[Cryptography] USB 3.0 authentication: market power and DRM?

[Henry Baker]

At 09:25 AM 5/4/2016, Arnold Reinhold wrote:
>Authentication chips in every computer cable is disaster in the making.
>
>It's an opportunity for cyber-sabotage on a grand scale too good for major powers to pass up.
>
>A small fraction of cables in service containing a chip that can be triggered remotely to fail or to load malware could wreak havoc on a modern economy.
>
>Where will the cable chips be made and who will control the final masks?
>
>The master private signing key owned by the USB tImplementers Forum will be an incredibly valuable target, on the order of an NSA core secret.
>
>There is no way a trade association will spend the kind of money needed to secure this asset, not will they have the layers of legal and other protections that the NSA enjoys (security clearances, long prison terms for leaks, threat of covert action, etc).
>
>What are the penalties these days for leaking a corporate trade secret?
>
>That's assuming the leaker is caught; a few thousand bits passed to a contact or overnight access to an HSM in exchange for a suitcase of cash or freedom for a relative in the old country and no one is the wiser.
>
>And if the USB-IF does discover a leak, what can they do about it?
>
>It may be time to stock up on computers that can be powered by a pair of wires and can talk over chip-free copper cables.
>
>They are the only ones that should be used for critical infrastructure.
>
>Madness, irresponsible madness.
>
>Arnold Reinhold

This horse left the barn with USB.  Hacked USB HID devices can cause PC's to download malware from the Internet, or infect them directly.  Check out NSA TAO's playset (Thanks, Ed Snowden).  The only "non-smart"/non-hacked HW protocol left is a UART.