USB Type-C Authentication Program Launches For Protection Against Malicious USB Hardware Attacks
The USB Implementers Forum has today announced its USB Type-C Authentication Program, the specification for which attempts to define a cryptographic-based authentication protocol for chargers and other devices which adopt the USB-C standard.
If you had absolutely no clue that the USB Implementers Forum even existed, well now you do, and you should be glad as the forum is there for the protection of all and the safety of the standard as it looks to better the advancement and adoption of USB technology on a global scale.
Given the fact that there are multiple different and malicious attacks out in the wild that wreak their havoc via USB, this Authentication Program will be particularly welcomed.
Attacks which are capable of installing backdoor software on a host machine, tracking and emulating mouse movements, logging keystrokes, saving data remotely, and, of course, dumping viruses and malware onto a machine, could all be stopped via this USB-C Authentication as its sole cause would be to provide security and safety to the host device.
It will also keep host systems safe from cheap or entirely non-compliant USB-C chargers and devices which could otherwise cause harm. This may not be the harm in the form of malicious intent but down to the fact that the charger or other device is manufactured poorly and does not comply with expected USB-C standards.
With the USB-C Authentication in place, any host machine that receives an input from a USB-C device – say, a charger for example – will be able to accurately determine whether or not that device is authentic and whether it poses a risk to the machine and the contents therein. The beautiful part of the scenario is that the authentication happens immediately, allowing the machine to determine the authenticity of the device before any data or power is transferred between the connection.
The key characteristics of the USB Type-C Authentication being outlined – as highlighted by BusinessWire – are as follows:
A standard protocol for authenticating certified USB Type-C chargers, devices, cables and power sources
Support for authenticating over either USB data bus or USB Power Delivery communications channels
Products that use the authentication protocol retain control over the security policies to be implemented and enforced
Relies on 128-bit security for all cryptographic methods
Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation
The Forum has also announced that it has selected DigiCert as the certificate authority for the Program. More info is likely to be shared when the USB-IF participate at this year’s CES in Las Vegas next week.