The USB Implementers Forum (USB-IF) has announced a new authentication standard that can be implemented for USB-C devices and complimenting chargers. USB-C Authentication, as it’s called, uses 128-bit “cryptographic-based authentication” to help mitigate potential security intrusions from USB thumb drives and chargers that could be used to deliver malicious payloads/firmware.
The USB-IF says that with its new authentication protocol, the host device would be able to in effect enter in a secure “handshake” with another USB-C device, confirming its identify. At the moment the connection is made, the host would be able to determine “product aspects as the capabilities and certification status” before power or data is transmitted.
According to the USB-IF, authentication can be accomplished either via the USB data bus or with standard USB Power Delivery methods. The following critical points are also addressed by the USB-IF:
- Products that use the authentication protocol retain control over the security policies to be implemented and enforced
- Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation
“USB-IF is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements,” said USB-IF President and COO Jeff Ravencraft. “As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.”
We should mention that there is no requirement for device manufacturers or accessory makers to implement USB-C Authentication – it is simply a recommendation at this point. However, as USB-C continues to become the connection standard of choice for more manufacturers (even Apple has jumped on the bandwagon with the iPad Pro), we’re hoping to see a swift adoption of this commonsense security-focused feature.