Authentication method to protect devices from security issues, power surges
Three years after its implementation, the USB Implementers Forum finally starts the USB Type-C Authentication program. USB Type-C devices and systems makers can protect its devices from malicious intent, security threats, and even power surges from non-compliant devices/chargers.
“USB-IF is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements,” said USB-IF President and COO Jeff Ravencraft. “As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.”
The USB-IF said via its press release, “Using this protocol, host systems can confirm the authenticity of a USB device, USB cable or USB charger, including such product aspects as the capabilities and certification status. before inappropriate power or data can be transferred.”
These implementations, however, is voluntary for OEMs to adopt. The following are the finalized solutions:
- A standard protocol for authenticating certified USB Type-C™ Chargers, devices, cables and power sources.
- Support for authenticating over either USB data bus or USB Power Delivery communications channels.
- Products that use the authentication protocol retain control over the security policies to be implemented and enforced.
- Relies on 128-bit security for all cryptographic methods.
- Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation.
What about the existing USB Type-C devices and ports?
This is a good implementation against non-compliant devices. But there should be a clear indication of having such implementation, similar to ’80Plus’ power supply certification. We have seen earlier cases of third-party cables and devices resulting in damage during charging. Of course, this is more relevant to certain devices and IoT systems, I couldn’t help but imagine motherboard manufacturers getting another marketing tag to call its future release motherboards to have ‘USB TYPE-C with Encryption protection’ or something with a colouful name.
It would be interesting to see if compliant ports will not be charging non-compliant devices. Same could be said about working with Type-A to Type C adapters and cables. This implementation could handicap existing Type-C USB devices that comply with older standards without the certification as a cost-cutting practice.
Expect the worst, but hope for the best!
— Hardware BBQ (@HardwareBBQ) January 5, 2019