Google open sources tools to create security keys

by | Feb 3, 2020

Companies and users are increasingly aware of the need to be extremely cautious when surfing the Internet and to properly protect their connected devices. The FIDO security keys are a way to provide extra protection against practices such as phishing. These are physical devices with an appearance similar to USB that users can connect to their terminals and are responsible for carrying out the double factor authentication (2FA).

With the aim of improving this technology and accelerating its adoption, Google has launched OpenSK, an Open Source project so that any organization or developer can create their own security keys compatible with FIDO U2F and FIDO2.

At the moment, OpenSK firmware can only be used in the Nordic chip. As Google explains in its security blog, Nordic has been chosen as initial reference hardware because “it is compatible with all major transport protocols mentioned by FIDO2: NFC, Bluetooth Low Energy, USB and a core of dedicated hardware encryption.”

In addition to the technology itself, Google also facilitates the model of a fully customizable 3D printable case to easily protect and transport the security key.

OpenSK is developed in Rust language and runs in TockOS which, according to Google, “makes the code less vulnerable to logical attacks, as it provides better isolation and cleaner OS abstractions in support of security.” The company says in its blog that they hope that over time this project “will provide innovative features, stronger embedded crypto, and encourage widespread adoption of trusted phishing-resistant tokens and a passwordless web.”

For now, this initial version of OpenSK is considered an experimental research project. For more information you can check Google security blog and this video about OpenSK. The source code is available in this GitHub repository.

SHARE

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Recent posts

VDI: The most secure environment for hybrid working

Today is Data Privacy Day. The purpose of this date is to raise awareness and promote privacy and data protection best practices. It was initiated by the European Commission, the Council of Europe, and the Data Protection authorities of the European Union’s member states. Their main goal was to drive attention to the importance of privacy, user data protection, and compliance of the General Data Protection Regulation (RGPD). It is a regulation characterized by significant fines for non-compliance since its implementation in 2018.

How to avoid issues with virtual machines

Virtualization comes with a wide range of benefits for organizations. It helps cut IT costs and reduces downtime while increasing efficiency and productivity. It also increases the resiliency of networks, primarily when disasters occur, and promotes more green-friendly operations.

However, using virtual machines also comes with a set of downsides. Information security may get compromised, workloads mixed up, separation duties lost, among other issues. It is vital to know how you can get over these problems, and that’s what this article will discuss.

Let’s get started.

Archives


Stay up to date with all the news from UDS ENTERPRISE through our social networks. Follow us!

Skip to content