[Cryptography] USB 3.0 authentication: market power and DRM?

[Pete]

> Let's suppose that an expensive phone does USB3 authentication of its
> putative power source and decides that the authentication FAILS.  Oh
> my god, it's been attached to a "counterfeit" charger or a "defective"
> cable!  How does it protect itself?

If authentication fails, the phone can choose not to charge at the maximum
rate. Current draw is totally within the control of the phone's internal
battery charging circuitry. Lower current, less chance of fire.

The charger presents its power capabilities via USB-PD, it's up to the
phone to select which one it wants to use.

> It seems to me that a counterfeit charger could short 110V down
> the USB3 cable, with or without authentication.  What protects
> the phone from that?

Right, no amount of magic crypto will protect a device from this. And a USB
cable with VBUS/GND swapped is usually enough to fry a laptop[1].

> It is well understood in the consumer electronics industry how to use
> authentication requirements to exert market power.
[snip]
> My initial suspicion is that THIS is what the USB3 "authentication"
> spec is for.

You're right to be suspicious, and I imagine there's some truth in this.

But as you say, these companies are already using their own proprietary
charger authentication protocols. This spec is at least providing a common
protocol to allow different vendors' products to authenticate, if they wish
to do so.

[1] https://plus.google.com/+BensonLeung/posts/EBGMagC46fN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160502/fa7a2388/attachment.html>