[Cryptography] USB 3.0 authentication

Jerry Leichter leichter at lrw.com
Fri Apr 15 22:31:23 EDT 2016 

>> There have been recent press reports about a new spec release by the
>> USB 3.0 standards group for a mechanism to certify USB 3.0 devices
>> and cables have them cryptographically authenticate.
> 
> ...  The PD compliant cables include a chip in the
> connectors that can describe the cable's capabilities to the USB
> ports.  Power sources send protocol messages that describe what
> voltages and currents they can offer; power sinks pick among them.
> The power sources are required to check the cable and not offer
> options that would overload the cable.
> 
> I think that's the authentication that you're talking about.  I am up
> to page 111 and haven't seen any crypto authentication yet; it looks
> like a pretty standard 1-wire protocol with 4b5b coding for framing,
> CRC for error checking, and such.  It operates in the clear as far
> as I have seen -- but I encourage you to check the parts I haven't
> yet read...
All I've seen are press releases, which are of course lacking in any real detail.  Here's one:  http://www.businesswire.com/news/home/20160412005983/en/USB-3.0-Promoter-Group-Defines-Authentication-Protocol

In passing, it says:

	• Products that use the authentication protocol retain control over the security policies to be implemented and enforced
	• Relies on 128-bit security for all cryptographic methods
	• Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation


> PS: USB has gotten pretty flexible; their new small USB C-connector is
> usable at both ends of a cable, and allows the power source/sink and
> and the data master/slave relationships to be swapped, independently,
> by the devices at both ends.  It does data at up to 10 Gbits/sec and
> power at up to 100w.  The connector is also self-symmetric so you can
> plug it in upside down or rightside up.  And there are ways to negotiate
> into other "modes" so you can run other protocols down the same cable,
> the first of which is DisplayPort.  They're getting smarter...
Yes ... and no.  One of the great things about USB was that "U" - Universal.  To some degree, we're losing that.  Yes, a USB 3.1 port might support DisplayPort - or it might not.  In the future, there might be any number of such protocols that it might support - or might not.  There are already proposals for a complex set of symbols near the port to tell you what protocols it supports.  A far cry from the last couple of years when a USB connector pretty much universally supported USB 2.0 - no more and no less (except for the backwards compatible 1.1 and 1.0 modes, of course).

Having the flexibility is great; having the variation and confusion, not so much.

Note that the USB guys started the confusion right out of the gate, with USB 3.0 (good to 5Mb/sec) quickly followed by USB 3.1 (10Mb/sec) and a whole bunch of misunderstandings about what level of support the C connector implied.

                                                        -- Jerry

More information about the cryptography mailing list