USB Type-C gets authentication to protect against malicious devices
Exploiting USB devices and the protocol itself has become far too easy in recent years. Widespread availability of inexpensive malicious hardware has to lead many to simply disable unused ports. Through the addition of cryptographic authentication to USB Type-C devices, a much greater level of protection is offered.
When USB Type-C (aka USB-C) arrived a few years ago, it looked promising. A single cable for your laptop, tablets, smartphones, and other gadgets. The reversible connector was probably its biggest highlight, apart from faster data transfer rates, support for quicker charging, and media delivery.
But it hasn’t been a smooth ride until now. USB-IF, a non-profit organization that looks after USB standards, has now formally launched a new ‘USB Type-C Authentication Program‘. The program is aimed at protecting users’ devices from all sorts of security hazards.
USB-IF president and COO Jeff Ravencraft said that – “the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.”
The USB Type-C Authentication solution will include: a standard protocol of authentication for USB Type-C chargers, devices, cables, and power sources; support for authenticating over either USB data bus or USB power delivery communications channels; products that use the authentication protocol and retain control over the security policies implemented and enforced; 128-bit security for all cryptographic methods; and specification references for existing internationally-accepted cryptographic methods in relation to certificate format, digital signing, hash, and random number generation.
Software policies on Type-C devices will be able to restrict USB functions based on certification status. For example, it would be possible to only allow phone charging at public terminals that pass a validation check.
At the current time, participation in the authentication program is optional for OEMs. However, it would not be surprising for hardware makers working in sensitive industries to quickly accept and adopt the standard. Rest assured that all of the dollar store phone chargers will not be adding any additional protections.