USB Type-C Authentication

Transcription

1 USB Type-C Authentication Stephanie Wallick Intel USB Developer Days 2017 Taipei, Taiwan October 24 25,

2 USB Type-C Authentication Introduction Architecture Protocol Certificates 2

3 Specification Overview What USB Type-C Authentication Specification does Provides primitives and protocol for one-way authentication Verify vendor and product are what they claim to be Bus-agnostic, but specification provides mapping to USB and USB PD Authenticates USB Devices, USB PD Sources, USB PD Sinks, and USB PD Cables Defines optional normative framework products are not required to support What USB Type-C Authentication Specification does not do Define policy or criteria to accept/reject a product Policy defined by user and/or vendor Not intended to limit interoperability just weed out untrusted devices Provide method/criteria for certificate revocation Define method for telling user that authentication failed Important that implementation adds NO SILENT FAILURES 3

4 Example Use Cases Phone authenticates charger Charger authenticates cable Policy = Warning to user if charger cannot be authenticated Laptop authenticates camera used for biometric login Policy = Limit charge if cable cannot be authenticated Desktop authenticates storage drive Policy = Require alternate login or deny access if camera cannot be authenticated Policy = Reject if drive cannot be authenticated 4

5 Cryptographic methods Specification targets 128-bit security for all cryptographic methods Intent is to use widely available and accepted methods Use Method References Certificate format Digital signing of certificates and authentication messages X.509v3 format with DER-encoding ECDSA using NIST P256, secp256r1 curve ITU X.509 ITU-T X.690 ANSI X9.62 NIST-FIPS Hash algorithm SHA256 NIST-FIPS Random numbers NIST-compliant PRNG source seeded with a 256-bit full entropy value SP800-90A SP800-90B 5

6 Architectural Overview Part 1 Authentication Initiator Product that initiates authentication Typically a USB Host or USB PD Sink Authentication Responder Product that is being authenticated Typically a USB Device, USB PD Source, or USB PD Cable Must be provisioned with at least one certificate chain Each product must have its own unique key Auth Initiator Auth Responder 6

7 Architectural Overview Part 2 Certificate Chains Series of concatenated certificates where: Root certificate is self signed Intermediate and/or Leaf certificates are signed by preceding certificate Used to verify identity and key ownership An Authentication Responder can contain up to 8 certificate chains First 4 chains are for chains rooted with USB-IF root certificate Last 4 chains are vendor specific Digests SHA256 hash of a certificate chain Used to identify/cache certificate chains 7

8 Example Certificate Chain USB-IF Info USB-IF Public Key Signature SHA256 L e n g t h R S V D Header Certificate Chain Vendor Info VID Public Key RootHash Signature Product Info VID PID Subsidiary Info VID ACD XID Public Key Public Key Signature Signature Root 1 st Intermediate 2 nd Intermediate Leaf USB-IF Private Key Vendor Private Key Subsidiary Private Key Product Private Key 8

9 Example Implementation Authentication Initiator Authentication Responder ECDSA SHA256 Cryptography Library Authentication Policy Manager Digest Cache Private Key Secure Storage ECDSA SHA256 Cryptography Library Certificate Chain RNG Authentication Protocol Engine X509 Parser Authentication Protocol Engine PD3.0 Extended Messages PD3.0 Extended Messages USB Type-C Cable 9

10 Authentication Messages Three types of exchanges: Get Digests Returns hash of each certificate chain in Responder Allows Initiator to cache certificate chains Get Certificate Chain Returns segment of certificate chain Request specifies offset and length of read Authentication Challenge Returns signed message with context info Initiator verifies signature to verify authenticity of Responder Exchanges can be performed in any order CAUTION: debugging message signature is difficult, pay close attention to message format 10

11 Authentication over USB PD and USB Data Via USB PD Uses PD 3.0 extended messages Security_Request/Security_Response Source/Cable capabilities and certifications are in certificate PD-specific timeouts and response times for authentication messages Bridge Class device allows USB Host to authenticate a USB PD product Via USB Data Bus Uses standard USB control requests AUTH_IN/AUTH_OUT USB device descriptors are in signed authentication message USB-specific timeouts and response times for Authentication messages 11

12 Certificate Contents Required x509 attributes Distinguished Name Must be unique - recommend using serial number attribute for uniqueness Common Name Contains one of three string formats with USB, VID, PID Once declare a VID or PID in certificate chain, it cannot change Validity Recommend using wide time window to maximize interoperability Spec does not prohibit other x509 attributes/extensions, but USB-IF CA may limit; issue of practicality can t support everything Max cert size = 512B for intermediate or 640B for leaf 12

