USB-C With Secret Codes Making Connections Secure
This week the folks at the USB-IF (USB Implementers Forum) announced the launch of their own USB Type-C Authentication Program. With this program, manufacturers may implement and be certified for the USB Type-C Authentication specification. For the end user – you – that means you'll soon be able to know immediately if a new USB-C cord is able to cryptographically authenticate – that is, give a secret handshake to your phone or PC before it's able to supply power or transfer data.
USB Type-C Authentication "empowers host systems to protect against non-compliant USB chargers and to mitigate risks from malicious firmware/hardware in USB devices attempting to exploit a USB connection." In short – it's aimed at cutting out cheap cords and chargers and such. With this system, these cheap chargers and/or malicious entities will be stopped before they start.
Since the dawn of the smartphone, people have experienced the drawbacks of buying cheap cords and chargers. Instead of regulating the power they supply to phones, tablets, and etcetera, they can provide power indiscriminately, in turn creating a situation where a fire happens. Then the smartphone manufacturer gets blamed and the manufacturer gets to say: Did you use one of our cords, or did you get one from a no-name accessory maker?
The same is true of the future in USB-C accessories attempting to gain access to PCs and such without authorization. Granted, it is possible to turn your own USB ports off when they're not in use – but this process could make the whole situation easier for everyone to handle.
USB Type-C Authentication solution features:
• A standard protocol for authenticating certified USB Type-C chargers, devices, cables and power sources
• Support for authenticating over either USB data bus or USB Power Delivery communications channels
• Products that use the authentication protocol retain control over the security policies to be implemented and enforced
• Relies on 128-bit security for all cryptographic methods
• Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation
To be clear – this isn't a certification that you'll NEED with every future USB-C cord and device. Instead, it's an optional added layer of security, and one of a potential many. USB-IF selected the security company DigiCert to manage the PKI and certificate authority services for the USB Type-C Authentication Program. It is through them that manufacturers will seek out this next-gen security protocol.