• Vincent Lyles

Google's Titan Security Key vulnerable to side channel attack

Victor Lomné & Thomas Roche of NinjaLab in France have successfully mounted an EMF side channel attack on a Google Titan Security Key.

You can read about their work in a piece by Catalan Cimpanu in ZD Net or find the full paper from Ninjalab here .

I'm mindful of the copyright in the images with the ZD Net piece but they give a good indication of what happened to the test Titan key.

6,000 traces and the full ECDSA encryption key was found. Both papers make reference to a counter at the server side keeping track of traffic, that will mean any clone will be detected [because the counter key is at variance]. Surely, this misses the point of having the key? A bad actor in possession of the key can decrypt ALL the traffic, find out the last count value and then step in with a higher count value to mount the server end attack. The count value only needs to be higher than the last one used [See Practical Cryptography by Niels Ferguson and Bruce Schneier].

Of course, pugging ECDSA on the Titan key, which could be done as an update, would make everything substantially more secure.

11 views0 comments

Recent Posts

See All

We have received the International Search Report and are very happy with its contents. Only two citations; one is our old favourite Herbst et al’s 2006 paper “An AES Smart Card Implementation Resistan