Authentication Protocol for USB Type-C unveiled, bad chargers begone

Published by at

The days when a charging cable was 'just a wire' are long gone, it seems. With USB Type C catching on fast in terms of 2016 phone releases (plus last year's Lumia 950 range and the two Nexus devices from Google), there is a perceived need for a little more quality control than normal, given the amount of current/power that can be transported. And rightly so, no one wants their smartphone turned into a smoking heap of wires and plastic. 

From the press release from the USB 3.0 Promoter Group (HP, Intel, Microsoft, TI and many others):

The USB 3.0 Promoter Group today announced the USB Type-C™ Authentication specification, defining cryptographic-based authentication for USB Type-C™ chargers and devices. Using this protocol, host systems can confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors/capabilities and certification status. All of this happens right at the moment a wired connection is made – before inappropriate power or data can be transferred.

USB Type-C™ Authentication empowers host systems to protect against non-compliant USB Chargers and to mitigate risks from maliciously embedded hardware or software in USB devices attempting to exploit a USB connection. For a traveler concerned about charging their phone at a public terminal, their phone can implement a policy only allowing charge from certified USB chargers. A company, tasked with protecting corporate assets, can set a policy in its PCs granting access only to verified USB storage devices.

Key characteristics of the USB Type-C™ Authentication solution include:

  • A standard protocol for authenticating certified USB Type-C™ Chargers, devices, cables and power sources
  • Support for authenticating over either USB data bus or USB Power Delivery communications channels
  • Products that use the authentication protocol retain control over the security policies to be implemented and enforced
  • Relies on 128-bit security for all cryptographic methods
  • Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation

"With its long experience and success in embedded-device security, STMicroelectronics, a USB-IF Board member and Promoter, knows how important authentication, validation, and protection is to the success and fast adoption of USB Type-C," said Joel Huloux, Director Standards & Industry Alliances at STMicroelectronics. "Consumers and the entire industry can rest assured knowing strong authentication for USB Type-C is the key security pillar of this specification.”

In short, chargers and phones, connected via USB Type C, will have a short negotiation on 'Power Delivery' before charging starts. A little like the handshaking that goes on when using Qi wireless charging - the two ends work out what the device needs and what can be delivered and then everything's kept safe. So, in the case where someone's got a dodgy no-name Type C charger from China, the idea is that this wouldn't supply the right cryptographic authentication to a smartphone and so charging wouldn't happen, or perhaps only at trickle charge levels.

Type C

The Choetech cables are sturdy and compliant, the image here is just for illustration - what matters are the smarts (or otherwise) in the chargers these cables plug into!

Of course, this is all in theory and a few years down the line, plus there are many use cases where the waters are muddied. For example, using an older USB Type A mains charger with a Type A to Type C cable, or using a microUSB to Type C adapter, to pick just two examples from my own desk as data points. 

The point is that the future should be safer though, even when pulling down power to quick charge our smartphones at a full 3A. At 5V, that's 15W of power or potential heat and we wouldn't want that getting routed badly, would we?

Source / Credit: Business Wire