USB Type-C Authentication Program will protect devices from malware, hardware threats

“The USB Type-C Authentication Program will use 128-bit cryptographic-based authentication certificates to verify a USB-C connection against anomalies.”

The USB Implementers Forum (USB-IF) has announced the launch of the USB Type-C Authentication Program. The move comes on the back of increasing outreach of the USB-C reversible port standard, and aims to improve the security aspect of the connectivity medium. The Authentication Program, as the name suggests, will verify the authenticity of a connection made via a USB-C port, and protect against maliciously planted malware, infected or damaged hardware, and data theft attempts.

The new Authentication Program aims to establish a standard protocol to identify certified chargers, ports and cables to ensure safety of usage, particularly in public charging hotspots. The standard can be implemented in both data transfer and exchange, and power delivery — thereby being useful towards protecting devices in multiple use cases. The authentication method uses 128-bit encryption security for all cryptographic methods, and is executed right at the initialisation stage of a connection. This is done to ensure that the data or power being transferred through the USB-C port can be verified before any damage is made.

USB-C port - featured

The security specification of this new certification standard of USB-C devices is based on cryptographic security principles, according to a statement released by the USB-IF body. Such security specifications are implemented for certificate-format authentication, digital signing, hash and random number generation, all of which help verify the data when a connection is made. Jeff Ravencraft, president and COO of USB-IF, said in the launch statement, “(We are) providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements. As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.

Tapping into open USB-connected devices through non-certified, unverified USB ports is a common practice used by those with malicious intent to steal sensitive information, and install ransomware and other malware. It also poses a threat of damage to a device’s power circuitry, owing to unverified voltage and manufacturer of a charger. The new authentication process will aim to address all of these issues, which will significantly improve the security factor of public charging ports.