Google LLC has released a new open-source multifactor authentication security key platform that allows both hobbyists and hardware vendors to build their own security keys.

Called OpenSK, the project has been released on GitHub and contains Rust-based firmware that can be installed on Nordic chip dongles. Rust is a system programming language focused on safety while Nordic chip dongles are dongles, a small piece of computer hardware that connects to another device, designed in this case by Nordic Semiconductor ASA.

OpenSK supports FIDO U2F and FIDO2 standards, both authentication standards from the FIDO Alliance that facilitate authentication.

“By opening up OpenSK as a research platform, our hope is that it will be used by researchers, security key manufacturers, and enthusiasts to help develop innovative features and accelerate security key adoption,” Elie Bursztein, Google security and anti-abuse research lead, and Google software engineer Jean-Michel Picod explained in a blog post.

The early release of OpenSK is said to allow those using the code to make their own developer keys by flashing the firmware onto a Nordic chip dongle. Nordic was picked as the initial reference hardware because it supports FIDO2 protocols, including NFC, Bluetooth Low Energy, USB and a dedicated hardware crypto core. Google is hoping to expand OpenSK to other types of chips in the future.

OpenSK runs on TockOS, the Tock embedded operating system. TockOS was picked thanks to its sandboxed architecture that allows isolation between the security key applet, the drivers and kernel required to build “defense-in-depth.”

In addition, Google has published stereolithography source code files that allow users to 3D print a physical case in which they can place a Nordic chip dongle. Stereolithography is a form of 3D printing technology used for creating models, prototypes, patterns and production parts in a layer-by-layer fashion.

The decision to provide OpenSK as an open-source project may prove to be a welcome one. Barely a day goes by without yet more news of security breaches. Authentication keys play a role in securing data, so Google offering a new platform on which developers can create security keys may help.

Image: Google