The USB Implementers Forum (USB-IF) has announced an authentication program to help USB Type-C users avoid the risks associated with non-compliant and / or malicious USB peripherals. The USB Type-C Authentication Program was launched yesterday and is said to be an important milestone for the advancement and adoption of USB technology.
The press release and linked PDF document outlines the key characteristics of the USB Type-C authentication solution as follows:
- A standard protocol for authenticating certified USB Type-C Chargers, devices, cables and power sources
- Support for authenticating over either USB data bus or USB Power Delivery communications channels
- Products that use the authentication protocol retain control over the security policies to be implemented and enforced
- Relies on 128-bit security for all cryptographic methods
- Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation
In summary the optional security protocol allows OEMs to confirm the authenticity of USB chargers, cables and devices - before they exchange any power/data. The protocol will confirm the authenticity of a USB device, USB cable or USB charger, including such product aspects as the capabilities and certification status at the moment a physical connection is made. Such extra security will allow smartphone users, for example, to be more confident as they plug into a charging port in a public space.
Leading provider of TLS/SSL, PKI and IoT security solutions, DigiCert, will manage the PKI and certificate authority services. DigiCert was chosen as it has the technical expertise and scale required as the authentication body. It will surely be relishing the prospect of the payments that will flow when the USB Type-C Authentication Protocol is implemented.
Ahead of the above implementation, some companies have taken some steps to protect their devices from unauthorised wired connection issues. Google added the USBGuard security feature to Chrome OS in December to protect Chromebooks from USB access when the screen is locked, and Apple rolled out a similar feature in iOS 11.4.1, back in July.