It is reported that the USB Implementers Forum (USB-IF) introduced the release of its USB Type-C Authentication program on Wednesday, which can protect against malicious devices and keep them safe. This post will give you some information about this program, so read on now!

USB Type-C Gets Authentication to Protect Your Devices

The non-profit USB Implementers Forum (USB-IF), the support organization and forum for the advancements and adoption of USB technology, whose main activities are the promotion and marketing of USB On-The-Go, USB and Wireless USB, and the specifications’ maintenance, as well as a compliance program.

On Wednesday (January 2, 2019), it announced the release of its USB Type-CTM Authentication program, which marks an important milestone for the optional USB security protocol. This specification defines cryptographic-based authentication for USB Type-C chargers and devices.

The USB Type-C Authentication empowers the host systems to protect against potential damage from non-compliant USB chargers.

Besides, in view of many USB-based insecure factors, such as key injection, backdoor installation, simulated mouse movement, data recording, traffic hijacking, machine virus infection and other operations, the deployment of USB-C Authentication measures can provide effective protection against malicious firmware and hardware in USB devices attempting to use a USB connection.

Tip: Want to keep your PC data from malicious attacks? Back up important files with Windows backup software, MiniTool ShadowMaker now so that you can get them back in event of virus infection.

By using this protocol, host systems will be able to verify the authenticity of a USB device, USB cable or USB charger, including product aspects like the capabilities and certification status. 

According to USB-IF, all of this happens right at the moment at a connection is made – before establishing a power supply or data is transferred, to ensure no inappropriate power or data transmission.

USB-IF President and COO Jeff Ravencraft said, “As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.”

This company will work with DigiCert to manage the PKI and certificate authority services for the USB Type-C Authentication program.

Key Characteristics of USB Type-C Authentication Solution

USB-IF outlines many features of Type-C Authentication program, as shown in the following part:

  1. A standard protocol that can be used for authenticating certificated USB Type-C chargers, cables, devices, and power sources.
  2. Support for the authentication via either USB data bus or USB PD (Power Delivery) communications channels.
  3. Products that use the authentication protocol and are able to control the implement and enforcement of the security policies.
  4. Relies on 128-bit security for all cryptographic methods.
  5. The existing internationally-accepted cryptographic methods that are related to digital signing, hash, certificate format, and random number generation are used for reference by the specification.
Tip: In addition, other organizations have also taken steps to protect their devices from USB issues, for example, Google’s new feature, USBGuard, blocks access to USB port when the screen is locked, Apple’s similar feature for iOS requires users to unlock their device after an hour of inactivity before allowing any activity over a USB port, etc.

OEMs Can Join USB-IF USB Type-C Authentication Program

For device manufacturers, the program allows them to implement this new authentication protocol to protect consumers.

Thanks to the 128-bit authentification system, it can help manufacturers identify certified devices before a full link is created. Once the machine fails to authenticate the device, it may deny data access, power transmission or both, from happening.

However, there is no mandatory requirement for OEMs at present, so they can choose whether to join USB-C identity authentication program or not.

According to USB-IF, they are excited to launch this authentification program since it provides OEMs with the flexibility to implement a security framework that best fits their specific products requirements.

  • linkedin
  • reddit