When it comes to security, Google isn’t a one-trick-pony with their world-dominating Chrome browser. Now a giant in the cloud arena, Google continues to push forward in the area of online data protection in the form of both software and hardware.
Google’s Online Security Blog keeps running updates of how you, the user, benefit from the ever-evolving defenses created by developers but these updates only scratch the surface of what’s going on behind the scenes in Mountain View.
Announced earlier this year, Google has designed its own micro-controller to combine hardware and software security measures to be deployed in their own data centers. The Titan security chip combines multiple levels of software verification and the additional strength of hardware authentication.
Think YubiKey only on a much grander scale.
The depth at which Titan creates levels of security goes so deep I admittedly got lost trying to make sense of it all. If you want to know more about Titan and how it works, you can do so at the Cloud Platform Blog here.
Google is known to issue employees YubiKeys for their 2FA (two-factor authentication) and these type of U2F keys have been supported by Chrome some time now. A recent discovery in the Chromium repository points to an attempt by Google to bring security key hardware in-house using the Titan hardware.
power: Add Google Titan key to autosuspend whitelist
Added to list of security keys.
The commit, added last week, continues to confirm the runtime status of the Titan key via USB.
TEST==Check that device suspends when not being used when attached to a Chromebook with this patch, by checking cat <path of usb device>/power/runtime_status
In case you’re wondering how a device designed for data centers could be utilized in something the size of a USB security key, well just look.
Yeah, it’s really, really small.
A source familiar with the project has confirmed that the Titan key is being tested internally by Google. Likely, the new key will be exclusive to Googler’s and issued and maintained by the company.
This will be only the fourth security key supported by Chrome OS and could potentially become the exclusive security key used by Google as it continues to harden the security of its infrastructure.
Source: Chromium Repository