1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News USB Type-C to get cryptographic authentication

Discussion in 'Article Discussion' started by Gareth Halfacree, 13 Apr 2016.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
  2. B1GBUD

    B1GBUD ¯\_(ツ)_/¯ Accidentally Funny

    Joined:
    29 May 2008
    Posts:
    3,557
    Likes Received:
    558
    Get ready to pay £30 + for a cable then!
     
  3. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    15,401
    Likes Received:
    2,996
    Tbh I read 'aims to lock out bad cables' as 'aims to lock out cheap cables' too...

    Yes there are shoddy cables out there, but this just seems like it'll bump prices for no appreciable benefit as there will still be shoddy cables out there...
     
  4. SAimNE

    SAimNE What's a Dremel?

    Joined:
    23 Oct 2012
    Posts:
    122
    Likes Received:
    0
    so long as the don't go crazy with the price bumps, and any cable, no matter it's cost, can get the certification if it meets the standards, i'm all for this. buying cheap cables takes too much effort currently if you care at all about the overall battery lifespan on your device, this would at least give a way to quickly determine if it's a viable option or not.
     
  5. ZeDestructor

    ZeDestructor Minimodder

    Joined:
    24 Feb 2010
    Posts:
    226
    Likes Received:
    4
    Well, to be fair to them, they did try the nice free market approach.. then some ****ing ***** decided to abuse it hard enough actual fire hazards cropped up. And thus, we have this solution to it. The objective is pretty simple: make it so expensive to engineer a shitty cable that they may as well just make decent cables instead.
     
  6. Shangri-La

    Shangri-La What's a Dremel?

    Joined:
    13 Jul 2009
    Posts:
    39
    Likes Received:
    0
    Pardon me for being an idiot but will existing devices be able to authenticate the cables or just hardware produced after the standard is implemented.
     
  7. ZeDestructor

    ZeDestructor Minimodder

    Joined:
    24 Feb 2010
    Posts:
    226
    Likes Received:
    4
    I'm not sure.. I'll try and get back after I've read the USB-IF spec.
     
  8. ZERO <ibis>

    ZERO <ibis> Minimodder

    Joined:
    22 Feb 2005
    Posts:
    454
    Likes Received:
    8
    sounds like once this is implemented you will need to buy all new cables and **** for stuff to work. Sounds like this is going to really piss off and confuse even more customers. Why is my **** not working it used to work fine? People will be pissed when this hits the market.

    There should just be a certification, if you buy certified cables and are safe good for you and if you buy the cheep **** and you get lucky and it does not fry your **** then great.
     
  9. TimB

    TimB What's a Dremel?

    Joined:
    19 Sep 2006
    Posts:
    43
    Likes Received:
    0
    Would have to buy new things anyway, USB Type-C uses entirely different connectors from previous versions of USB
     
  10. jb0

    jb0 Minimodder

    Joined:
    8 Apr 2012
    Posts:
    555
    Likes Received:
    93
    So... this works for six months, then China clones the chips and it stops being any sort of deterrent. Good plan, USB-IF, you are now blatantly copying Apple and you can copy their endgame too!
     
  11. Alecto

    Alecto Minimodder

    Joined:
    20 Apr 2012
    Posts:
    134
    Likes Received:
    1
    USB exists for 20 years now and this has only become an issue with USB C type cables?

    They should be fixing the endpoints (chipset), not adding Appleish "features" to the cables themselves.

    MONEYGRAB ...
     
  12. ZeDestructor

    ZeDestructor Minimodder

    Joined:
    24 Feb 2010
    Posts:
    226
    Likes Received:
    4
    Finally got round to reading the spec in question.

    The long and short of it is that cables without a chip will be treated as a legacy cable, detected via simple timeout of the auth request. How the various devices work from there will vary, but odds are that most devices will simply go down to base USB Type-C spec meaning 10Gbit/s transfer over 4 lane, 5V×1.5A power.

    Yes, it does mean that a cheap cable without auth will very likely be unable to charge your USB-C laptop, but it's much less of an issue for something lower power, like your phone.

    One side benefit that auth allows is being able to limit USB devices connected to a host by simply adding your own certificate to said USB devices and cables. Great for IT in places like banks and such where the current choices are either disabling the USB ports completely, or dealing with the inevitable fallout of someone using an unauthorised, unencrypted USB device and walking out with confidential data.. and then losing the damn thing.


    With USB type A and type B cabling, the max voltage and current were set at 5V and 0.5A (0.9A for USB 3.0/3.1 Gen1). At those levels, the absolute worse that would happen were a melty cable (in theory at least....).

    With Type-C power delivery specs (max of 5A at 20V), the worst that happen is now sparking and setting fire to things. Simply, the risks associated with a dodgy cable are much greater now.

    Now, we could of course have the controllers implement a battery of tests of every device, but overall that comes out a lot more expensive than just adding a 5c chip to every cable.

    As I said in my comment earlier: you can thank half-assed chinese morons who didn't bother reading the ****ing spec in the first place and shoveled dangerous **** onto the market.