13 USB-IF Extension (ACD) Required in Leaf Certificates Prohibited in all others ACD = Additional Certificate Data OID = Consists of TLV data structures TLV = formatted product information Contents differ for USB PD Source/Sink/Cable and USB Device ISO/ITU-T Joint OID (2) International Organizations (23) USB-IF (145) Type-C Authentication (1) Reserved (2 n) Extended Key Usage (1) ACD Extension (2) Reserved (3 n) 13

14 Example TLV - Security Description TLV TLV Required for USB PD and USB Security certifications are optional Contact applicable organization for details on how to obtain security certifications Offset Field Size Description 0 Type 1 0x05 (SECURITY_DESCRIPTION) 1 Length 1 6 bytes of data (defined below) 2 FIPS/ISO Identifier 1 Indicates certification for NIST-FIPS or ISO security level. Can either put encoding for security level or indicate no certification. 3 Common Criteria Identifier 2 Bitmap encoding Common Criteria information such as Vulnerability Assessment, EAL Level, Protection Profile Encoding, Development Security, Certificate Maintenance, and Certification Year. 5 Security Analysis Identifier 1 Indicates the level of attack resistance that was established outside FIPS or Common Criteria certification. Measured according to JIL/JHAS ratings. 6 IC Vendor 2 Optionally contains the VID of the IC Vendor. 14

15 USB-IF Certificate Authority Certificate application will be available at Applicant generates own key pair and CSR Application fees TBD Certificate Proxy Vendor can designate 3 rd party to apply for/receive vendor certificate Allows vendor to delegate maintenance of Intermediate CA to supplier/contractor USB-IF issues 1 st Intermediate only no Leaf certificates 15

16 USB PD Firmware Update Stephanie Wallick Intel USB Developer Days 2017 Vancouver BC September 26 27,

17 USB PD Firmware Update Overview Architecture Example Firmware Update Flow Pause/Termination 17

18 Overview Common method to update firmware in a USB PD-capable device Exe: USB Type-C Charger, USB Type-C Alt Mode device Designed to thwart installation of compromised firmware Firmware image includes vendor signature Complements existing USB DFU Class implementations Similar data structures and encodings where possible Uses USB PD 3.0 PDFU extended messages Firmware_Update_Request/Firmware_Update_Response 18

19 Architecture Part 1 PDFU Initiator Starts firmware update process Usually laptop or desktop PDFU Initiator Sink / Source USB Type-C cable PDFU Responder Source / Sink PDFU Responder Receives firmware update Usually PD Sink, Source or Cable Architecture varies depending on how firmware images are stored and accessed See spec for more details PDFU Initiator USB PDFU SOP Responder USB Type-C cable PDFU SOP Responder PD Port Partner PDFU Responder PDFU Initiator Hub USB Type-C cable Source/Sink USB data communication USB PD communications 19

20 Architecture Part 2 PDFU Depot Collection of one or more firmware images Spec defines file naming convention for firmware images in PDFU depot Spec does not define how image is retrieved by responder PDFU File Prefix Used to confirm that firmware image is for PDFU Responder Based on DFU file suffix Prepended to firmware image file in PDFU Depot Removed by PDFU Initiator before transferring to PDFU Responder Firmware Signature All firmware images must be signed - method of signing is up to vendor Recommend: PKCS1 PSS signature format SHA256 (or better) hash RSA key size = 3072 or greater 20

21 Example Block Diagram PDFU PDFU Depot PDFU Depot Depot DevDays_Example AB DevDays_Example AB DevDays_Example AB PDFU PDFU Responder PDFU Responder (Source) Responder (Source) (Source) Image Holding Area Image Holding Area PDFU PDFU Initiator PDFU Initiator (Sink) Initiator (Sink) (Sink) Updateable Application Updateable Image Application Image Bootloader Bootloader User Interface User Interface PDFU Protocol Engine PDFU Protocol Engine PDFU Protocol Engine PDFU Protocol Engine PD3.0 Extended PD3.0 Messages Extended Messages PD3.0 Extended PD3.0 Messages Extended Messages USB Type-C Cable USB Type-C Cable USB Type-C Cable USB Type-C cable 21

22 PDFU Flow Enumeration Acquisition Reconfiguration Transfer Validation Manifestation 22

23 Example Firmware Update Flow PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) PD Explicit Contract established, any data role and power role swaps performed USB Type-C Cable 23

24 Example Firmware Update Flow - Enumeration PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Initiate firmware update GET_FW_ID USB Type-C Request Cable 24

