SECURITY
SECURITY
SECURITY
Google LLC has released a new open-source multifactor authentication security key platform that allows both hobbyists and hardware vendors to build their own security keys.
Called OpenSK, the project has been released on GitHub and contains Rust-based firmware that can be installed on Nordic chip dongles. Rust is a system programming language focused on safety while Nordic chip dongles are dongles, a small piece of computer hardware that connects to another device, designed in this case by Nordic Semiconductor ASA.
OpenSK supports FIDO U2F and FIDO2 standards, both authentication standards from the FIDO Alliance that facilitate authentication.
“By opening up OpenSK as a research platform, our hope is that it will be used by researchers, security key manufacturers, and enthusiasts to help develop innovative features and accelerate security key adoption,” Elie Bursztein, Google security and anti-abuse research lead, and Google software engineer Jean-Michel Picod explained in a blog post.
The early release of OpenSK is said to allow those using the code to make their own developer keys by flashing the firmware onto a Nordic chip dongle. Nordic was picked as the initial reference hardware because it supports FIDO2 protocols, including NFC, Bluetooth Low Energy, USB and a dedicated hardware crypto core. Google is hoping to expand OpenSK to other types of chips in the future.
OpenSK runs on TockOS, the Tock embedded operating system. TockOS was picked thanks to its sandboxed architecture that allows isolation between the security key applet, the drivers and kernel required to build “defense-in-depth.”
In addition, Google has published stereolithography source code files that allow users to 3D print a physical case in which they can place a Nordic chip dongle. Stereolithography is a form of 3D printing technology used for creating models, prototypes, patterns and production parts in a layer-by-layer fashion.
The decision to provide OpenSK as an open-source project may prove to be a welcome one. Barely a day goes by without yet more news of security breaches. Authentication keys play a role in securing data, so Google offering a new platform on which developers can create security keys may help.
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.