Jan 08, 2021 20:00:00

Google's physical key 'Titan security key' is breached by side channel attack

Password authentication used for website authentication is vulnerable to password leakage, so more and more websites are introducing two-step authentication using physical keys. Google's '

Titan security key ' is one of the physical keys that can be used with Google's two-step authentication, and is characterized by supporting biometric authentication by FIDO . Regarding such Titan security key, security research agency Ninja Lab reports that it succeeded in a side channel attack .

A Side Journey to Titan --NinjaLab
https://ninjalab.io/a-side-journey-to-titan/

A Side Journey to Titan
(PDF file) https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf

A unique private key is securely stored inside the Titan security key, and this private key will be used for two-step authentication. The private key is not leaked outside the Titan security key, so if you keep your physical key secure, you can prevent unauthorized access to your account.

Physical key 'Titan security key' usage review to build secure two-step authentication of Google and prevent unauthorized access --GIGAZINE

When disassembling the Titan security key with NFC function, it looks like this, and it is the 'NXP A7005' chip in the image that generates and saves the private key.

NinjaLab disassembled the Titan security key it obtained and performed a physical analysis. It seems that products with characteristics similar to NXP A7005, such as NXP's 'J3D081_M59_DF', were very useful for analysis, and Ninja Lab named the product group with characteristics similar to NXP A7005 'Rhea', and the code of Rhea. He said that he proceeded with research on the conversion process. The analysis was performed by exposing the die of the chip with chemicals and measuring electromagnetic radiation, as shown in the image below.

The waveform of Rhea's electromagnetic radiation is as follows. Since these waveforms contain secret key information, they succeeded in restoring Rhea's secret key by acquiring 4000 types of samples and analyzing them by machine learning. NinjaLab reports that this analysis method also worked for Titan security keys.

The vulnerability affects not only Titan security keys but also Yubikey Neo and FEITIAN physical keys. Because exploitation of the vulnerability requires physical access to the security key, specialized software, and technical skills, NinjaLab says, 'Using a physical key can improve security more than not. We are urging you to switch to a physical key for which no vulnerabilities have been found yet.