Hacker News new | ask | show | jobs
by nickpsecurity 3689 days ago
I've studied high-assurance security and hardware for a long time. This looks to be motivated by a few things:

1. Hardware cost money to develop, has to make it back, and is easy to clone. They'll keep hardware secret by default for this reason like everyone does. Also lowers odds of patent suits. All kinds of people demand open, secure hardware but almost nobody will buy it. Just like software. Number 1 problem in the INFOSEC industry.

2. There's three companies IIRC building the kinds of secure IC's they need. They NDA the stuff critical to understanding it. Plus, the implementations are secret with tamper-resistance mechanisms. Pointless relying on open-source model to understand or evaluate such a thing. Some marginal benefits but major risks would still be there. Whereas, open-sourcing the stuff adds risk in terms of issues with the suppliers. So, no OSS is an acceptable choice here.

3. Restricting some of the firmware/software is a tradeoff of the protection methods they're using. Again, reduces value in open-sourcing it as you'd have to dump it off the chip to verify it anyway. The kind of people that can do that don't need Yubico's help.

4. Yubico might not know how to build secure HW/SW combos. It's a rare skill whose techniques are a mix of published and trade secrets. Plus, attackers are always coming up with new stuff. So, obfuscation... not security by obscurity... but obfuscation of aspects of design to increase work of attackers between product releases is both justified and a proven method. If no other measures exist, then it would be the garbage known as security by obscurity. This seems to be better practice of proven mechanisms plus obfuscation which can hamper even nation-state hackers. Who knows how good their mechanism are going to be but there's potential.

So, it seems like a combination of sustaining their business by stopping clones and lawsuits with improved branding from effects of obfuscation & hardened IC's on low-skilled attacks that dominate the press. Two, very-good reasons to make a decision in this market. It's just economics in action. :)
1 comments
uola 3689 days ago
1. The hardware design per se isn't that valuable. It's quite easy to reverse engineer and is probably more like a reference design that anything. More likely NXP (?) don't want open designs and open software because it makes it easier to reverse engineer and clone the chips themselves. For YubiKey themselves it's mainly the firmware that is valuable (well, design and access to chips to of course) which is why part of their firmware isn't open source.
link
nickpsecurity 3689 days ago
"The hardware design per se isn't that valuable"

People that spend considerable effort turning a good idea into hardware that sells tell me otherwise. ;)

"because it makes it easier to reverse engineer and clone the chips themselves."

You first said it's easy to reverse engineer and not valuable. Then, said they want closed designs to reduce reverse engineering and cloning. Which is it?

"For YubiKey themselves it's mainly the firmware"

That may be true. I can't speak to that.

link
uola 3689 days ago
"People that spend considerable effort turning a good idea into hardware that sells tell me otherwise. ;)"

The execution and the overall ecosystem of course matters. But the hardware design, how the chips are connected, isn't really a secret as such and is easy to reverse engineer and recreate. It's just not very complex.

http://www.hexview.com/~scl/neo/

"Which is it?"

The hardware design is easy to clone, the chips themselves aren't necessarily. Chips have a very low marginal cost and a functionally identical clone could easily be sold for 1/100th the cost in volume, since all the cost is R&D. Companies therefor try to protect their IP as much as possible by making reverse engineering harder and by "owning the ecosystem". There's been cases where clones have been made by emulating chips on much more capable (but cheaper) hardware and sold for 1/10th the price.

link
nickpsecurity 3688 days ago
"But the hardware design, how the chips are connected, isn't really a secret as such and is easy to reverse engineer and recreate. It's just not very complex."

Hardware design is a combo of how the chips are connected, the firmware, and getting it to users. Your link supports my assertion that they should put in whatever obstacles they can.

"Companies therefor try to protect their IP as much as possible by making reverse engineering harder and by "owning the ecosystem"."

Point 1 in my original comment.

link