The FIDO security key provides a simple, phishing-proof two-factor authentication (2FA), which changes the form of online account protection and is popular with a growing number of websites. Many technology companies, including Google, social networks, and cloud service providers, are working hard to implement FIDO-based security practices. The latest news is that Google introduced the OpenSK project to continue to drive and improve implementation and access to FIDO authenticators.
(From: Google Security Blog, Portal: GitHub)
Following open source projects such as Solo and Somu, we are pleased that Google’s OpenSK has joined the open source family.
As a fully open source security key implementation, OpenSK is written with Rust and supports fiDO U2F and FIDO2 standards.
Google hopes to use OpenSK as a research platform to attract researchers, security key manufacturers and enthusiasts to help it develop innovative features and accelerate the adoption of security keys.
OpenSK development board for DIY firmware that can be run by a portable device vendor.
Earlier versions of OpenSK were able to brush new firmware on the Nordic chip to create the keys the developer sits with.
In addition to being affordable, this reference hardware supports all the major transport protocols mentioned by FIDO2, including NFC, Bluetooth Low Energy, USB, and dedicated hardware encryption cores.
To protect the keys that users carry, OpenSK also offers customizable 3D print cases that can be used on a variety of printers.
OpenSK demo (via)
“We are pleased to be working with Google and the open source community on a new open-ViewPlatform platform,” said Kjetil Holstad, Director of Product Management at Nordic Semiconductor.
Combining the new features and testing in OpenSK, i hope our industry-leading nRF52840 accelerates the creation of a native secure encryption experience and helps secure keys be adopted by the mainstream industry.
The OpenSK underlying is written by Rust and runs on TockOS to provide better security isolation and a cleaner layer of OS abstraction. Rust’s powerful memory security and zero-cost abstraction make code less vulnerable to logical attacks.
With its sandbox architecture, TockOS provides some of the features needed to build defense-in-depth, such as isolation between security key applets, drivers, and kernels.