USB-C security boosted by authentication system

null

It's nothing new that USB devices can be a risk to use, but what people may not realise is that USB cables and charges can also pose a risk. For example, inappropriate power can hurt a device's battery and, in some cases, smartphones won't accept a system upgrade unless connected to a computer via a compliant USB-C cable.

USB Implementers Forum, or USB-IF, is a not-for-profit organisation that aims to eliminate this problem by standardising all relevant USB-C devices through the Authentication Program.

The USB-IF Authentication Program's goal is to confirm the authenticity of a USB device, cable or charger. This will happen the very moment a device is plugged in, so no data or power should be transferred.

DigiCert will be managing the PKI and certificate authority services for the program.

"As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices," USB-IF president and COO Jeff Ravencraft said.

According to ZDNet, the USB Type-C Authentication solution will include the following:

- A standard protocol of authentication for USB Type-C chargers, devices, cables, and power sources;

- Support for authenticating over either USB data bus or USB power delivery communications channels;

- Products that use the authentication protocol and retain control over the security policies implemented and enforced;

- 128-bit security for all cryptographic methods; and specification references for existing internationally-accepted cryptographic methods in relation to certificate format, digital signing, hash, and random number generation.

Image Credit: Denvit / Pixabay