[Cryptography] USB 3.0 authentication: market power and DRM?
David Johnston
dj at deadhat.com
Sun May 1 13:56:47 EDT 2016
On 5/1/16 8:41 AM, Kevin W. Wall wrote:
> Is perhaps the (alleged) reason for the authentication to prevent
> altered chargers
> from delivering malware, as was described at Blackhat USA 2013? E.g.,
> see <https://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-WP.pdf>.
>
> Just a at thought. If nothing else, this might be the pretense of requiring
> authentication even though it indeed might not be the true motives.
>
> -kevin
The basic mechanisms are already deployed in proprietary ways. The USB
PD authentication spec is just a standardization of existing practice -
which I'm told works just fine at limiting counterfeit chargers.
The spec is not a copy and paste of any existing protocol though. It's a
clean sheet design by members of the USB-IF.
The PD auth spec is not fit for purpose for preventing the delivering of
malware, except in specific cases that an enterprising malware
distributor would just work around by using the USB data wires instead
of the PD wires.
The malware threat is principally on the USB data wires, both by
exploiting vulnerabilities in known drivers ("Hi I'm an xyz-corp mouse,
load my Swiss cheese driver") and exploiting overly trusting operating
systems. That is for the other, as yet unwritten, spec which would do
the auth before a driver is loaded and would enable different
certification models (think corporate CA provisioning devices received
through a secure supply chain).
There are plenty of motives for a USB security spec without inventing
hypothetical ones. Car park flash attacks, BadUSB, MITM loggers and
other USB vectors all provide the motivation for a security spec on the
data wires, but that simply isn't done yet.
On PD it is entirely possible to make a device that lies and cause more
volts or amps to be presented or pulled respectively than it compatible
with the continues functioning of the device. This happens today with
resistors on Type-C connectors, but with the PD protocol that
negotiation is done with a protocol.
The other thing the PD auth spec does is provide a means to see that
specific electrical certifications (UL, EC etc) have been attested to
and who is doing the attesting. Also to see that specific USB
certifications have been granted.
So the 'hidden' motive you suggest is not a motive for this spec, but it
is a motive for the second part. As with any standards development, this
can change until the final draft is approved.
More information about the cryptography
mailing list