January 3, 2019 // 9:59 a.m.
The USB Implementers Forum (USB-IF) has announced the official launch of the USB Type-C Authentication Programme, an effort through which it hopes to protect devices against malicious and dangerous accessories.
Designed to replace both ends of a USB connector, USB Type-C is becoming increasing popular - not least because it can be connected either way up, putting an end to the seemingly-impossible task of plugging in a USB cable the right way up in fewer than three tries. It also includes a wealth of features on top of the original USB specification, including the ability to transfer video signals and a surprising amount of power - enough, in fact, for laptops to charge themselves solely via a USB power cable.
That ability to throw power around, though, comes with a risk: Badly-manufactured chargers and cables, of which there are a depressing number on the market, run the risk of everything from damaging the host system to actively catching on fire - and it's these kind of issues, along with the potential for insecure maliciously- or simply badly-designed hardware to be connected to systems, that the USB Implementers Forum (USB-IF) is aiming to address with the USB Type-C Authentication Programme.
'USB-IF is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements,' claims USB-IF president and chief operating officer Jeff Ravencraft. 'As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.'
Where previous USB certification systems have relied on preventing logos from being printed on or moulded into uncertified products, a rule entirely ignored by many manufacturers, the USB Type-C Authentication system takes a more active approach: The standard defines a protocol by which devices, power sources, and cables can authenticate, using 128-bit cryptographic handshakes, to ensure that everything in the chain is certified as being safe to use. This handshaking, the USB-IF explains, can take place either over the USB data bus or the USB Power Delivery (PD) communication channel.
The move will be welcomed by those who are manufacturing fully-certified hardware and by those who have already been bitten by badly-made devices or cables, but it brings with it a risk of removing control from the user: While the USB-IF is not mandating the use of any security policies associated with the USB Type-C Authentication system, manufacturers would be able to actively block the use of third-party cables should they so choose - a move that, thankfully, no manufacturer has yet come forward to suggest they will make.
The USB-IF is taking applications for participation in the USB Type-C Authentication Programme now but has not yet indicated when the first compatible devices are likely to appear on the market.