designed to meet the highest security standards for cryptographic key protection. Its FIPS 140-2 Level 3 certification means it meets stringent requirements for physical security mechanisms, identity-based authentication, encrypted data storage, tamper detection/prevention, and secure key management protocols.
The tamper-resistant enclosure uses advanced protections, including a sealed metal chassis, encrypted memory, and active sensors to detect and respond to physical access attempts. Cryptographic operations occur in the secure hardware element chip, which keeps keys isolated from potential software-based attacks.
YubiHSM 2 provides extensive cryptographic capabilities, including asymmetric algorithms (RSA, DSA, ECDSA), symmetric ciphers (AES), hashing (SHA-2), MAC functions (HMAC), and key derivation (HKDF). These allow it to support digital signing, encryption/decryption, secret storage, and other cryptographic use cases.
What are the Use Cases and Applications of YubiHSM 2
Code Signing
Code signing keys can be securely generated and stored in YubiHSM 2 for authenticating software and firmware. The private keys never leave the HSM, while the signing function occurs inside the hardened device.
Document Signing
Sensitive documents can be digitally signed using private keys stored in the YubiHSM2, preventing key compromise. The device provides tamper-resistant storage for long-term document and data verification.
Certificate Authority
For Certificate Authorities (CAs), YubiHSM-2 provides robust protection for root keys and signing keys. It enables secure certificate issuance without exposing the CA’s most sensitive private keys.
TLS/SSL Encryption
Web servers and applications can integrate or configure with YubiHSM 2 to protect TLS/SSL private keys for establishing encrypted sessions. Keys are stored securely and used for cryptographic operations inside the tamper-resistant hardware.
Authentication Systems
YubiHSM 2 can secure the cryptographic keys used for authentication systems based on technologies like FIDO U2F. The keys remain protected from compromise even if an authentication server is breached.
Blockchain Applications
Cryptocurrency exchanges, mining pools, and wallet providers can leverage YubiHSM 2 to safeguard private keys for blockchain platforms like Bitcoin, Ethereum, Monero, etc. Keys are isolated in secure hardware instead of being left in software wallets.
Database Encryption
Database encryption keys can be securely generated, stored, and managed within YubiHSM 2. This prevents unauthorized access to protected data, even by privileged insiders.
Payment Processing
For payment networks and transaction processing, YubiHSM 2 offers robust protection for the encryption and signing keys used to secure payment data.
YubiHSM 2 Security Architecture
Physical Security
The tamper-resistant enclosure uses advanced manufacturing techniques that are designed to prevent or detect physical intrusion. The metal chassis surrounds the electronics to block access. Any attempts to physically penetrate the module will trigger an immediate cryptographic erasure of all key material.
Access Controls
Role-based access policies enforced by the YubiHSM 2 firmware ensure that only authorized users can perform sensitive management operations. Authentication requires either a YubiKey one-time password or an admin smart card. The source IP address can restrict API access.
Secure Boot
Upon startup, YubiHSM 2 performs a secure boot process to verify the integrity of the firmware before loading it. This prevents boot-time attacks, including firmware modifications.
Cryptographic Acceleration
Cryptographic operations occur within the secure hardware chip, isolating key material and algorithm implementations from potential software threats. The chip provides tamper resistance along with randomized memory address layouts to prevent data leakage.
Key Protection of YubiHSM 2
Keys are securely generated using high-quality entropy sources, stored in encrypted form within protected memory, and wiped after use. The YubiHSM 2 only allows encrypted backups of key material to authorized USB drives.
Auditing
Detailed audit logs provide accountability by recording all management operations and security events. Logs can be sent to a central syslog server for monitoring and alerting.
High Availability
YubiHSM 2 devices can be deployed in high-availability configurations for mission-critical environments. Multiple modules provide redundancy and failover to prevent service disruption in the event of a device failure.
YubiHSM 2 Configuration and Management
Administrative Smart Card
An encrypted smart card authenticates administrators to the YubiHSM-2 for management functions. It protects against compromised user credentials and is required for configuration, backups, upgrades, etc.
YubiKeys for User Authentication
Individual user roles and access policies are enforced using YubiKeys for multi-factor authentication. Users must provide a valid one-time password from the YubiKey to be granted access to the YubiHSM 2.
Administrative Interface
The YubiHSM2 is configured over a secure administrative interface accessible using SSH and SSL, or from the local console. All management communications are encrypted.
Remote Administration
Devices can be remotely administered over a network connection for convenience, monitoring, and recovery. Access is restricted to specific source IP addresses if desired.
