[Cryptography] USB 3.0 authentication

[Jerry Leichter]

>> How do you protect the embedded cert against physical attacks?  These are
>> pretty low-end devices - I don't see it being possible to have really
>> high-grade protection.
> It seems that many of the silicon vendors who supply USB interface chips
> are also in the business of smart card, identity card and payment card
> businesses. So it's possible that they are competent at hiding secrets in
> a chip.
> 
> I think the major defense is having the cost of the attack be more
> expensive than buying the authentic goods. The PD authentication protocol
> is aimed at cheap devices, so that may be the case.
The guys who would need to break into the chips are not the ultimate purchasers - they are the manufacturers who want to sell "USB 3.0" parts without getting certified.  You get into that business if you expect to parts in the hundreds of thousands - probably more.  The savings on that can cover a lot of attacks.

You can compare the situation to Apple Lightning cables.  Apple has some kind of authentication chip in there, and different devices with different versions of software are (pretty much randomly) more or less accepting of counterfeit cables.  Nevertheless, a market in knock-off cables continues to exist.

> There is also the possibility of revoking intermediate certs, also I'm a
> big sceptic on cert revocation.
That's really a non-starter.  Revoke a certificate and you've suddenly bricked some number of devices - many of them legitimate - that a moment ago worked just fine.  Do that *once* and watch your market fall apart.

The Blu Ray standards have fairly a sophisticated revocation mechanism which was supposed to have all kinds of great properties, but in the end it hasn't delivered.

                                                        -- Jerry