Describes security implications of sharing YubiKeys between two domains

Overview

Within a domain, a user can use their AuthLite keys easily across any system, because the authentication is performed by Active Directory. But between two domains, even if you have the same "username and password" on each system, using the same AuthLite key requires extra effort.

There are two main concepts to understand before proceeding:

1. AuthLite cannot automatically send authentication data between two domains, the way it can within a single domain between domain controllers. This means in order to share one key, you will have to manually copy that key's record to each domain.
2. By default, whenever you program a YubiKey, the old program on that key (if any) in ERASED. Therefore when you set up the same key across several domains or systems, you must be careful to only program the key ONCE. Then, follow the special procedure described below on each additional domain.

Security Considerations

Part of the security of AuthLite is provided by the one-time nature of the YubiKey. Pressing a key generates a one-time password (OTP) and that value need not be held secret because use of the same value in the future would be rejected by the system as a replay. However, when you share one key across several independent authorities as we will show here, the security of the system is weakened in the following manner.

Consider DomainA and DomainB which both honor the same AuthLite key. If you log on to DomainA with an OTP and your password, then DomainA will know this OTP value should be considered a replay in the future. However DomainB has no knowledge that this value was used on DomainA. Therefore, an eavesdropper on your logon session to DomainA could take this OTP value and use it on DomainB without being rejected. If your plain text passwords are ALSO the same on each domain, then the attacker now has sufficient information to completely impersonate you on DomainB.

This issue can be partially mitigated by making sure you use different plain text passwords on each domain. But even with this precaution, the total security of the system is lower when the same key is shared across several authorities in this fashion. (It's still far more secure than using a password alone however).

A better solution for this scenario is to use a time-based OATH token, since there is no counter value that needs to be communicated between the domains.