Secure Backups
Encrypted backups can be created on authorized USB drives to protect against device failure or disasters. Backups require the admin smart card and a separate unlock password.
Logging and Monitoring
Detailed event logs provide audit trails of all administrative actions, security events, and errors. Logs can be sent to a syslog server and monitoring systems to detect potential issues.
Firmware Updates
Firmware is securely loaded only after successful signature verification by the YubiHSM 2 bootloader. Updates enhance capabilities and security robustness.
High Availability
Multiple YubiHSM 2 devices can provide synchronized redundancy in a high-availability configuration with automatic failover, eliminating single points of failure.
Access Policies
Configurable access policies control which identities, applications, and cryptographic keys/operations are authorized. This prevents misuse of keys by unauthorized parties or software.
Integration Support
YubiHSM 2 supports integration with a wide range of client platforms, including Linux, Windows, macOS, and leading cloud environments. Cryptographic integrations are available for popular languages and frameworks like Java, .NET, Python, and NodeJS.
The device offers SDKs, demo clients, and documentation to accelerate development. API access options include the native YubiHSM protocol, industry standard PKCS#11, and a SOAP-based web service.
Hardware Specifications of YubiHSM 2
Connectivity
- USB-C, Ethernet, and Wi-Fi connectivity built-in
- Dual USB-C ports for failover or simultaneous connections
- 10/100/1000 Mbps auto-sensing Ethernet
- 11a/b/g/n/ac Wi-Fi
Cryptographic Accelerator
- Hardware cryptographic engine capable of over 1000 RSA 1024-bit signatures per second
- True random number generator with seed entropy sources
- Secure memory and processing isolation
Form Factors
- Portable USB form factor – 105x105x28mm size
- Rackmount form factor with tamper-evident chassis (1U and 2U sizes)
High Availability
- Redundant devices for no single point of failure
- Automatic synchronization and failover
- Load balancing across devices
Certifications
- FIPS 140-2 Level 3 validation
- Common Criteria / ISO 15408 validation
- FCC, CE marking, UL listed
Conclusion
YubiHSM 2 offers a highly secure, tamper-resistant hardware platform for managing sensitive cryptographic keys and data. Its extensive certifications, advanced physical protections, access controls, integrated cryptographic capabilities, and administrative features provide robust mechanisms for securing critical applications and infrastructure. For organizations that require the highest level of HSM security, YubiHSM 2 represents an enterprise-ready solution.
Frequently Asked Questions
What are the main differences between YubiHSM2 and the original YubiHSM?
YubiHSM 2 is a complete hardware and software redesign with significantly improved security and capabilities. Major changes include a faster cryptographic engine, larger storage, new form factors, Wi-Fi/Ethernet network connectivity, high availability configurations, and more extensive access controls.
What cryptographic algorithms and protocols does YubiHSM-2 support?
It supports a wide range of encryption schemes, including AES, RSA, ECDSA, EdDSA, HMAC, SHA-2, HKDF, PBKDF2, TLS, MACsec, OATH OTP, FIDO U2F, and various others. Custom algorithms can also be implemented.
Can keys be extracted or exported from the YubiHSM 2?
No, there is no function to export plaintext private/secret keys, as this would defeat the purpose of secure hardware protection. Only encrypted backups are permitted with proper authorization.
How are YubiHSM2 backups secured?
Backups allow only encrypted key export using authentication with the admin smart card and an additional strong unlock password. Backups can only be restored to other YubiHSM devices.
Does YubiHSM 2 have tamper detection and response features?
Yes, the hardware is designed to Zeroize all key material if physical tampering or penetration is detected. Any compromise attempt will destroy keys instead of exposing them.
Can YubiHSM-2 be used with public cloud environments?
Yes, it can be integrated with public clouds via the network connectivity options. Some cloud vendors also offer HSM integration services for using on-premises hardware.
What is the typical latency for cryptographic operations?
Given the hardware acceleration, latency is usually less than 10 milliseconds. In high-availability configurations, failover is under 2 seconds.
What level of physical security is provided?
YubiHSM 2 achieves FIPS 140-2 Level 3, which requires robust mechanisms against physical attacks. Features include acid gas detection, wire mesh shielding, tamper seals/switches, and more.
How are firmware and software on YubiHSM 2 verified for authenticity?
Firmware updates require cryptographic signature verification by the YubiHSM2 bootloader before being loaded. This prevents unauthorized modification or tampering with the firmware.
Priya Mervana
Verified Web Security Experts
Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.
