[Cryptography] USB 3.0 authentication
Jerry Leichter
leichter at lrw.com
Fri Apr 29 21:02:24 EDT 2016
> This spec is the first part. It's addressing the authenticity of PD (power
> delivery) devices by checking that they have been provisioned with certs
> under a root controlled by the certification body. These devices may not
> have USB data capability....
How do you protect the embedded cert against physical attacks? These are pretty low-end devices - I don't see it being possible to have really high-grade protection. And the guys who want to build fake devices will have access to chip-level debugging stuff.
It only takes one weak implementation to expose a certificate and the whole system collapses. I'm guessing the fallback is legal protection. But if you really think that's a useable fallback, you can just use the law from the get-go: Valid devices deliver some particular piece of copyrightable text, along with a trademarked image just for good measure.
-- Jerry
More information about the cryptography
mailing list