We select and review products independently. When you purchase through our links we may earn a commission. Learn more.

Mullvad Creates an Open-Source USB Security Key

The Tillitis USB security key.
Mullvad, Tillitis AB

After soaring in popularity, Mullvad VPN is ready to dip into hardware security. Mullvad just launched a new company called Tillitis AB, which is currently showing off an all-new USB security key at the Open Source Firmware Conference.

While we still don’t know exactly how Tillitis Key works, we know that it’s very unique when compared to FIDO2 solutions like the YubiKey.

The Tillitis Key is fully open-source, even down to its PCB design. It uses a “measured boot” system (or something similar) to derive a hash for applications as they load on the device. This hash is combined with a per-device secret to generate a unique security key.

According to Mullvad, this process should allow the Tillitis Key to verify an app’s integrity before it loads. It also prevents applications from “seeing” each others’ secrets, which may provide a strong defense against malware. (Note that Tillitis Key loads applications, but these applications aren’t persistently stored on the security key.)

Other interesting features include a programmable “user” or “host” secret, which will prevent a thief from using your security key even if they know an application’s hash. And notably, Tillitis Key will continue to work even when an application is updated, depending on how the app developer enables code-signing.

Mullvad is showing off the Tillitis Key at the 2022 Open Source Firmware Conference. Attendants will receive an engineering sample of the security key. For more detailed information, I suggest checking the Tillitis GitHub, which includes PCB schematics, source code, and more.

Source: Mullvad

Andrew Heinzman Andrew Heinzman
Andrew is the News Editor for Review Geek, where he covers breaking stories and manages the news team. He joined Life Savvy Media as a freelance writer in 2018 and has experience in a number of topics, including mobile hardware, audio, and IoT. Read Full Bio »