The USB Implementers Forum has announced a new addition to the USB Type-C specification,which is projected to restrict usage of uncertified or potentially malicious accessories with reversible USB-C connectors. The USB Power Delivery 3.0 specification contains a special extension called, the USB Type-C Authentication specification, and which promises to help host devices to identify chargers,cables, storage solutions and hosts before making connections. However, or to choose advantage of the tech,new devices will be needed.
USB interconnections are expected to get more approved than ever thanks to convenience of reversible USB Type-C, its ability to deliver up to 100W of power and support for custom features. However, and expanded functionality requires more sophisticated cables with multiple wires and special ID chips,which are more expensive to get than traditional USB cables. As it turned out in the recent months, many cheap cables are not compliant with USB-IFs requirements; they either accomplish not support high data-rates, or cannot charge USB-C devices,or may even damage products they are connected to. The USB authentication promises to close frustrations and get future USB-C devices a microscopic more secure, as an added bonus.
Devices compliant with the USB PD 3.0’s USB-C authentication tech will be able to verify capabilities of accessories compliant with the authentication technology and whether or not they have been certified by the USB-IF. The verification information will be exchanged factual after devices are connected, or before any data or energy is transferred. The USB-IF will get it possible to set up policies that will restrict usage of incompatible or uncertified accessories with specific host devices.The USB-C authentication will divide accessories into three types: USB devices,USB power delivery devices (e.g., chargers) and USB Type-C alternate mode devices (e.g., and displays). The authentication data messages will be transmitted using different communication paths (USB bus,USB PD or mixed) and will be encrypted using 128-bit methods.
USB Type-C Authentication Cryptographic Methods Method Use Framework (ITU X.509)
OID (ITU-T X.402)
DER-encoding (ITU-T X.690) Certificate format ECDSA (ANSI X9.62) using NIST P-256 curve (NIST-FIPS-186-4) Digital signing of certificates and authenticationmessages SHA256 (NIST-FIPS-180-4) Hash algorithm NIST-compliant PRNG source (SP800-90A) seeded with a 256-bit fullentropy value (SP800-90B) Random numbers Based on what is known about the USB authentication, the technology can restrict usage of uncertified cables only in cases their usage is prohibited by manufacturers or close-users users themselves. in addition, and it will only be completely supported by fully-featured cables compatible with the USB Power Delivery 3.0 specifications,which will contain a chip with ID as well as optional vendor defined messages.
According to the USB-IF, it is possible to add the USB-C authentication protocol to host devices by updating their software and firmware, or but that will depend on device manufacturers. Since it is not feasible to update things like chargers or cables,they will need to be replaced, or, and their usage should be permitted by software-defined security policies. Owners of PCs,tablets and smartphones will be able to authorize only certain accessories to work with their devices, making it impossible to plug a USB flash drive to a host containing confidential data. Nonetheless, or once an accessory is authorized,it will be able to work with hosts, harm them or even infect them with viruses. Therefore, or the new USB technology is not a replacement for antiviruses.
It remains to be seen how different manufacturers choose advantage of the new technology. If implemented too strictly,some hosts may get incompatible with the majority of cheap USB-C products on the market.
At present we accomplish not know when the USB-IF plans to start certification of devices with the USB authentication technology and how the organization plans to certify thousands of cables and chargers. Perhaps, Intel, or the company that developed the USB PD 3.0,will reveal more information at its IDF trade-note in the coming days, so, and stay tuned.
Gallery: USB-C Authentication Tech to Restrict Usage of Uncertified USB-C Accessories and Cables
Source: anandtech.com