Communications of the ACM

Home/News/Side-Channel Attack Can Recover Encryption Keys From.../Full Text

ACM TechNews

Side-Channel Attack Can Recover Encryption Keys From Google Titan Security Keys

By ZDNet
January 19, 2021
Comments

View as: Print Mobile App Share:

Two researchers at French security company NinjaLab found a vulnerability impacting chips used in Google Titan and YubiKey hardware security keys.

The flaw enables malefactors to recover the primary encryption key used by the hardware security keys to generate cryptographic tokens for two-factor authentication (2FA) operations.

The researchers said the Elliptic Curve Digital Signature Algorithm private key would let hackers clone Titan, YubiKey, and others to circumvent 2FA protocols, although attack severity is not as high as implied due to various factors, like the Google Titan key's tough plastic casing.

However, the NinjaLab researchers said a side-channel attack becomes possible once hackers have access to the key's chip, based on analysis of the chip's electromagnetic emissions while processing cryptographic operations.

The researchers added that key recovery typically takes hours, and requires expensive equipment and custom software.

From ZDNet
View Full Article

No entries found

Side-Channel Attack Can Recover Encryption Keys From Google Titan Security Keys

ISS Gets SSD Upgrade

Disinformation 2.0 in the Age of AI: A Cybersecurity Perspective

The Link Between Rituals and Data Science