As more devices move to USB-C for charging and data needs, it’s also becoming more clear that the tech needs improved security. Today, the USB Implementers Forum is announcing one such change with USB Type-C Authentication.
This new security feature will allow devices to authenticate USB-C connections for legitimacy, both on charging and data connections. Once implemented, the device will instantly verify that a connected USB-C device is indeed legitimate, then blocking or allowing the connection accordingly.
So, for example, consider the benefit when using public charging stations. Currently, this is a security risk—once you connect your device, what happens next is generally out of your control. If the station is compromised, your data could be at risk. With USB-C Authentication, however, the connected device could see that the source is a non-compliant charger and immediately block its access to your device before any data is accessed.
The USB-C Authentication press release goes into more detail, but here are the highlights of the feature:
- A standard protocol for authenticating certified USB Type-C chargers, devices, cables and power sources
- Support for authenticating over either USB data bus or USB Power Delivery communications channels
- Products that use the authentication protocol retain control over the security policies to be implemented and enforced
- Relies on 128-bit security for all cryptographic methods
- Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation
Of course, device manufacturers and operating system developers will need to include support for USB-C Authentication before it offers anything meaningful, and that’s also the biggest downside—this is simply a suggestion at the current time, not a requirement. Hopefully, most manufacturers will see the value in such a system and add it voluntarily.