We will first present the basics of the FIDO(2) protocol and the concept of hardware FIDO tokens, summarize their attack surface as well as enumerate related certification schemes. Then we will have a look on several (families of) hardware FIDO tokens, with for each one partial teardown, analysis of the cryptographic chip used, its known certification details (and possibly) its known vulnerabilities. Finally we will explore the future of HW FIDO tokens.
Dr. Victor Lomne holds a master degree in cryptology and computer security from the university of Bordeaux, France, and a PhD degree in microelectronics from the university of Montpellier, France.
He worked during 7 years as security expert in the hardware security team of the scientific division of ANSSI (French Cybersecurity Agency) in Paris, France. During these years he created and was responsible for the team lab, worked as penetration tester on a wide range of products, and was technical support for the ANSSI National Certification Center.
He then came back to work as researcher at the LIRMM (laboratory of computer science, robotics and microelectronics of the university of Montpellier), before co-founding NinjaLab.
Victor is also an active academic researcher in the fields of cryptology and hardware security, with publications, keynotes and program committee membership in top conferences like CHES, FDTC, Hardwear.io and COSADE.