The Google Titan Security Key is a FIDO U2F hardware device proposed by Google (available since July 2018) as a two-factor authentication token to sign in to applications such as your Google account. In this work, we present a side-channel attack that targets the Google Titan Security Key ’s secure element (the NXP A700x chip) by the observation of its local electromagnetic radiations during ECDSA signatures. This work shows that an attacker can clone a legitimate Google Titan Security Key. As a side observation, we identified a novel correlation between the elliptic curve group order and the lattice-based attack success rate.
Victor holds a master degree in cryptology and computer security from the university of Bordeaux, France, and a PhD degree in microelectronics from the university of Montpellier, France.
He worked for 7 years as a security expert in the hardware security team of the scientific division of ANSSI (French Cybersecurity Agency) in Paris, France. During these years he created and was responsible for the team lab, worked as penetration tester on a wide range of products, and was technical support for the ANSSI National Certification Center.
He then came back to work as researcher at the LIRMM (laboratory of computer science, robotics and microelectronics of the university of Montpellier), before co-founding NinjaLab.
Victor is also an active academic researcher in the fields of cryptology and hardware security, with publications, keynotes and program committee membership in top conferences like CHES, FDTC and COSADE.