Search
  • Vincent Lyles

Google's Titan Security Key vulnerable to side channel attack

Victor Lomné & Thomas Roche of NinjaLab in France have successfully mounted an EMF side channel attack on a Google Titan Security Key.

You can read about their work in a piece by Catalan Cimpanu in ZD Net https://www.zdnet.com/article/new-side-channel-attack-can-recover-encryption-keys-from-google-titan-security-keys/ or find the full paper from Ninjalab here https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf .

I'm mindful of the copyright in the images with the ZD Net piece but they give a good indication of what happened to the test Titan key.

6,000 traces and the full ECDSA encryption key was found. Both papers make reference to a counter at the server side keeping track of traffic, that will mean any clone will be detected [because the counter key is at variance]. Surely, this misses the point of having the key? A bad actor in possession of the key can decrypt ALL the traffic, find out the last count value and then step in with a higher count value to mount the server end attack. The count value only needs to be higher than the last one used [See Practical Cryptography by Niels Ferguson and Bruce Schneier].

Of course, pugging ECDSA on the Titan key, which could be done as an update, would make everything substantially more secure.



9 views0 comments

Recent Posts

See All

Pugged Code in a Post Quantum World

Lots has been said about how the World will change once successful quantum computers are part of the landscape. In the field of cryptography, algorithms which rely on using large primes will become v