Mullvad, Tillitis AB
After soaring in popularity, Mullvad VPN is ready to dip into hardware security. Mullvad just launched a new company called Tillitis AB, which is currently showing off an all-new USB security key at the Open Source Firmware Conference.
While we still don’t know exactly how Tillitis Key works, we know that it’s very unique when compared to FIDO2 solutions like the YubiKey.
The Tillitis Key is fully open-source, even down to its PCB design. It uses a “measured boot” system (or something similar) to derive a hash for applications as they load on the device. This hash is combined with a per-device secret to generate a unique security key.
According to Mullvad, this process should allow the Tillitis Key to verify an app’s integrity before it loads. It also prevents applications from “seeing” each others’ secrets, which may provide a strong defense against malware. (Note that Tillitis Key loads applications, but these applications aren’t persistently stored on the security key.)
Other interesting features include a programmable “user” or “host” secret, which will prevent a thief from using your security key even if they know an application’s hash. And notably, Tillitis Key…
Read Full Article Source