With USB-C seeing wide adoption on Android phones, tablets, and Chromebooks, the dream of having one convenient connection is here. The USB-IF standards body today officially launched the USB Type-C Authentication Program that will allow OEMs to “protect against non-compliant USB chargers.”
This USB security protocol is considered “optional” and “defines cryptographic-based authentication for USB Type-C chargers and devices.” In practice, this allows for host devices to confirm the capabilities and certification status of other USB devices, cables, and chargers.
Authentication occurs “right at the moment a connection is made” and before power or data transfer occurs. This handshake can be conducted over the USB data bus or USB Power Delivery communications channels.
One possible upside to this is preventing physical damage to a device, as well as mitigating “malicious firmware/hardware in USB devices attempting to exploit a USB connection.” The USB Implementers Forum notes that end products and OEMs “retain control over the security policies to be implemented and enforced.”
However, the USB Type-C Authentication Program could also be used by manufacturers to prevent anything but first-party or other approved accessories from working with devices. If taken to this extreme, it would be a step back in regards to the open future promised by one unified connector. OEMs have yet to announce support for this standard.
The full characteristics of the USB security protocol are below:
- A standard protocol for authenticating certified USB Type-C chargers, devices, cables and power sources
- Support for authenticating over either USB data bus or USB Power Delivery communications channels
- Products that use the authentication protocol retain control over the security policies to be implemented and enforced
- Relies on 128-bit security for all cryptographic methods
- Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation