USB-IF launches a certification program for USB-C to defend against hardware-level attacks
The Universal Serial Bus Implementers Forum (USB-IF) has announced that it will introduce a USB-C certification program to standardize chargers and devices based on this type of interface.
At present, there are many hardware-level attacks on USB devices, such as installing backdoor programs on the device and devices used by viruses to infect users.
There have been spy attacks before embedding viruses in USB devices to record user data and traffic hijacking, etc., and such attacks are difficult for users to discover.
The certification program mainly adds authentication measures to USB devices, loads security firmware and hardware protection measures to protect against attacks such as installing malicious firmware.
The USB-C authentication protocol host can confirm the authenticity of the device, cable or charger, and the authentication mechanism will confirm when connecting an unsuitable data cable.
However, this measure itself is optional and does not force the manufacturer to access. Of course, the user can choose a cable that supports this authentication protocol to improve security.
Key characteristics of the USB Type-C™ Authentication solution include:
- A standard protocol for authenticating certified USB Type-C™ Chargers, devices, cables and power sources
- Support for authenticating over either USB data bus or USB Power Delivery communications channels
- Products that use the authentication protocol retain control over the security policies to be implemented and enforced
- Relies on 128-bit security for all cryptographic methods
- Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation