Search
  • Vincent Lyles

Google's Titan Security Key vulnerable to side channel attack

Victor Lomné & Thomas Roche of NinjaLab in France have successfully mounted an EMF side channel attack on a Google Titan Security Key.

You can read about their work in a piece by Catalan Cimpanu in ZD Net https://www.zdnet.com/article/new-side-channel-attack-can-recover-encryption-keys-from-google-titan-security-keys/ or find the full paper from Ninjalab here https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf .

I'm mindful of the copyright in the images with the ZD Net piece but they give a good indication of what happened to the test Titan key.

6,000 traces and the full ECDSA encryption key was found. Both papers make reference to a counter at the server side keeping track of traffic, that will mean any clone will be detected [because the counter key is at variance]. Surely, this misses the point of having the key? A bad actor in possession of the key can decrypt ALL the traffic, find out the last count value and then step in with a higher count value to mount the server end attack. The count value only needs to be higher than the last one used [See Practical Cryptography by Niels Ferguson and Bruce Schneier].

Of course, pugging ECDSA on the Titan key, which could be done as an update, would make everything substantially more secure.



0 views0 comments

Recent Posts

See All

No safety in hardware from Side Channel Attacks

In 2017 Ronan Lashermes' team published a paper entitled "How TrustZone could be bypassed: Side-Channel Attacks on a modern System-on-Chip". In it they carefully describe their work and point out that

 

+44 7595 253657

Heritage House
Osbaldwick
York YO19 5UW
United Kingdom

  • LinkedIn
  • Twitter

©2020 by Pugged Code Limited. Thwarting Side Channel Attacks