Sign In

Communications of the ACM

ACM TechNews

Side-Channel Attack Can Recover Encryption Keys From Google Titan Security Keys


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Hardware security keys.

Researchers at French security company NinjaLab found a vulnerability impacting chips used in some types of hardware security keys.

Credit: NinjaLab

Two researchers at French security company NinjaLab found a vulnerability impacting chips used in Google Titan and YubiKey hardware security keys.

The flaw enables malefactors to recover the primary encryption key used by the hardware security keys to generate cryptographic tokens for two-factor authentication (2FA) operations.

The researchers said the Elliptic Curve Digital Signature Algorithm private key would let hackers clone Titan, YubiKey, and others to circumvent 2FA protocols, although attack severity is not as high as implied due to various factors, like the Google Titan key's tough plastic casing.

However, the NinjaLab researchers said a side-channel attack becomes possible once hackers have access to the key's chip, based on analysis of the chip's electromagnetic emissions while processing cryptographic operations.

The researchers added that key recovery typically takes hours, and requires expensive equipment and custom software.

From ZDNet
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found