    Not that much of an issue I think:

    1. By the time you clone the chip, you've put in enough effort to make a decent cable in the first place
    2. Even with a cloned chip, it means little, since you still need to put the certificate on said chip. Since the system uses a very TLS-like public-key certificate-based authentication system, you can simply revoke keys that have been leaked, and recall legit cables in for a reflash.
     
  13. Xlog

    Xlog Minimodder

    Joined:
    16 Dec 2006
    Posts:
    714
    Likes Received:
    80
    There was always a problem with dodgy USB cables, only previously it wasn't such a big problem, because it operated at relatively low frequencies. The main problem with USB2 was current capacity of cable - majority of cables use way thinner power conductors than the spec dictates. Was ok for data transfer, not so much then the device was powered from USB.
    With USB3s increased current, voltage (remember, you can push 100W over the cable) and highly increased frequencies this will be even more of a problem.
    And lets not even start on dodgy or right out dangerous chargers.

    How exactly should they "fix" endpoints? Making them more robust would only encourage manufacturers to make even more out-of-spec cables.

    Also, authentication of peripherals was a real problem, with USB becoming "jack of all things" this feature is understandable.

    Is this the best solution? Probably not, but there is no easy/cheap solution for this problem.

    p.s. ZeDestructor beat me to it


    Imo, wont matter, chineese will clone stuff regardless. Noone is going to recall compromised cables - it will be too expensive and a logistics nightmare and, as "FTDI-gates" has shown, it will create a lot of bad press. Also, any "reprogrammable" ID chip will be
    a) less secure
    b) more expensive
    than ROM based. So if they do revoke certs the most likely scenario is that they will send you a replacement cable. But this will create s*** ton of ewaste, so governments wont be thrilled about it.
     
    Last edited: 14 Apr 2016
  14. Pilgrim72

    Pilgrim72 What's a Dremel?

    Joined:
    13 Apr 2010
    Posts:
    30
    Likes Received:
    1
    I used to work for one of the offending suppliers of the faultily manufactured USB C cables reviewed by Benson. I remember spending the best part of two months trying to get the MD and Commercial Director to pull the cables and get them resolved as soon as I found out they had spec'd incorrect units. I had two big troubles, firstly, despite being the heads of a tech firm, neither of them had any idea how USB works or the faintest idea what the USB standards were, and even when I managed to drive that home, claimed that as long as they didnt state in the product description that their cable would work with a particular gadget, that they would be protected from accusations their cables were faulty. Shocking behaviour. Of course their product line bombed and they lost a lot of money over it.

    I left there very soon after and now have a successful work elsewhere, where the owners know what business they're in.
     
  15. Wwhat

    Wwhat Minimodder

    Joined:
    2 Oct 2005
    Posts:
    263
    Likes Received:
    1
    I'm just glad that they are slowly taking away USB from the filthy 99%, it's outrageous that the 1% has to use the same interface as commoners. And it was OK when you could use the exclusive lightning port on your apple laptop, but when apple started to use USB-C it became so that you just felt dirty using a port that commoners also use.
     
  16. Krazeh

    Krazeh Minimodder

    Joined:
    12 Aug 2003
    Posts:
    2,124
    Likes Received:
    56


    What?
     
  17. Wwhat

    Wwhat Minimodder

    Joined:
    2 Oct 2005
    Posts:
    263
    Likes Received:
    1
    There are a few comment theorizing about how they might bypass it to make cheap cables, but I think we forget that the motherboards are made in asia too, and they know the market, and I suspect they will simply put a option in the BIOS to disable the proposed encryption on the motherboard side so you can use any cable.
    At least I would hope so, because unless the encryption/certification gets much cheaper I don't think it's doable for a large part of the world to start paying a lot for simple cables.
    Don't forget that apart from the less well-off in the western countries the larger part of the world is simply pretty poor overall, from asia, with billions of people, to south america to africa, it's just not a world full of well-paid people.
     
  18. jb0

    jb0 Minimodder

    Joined:
    8 Apr 2012
    Posts:
    555
    Likes Received:
    93
    Darn right! The filthy plebes need to get back on RS232 where they belong!
     
  19. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
    Hey. HEY. Don't you be trash-talking no RS232, foo. Serial fo' lyfe, yo.
     
  20. ZeDestructor

    ZeDestructor Minimodder

    Joined:
    24 Feb 2010
    Posts:
    226
    Likes Received:
    4
    I'm not so sure. By the looks of it, it's done on both ends, meaning that you need both sides to ignore it. Based on what the spec says, it also looks to be OS-enforced, not firmware-enforced, since it has a full PK infrastructure setup for custom key installation and authentication.

    As I said up, for the most part it changes little: data will move through super-fast just fine, as will low-voltage power. It's basically only laptops that will feel the effects, since those are actually fairly high-power devices. Since laptops, phones and tablets are devices that are portable and internationally-used, I think the EC and FCC (and your regional equivalent) would be putting pressure that all devices implement it properly.

    Please, it's all about the UART nowadays
     

Share This Page