Google Creates Powerful New Security System for Enterprises (part 2)

Operational flexibility

To achieve OpenSK aims, Google is using the Rust programing language developed by rival browser publisher Mozilla to code the key’s OS.

Named TockOS, its features include an architecture fencing the safety applet from its drivers as well as from the kernel within the 32-bit Arm core of Nordic SoC.

Google’s engineers say the programing language works to limit logic attacks because of the straightforward abstraction and safety enhancements for its flash-friendly memory. TockOS is out there on the GitHub code repository, where developers can access blueprints and upload innovations.

Tighter measures

Two-factor authentication is a minimum of as old because the cash machine, which needs a card and pre-set password to access an account. With the arrival of online banking, the methodology has produced innovations like one-time codes sent via SMS services to execute instructions.

But the safety vulnerabilities of wireless transmitters make them but ideal – hence, Google’s action to prop up defenses. Other moves by the corporate include barring users from accessing G Suite productivity tools via apps that share usernames and passwords.

Google is also blocking downloads by its Chrome browser of mixed-content files containing text and pictures over unencrypted web protocols.

Cloud challenges

Making security an indicator is increasingly important for Google because it leverages its dominance in search to other sectors. Quite two billion people use its Gmail platform to send e-mails over the online and quite one billion computing devices run its Chrome browser.

Yet, it’s within the cloud where Google lags, trailing Amazon Web Services and Microsoft Azure by a good margin in global league tables. Both competitors support the FIDO Alliance push for an internet that’s password-free.

In the same time, the Alphabet subsidiary is setting up partnerships driving enterprises to its Google Cloud Platform when they revamp their IT landscapes. Taking up the open-source security baton is another way for Google to stick it to the market leaders.

Google Creates Powerful New Security System for Enterprises (part 1)

The Silicon Valley giant is using open-source encryption to form the web a safer place. By offering developers first crack at cutting their own pass keys, Google hopes that increased adoption of its new security system will lure the Fortune 500 to its cloud services.

The search-and-advertising company’s OpenSK project offers a more robust layer of protection than passwords, which are soft targets for attackers seeking ways into personal accounts. Once there, they will invade systems and compromise companies.

OpenSK uses a two-factor authentication standard pioneered by the Fast Identification On-Line Alliance, or FIDO, which calls on hardware containing unique access codes instead of passwords. The industry group is committed to a password-free internet.

Making software libraries publicly available to run reference hardware provides developers with tools to make their own FIDO authenticators. Google engineers call OpenSK an experimental research platform but the corporate hopes that enterprises will examine the technology then adopt it.

FIDO-friendly firmware

To spur development, Google has added a dongle produced by Nordic Semiconductor to the Titan family of security keys it introduced two years ago. The Norwegian maker’s widget contains a system-on-chip that interfaces through a USB port or using Bluetooth wireless and near-field communication.

The Nordic dongle and tokens within the Titan lineup contain firmware compatible with FIDO U2F and FIDO2 standards for both desktop and mobile. They use authentication protocols from the seven-year-old alliance taking passwords out of the equation.

The result’s a design that Google says can beat the bots, phishing scams and targeted attacks that employ public-key cryptography to verify user identities and log-in pages – albeit account holders inadvertently display passwords.

Indeed, Google claims it hasn’t suffered a breach since shifting its quite 80,000 employees to Titan in 2017. The Nordic dongle possess an equivalent capabilities and lets users fashion their own carrying case with a 3D printer.