USB 3.0 Promoter Group Updates USB Type-C to Solve Bad Charges and Malware

apple-watch-event-2015-0176-0416The USB 3.0 Promoter Group today announced the USB Type-C Authentication specification, defining cryptographic-based authentication for USB Type-C chargers and devices. Using this protocol, host systems can confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors/capabilities and certification status. All of this happens right at the moment a wired connection is made — before inappropriate power or data can be transferred. This new authentication is the result of the discovery that users can very easily and quickly fry their devices when using a bad USB-C cable, in addition to other cybersecurity issues.

USB Type-C Authentication allows host systems to protect against non-compliant USB chargers and to mitigate risks from maliciously embedded hardware or software in USB devices attempting to exploit a USB connection. For a traveler concerned about charging their phone at a public terminal, their phone can implement a policy only allowing charge from certified USB chargers. A company, tasked with protecting corporate assets, can set a policy in its PCs granting access only to verified USB storage devices.

Key characteristics of the USB Type-C Authentication solution include:

  • A standard protocol for authenticating certified USB Type-C Chargers, devices, cables and power sources
  • Support for authenticating over either USB data bus or USB Power Delivery communications channels
  • Products that use the authentication protocol retain control over the security policies to be implemented and enforced
  • Relies on 128-bit security for all cryptographic methods
  • Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation

USB Power Delivery 3.0, the new revision of the USB Power Delivery specification, adds incremental features to the existing USB Power Delivery 2.0 specification. These features include enabling authentication message exchange over the USB PD communications channel for standard USB Type-C to USB Type-C cables. The new USB Type-C Bridging specification provides the necessary method for bridging messages to and from a USB PD link over the USB data bus. USB Type-C Bridging enables a USB host to communicate with the USB PD interface of a downstream port in a connected USB hub, among other capabilities.

See also  Imminent Disaster  --  The Looming AV Threat