Security News > 2020 > January > Google Open Sources Code for Security Key Devices
Google on Thursday announced that it has released the source code for a project named OpenSK in an effort to allow users to create their own security key devices.
Specifically, the company hopes that researchers, manufacturers of security keys and even enthusiasts will help develop new features and accelerate the adoption of these authentication devices.
The OpenSK firmware can be used with a Nordic chip, which supports a dedicated hardware crypto core, along with all major transport protocols, including Bluetooth, NFC and USB. Google has also made available the design for a security key enclosure that can be created using 3D printers.
"Under the hood, OpenSK is written in Rust and runs on TockOS to provide better isolation and cleaner OS abstractions in support of security. Rust's strong memory safety and zero-cost abstractions makes the code less vulnerable to logical attacks. TockOS, with its sandboxed architecture, offers the isolation between the security key applet, the drivers, and kernel that is needed to build defense-in-depth," Google explained.
Google announced earlier this month that it has simplified the enrollment process for its Advanced Protection Program, which is designed to help high-risk users add an extra layer of protection to their account through the use of security keys.
News URL
Related news
- Scout Suite: Open-source cloud security auditing tool (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- CrowdSec: Open-source security solution offering crowdsourced protection (source)
- Paid open-source maintainers spend more time on security (source)
- Certainly: Open-source offensive security toolkit (source)
- Open source maintainers: Key to software health and security (source)