I’ve designed the first production quality, open source U2F token. I’ve designed it to be secure, cheap, and reliable. This is important for a 2 factor auth key, which is what U2F is intended for. Additionally, I mass produced the U2F tokens using an external PCB fab and a programming pipeline I designed and implemented. Custom programming was required to meet complex security requirements. I provide metrics and cost details for bootstrapping a project like this to sell on Amazon Prime.
I will explain the security fundamentals that make U2F secure. Additionally, there are important factors a designer needs to face to correctly design secure hardware. A protocol like U2F isn’t secure until it’s in a well designed implementation. And to make a project available to others, one must consider other factors to mass produce secure hardware. How do you make sure each key is unique and that different keys are handled properly? I solved this with my design of a custom programming setup. I then pipelined it so I could to program 1000+ U2F tokens in a reasonable amount of time on my own. Lastly, I provide metrics and cost details for bootstrapping a project like this to sell on Amazon Prime.
Conor Patrick (@_conorpp) is a graduate student at Virginia Tech researching secure embedded systems. He’s planning on working for the government in security after he finishes his studies. He has previously worked at the FTC doing research about security in products and at John Hopkins Applied Physics Lab doing reverse engineering. Conor likes attending bike parties with bright LED setups. He’s a beer drinker and brewer. He’s a fan of photography. He enjoys reading and blogging. He likes traveling and is planning a trip for next summer.