Fido Security Key is a phishing-resistant two-factor authentication (2FA) device that help to protect high-value enterprise users from the most sophisticated attacks.
Google in a bid to make the creation of hardware security key easier, has announced an open source project for implementing hardware security keys for USB drives, called OpenSK, which is implemented in Rust language to support FIDO U2F and FIDO2 standards. It works with almost all the popular browsers, with support from the growing ecosystem of services on the FIDO standards.
OpenSK is intended for use by security researchers, manufacturers of security key, and security enthusiasts to help in developing innovative features and accelerate the adoption of security key.
What's OpenSK built upon & the Implementations?
OpenSK is written in Rust language, and runs on TockOS which provides better isolation and abstractions to support improved security. The Rust language’s strong safety memory and zero-cost abstractions makes it less vulnerable to logical attacks.
TockOS, along with its sandboxed architecture, offers better isolation between security key applet, the drivers, and kernel which is mandatory to build in-depth defense. While Google's contributions to TockOS, include the flash-friendly storage system and patches, which have been up-streamed to the TockOS repository.
And by flashing the OpenSK firmware on a Nordic chip dongle, you can make your own developer key. The choice of Nordic as initial reference hardware is because it supports all major transport protocols mentioned by FIDO2, including NFC, Bluetooth Low Energy, USB, and dedicated hardware crypto core.
Google is also providing a custom, 3D-printable case that works on a variety of printers, to help you protect and carry your security key.
How to Contribute or Get involved with OpenSK?
If you want to learn more about OpenSK and how to get involved with making your own security key, all the necessary information is available on the GitHub repository.
Before now, Google and Yubikey are the only vendors that offered FIDO compatible keys using their own proprietary hardware and software. OpenSK will over time add more innovative features, like stronger embedded crypto, to encourage wider adoption of security key, as the trusted phishing-resistant device with tokens for a password less web.