25 Example Firmware Update Flow - Enumeration PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Respond with product info needed for firmware update (HW version, FW version, VID, PID, PDFU capabilities, etc.) GET_FW_ID USB Type-C Response Cable - No Silent Update - Limited functionality during update - Hard Reset needed to finish update 25

26 Example Firmware Update Flow - Acquisition PDFU Depot DevDays_Example AB DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Retrieve appropriate firmware image from PDFU Depot Verify PDFU File Prefix, then remove USB Type-C Cable 26

27 Example Firmware Update Flow - Acquisition PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Alert User that firmware update is available USB Type-C Cable User approves and firmware update continues 27

28 Example Firmware Update Flow - Reconfiguration PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Tell PDFU Responder to prepare for new firmware image PDFU_INITIATE USB Type-C Request Cable 28

29 Example Firmware Update Flow - Reconfiguration PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Responder requires 200ms to prepare for firmware update and indicates in WaitTime field in PDFU_Initiate Response PDFU_INITIATE Response USB Type-C Cable (WaitTime = 20) 29

30 Example Firmware Update Flow - Reconfiguration PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Wait 200ms, then send second PDFU_INITIATE Request PDFU_INITIATE USB Type-C Request Cable 30

31 Example Firmware Update Flow - Reconfiguration PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) After 200ms, PDFU Responder is ready to receive firmware update PDFU_INITIATE Response USB Type-C Cable (WaitTime = 0) 31

32 Example Firmware Update Flow - Transfer PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Break firmware image into 258B blocks and send first block PDFU_DATA USB Type-C Request Cable (258B) 32

33 Example Firmware Update Flow - Reconfiguration PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Responder has the receive buffer space for 4 additional blocks PDFU_DATA Response USB Type-C (NumDataNR Cable = 4) 33

34 Example Firmware Update Flow - Transfer PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Send 3 PDFU_DATA_NR Requests with 258B each, followed by a PDFU_DATA Request with 108B PDFU_DATA_NR Request (258B) USB Type-C Cable PDFU_DATA_NR Request (258B) PDFU_DATA_NR Request (258B) PDFU_DATA_ Request (108B) 34

35 Example Firmware Update Flow - Reconfiguration PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Only PDFU_DATA Request gets a response PDFU_DATA USB Type-C Response Cable 35

36 Example Firmware Update Flow - Validation PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Tell PDFU Responder to validate new firmware image USB Type-C Cable PDFU_VALIDATE Request 36

37 Example Firmware Update Flow - Validation PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Validate firmware image, then send PDFU_VALIDATE Response PDFU_VALIDATE USB Type-C Cable Response 37

38 Example Firmware Update Flow - Manifestation PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Tell user that firmware image transfer was successful and that reset needed USB Type-C Cable 38

39 Example Firmware Update Flow - Manifestation PDFU Depot DevDays_Example AB PDFU Responder (Source) PDFU Initiator (Sink) Switch to new firmware image, firmware update is complete! Hard Reset USB Type-C Cable 39

40 Firmware Update Pause/Termination Pause PDFU Initiator can pause update mid-transfer Pause before firmware image transfer starts or after completes is prohibited PDFU_PAUSE Request initiates pause PDFU Responder can accept or reject pause PDFU Initiator resumes update by sending PDFU_DATA Request Or can terminate without resuming PD Contract negotiations and role swaps still prohibited while paused If need to renegotiate, must terminate firmware update Termination PDFU Initiator can terminate at any time by sending PDFU_ABORT Request PDFU Responder can terminate by setting WaitTime = 255 or Status > 0 If Silent Update prohibited, must notify User of termination/error Otherwise, User notification is optional Reset/disconnect terminates firmware update Disconnect from Responder Loss of power 40

41 Q&A 41

42 Backup Sample Certificate Example Digests Read Example Certificate Read Example Authentication Challenge 42

43 Sample Certificate (PD Source) ACD 43

44 Example Digests Read Authentication Initiator Authentication Responder Authentication Policy Manager decides to authenticate newly connected power supply GET_DIGESTS Request 44

45 Example Digests Read Authentication Initiator Authentication Responder Return digests for all certificate chains. DIGESTS Response 45

46 Example Digests Read Authentication Initiator Authentication Responder Parse DIGEST Response Look for digest match in digest cache Policy Manager chooses certificate chain to use for authentication 46

47 Example Certificate Read Authentication Initiator Authentication Responder Read first 36 bytes of certificate chain to get chain length and root hash GET_CERTIFICATE Request (Offset = 0; length = 36) 47

48 Example Certificate Read Authentication Initiator Authentication Responder Verify that length and offset are valid Return requested segment of chain CERTIFICATE Response (36B) 48

49 Example Certificate Read Authentication Initiator Authentication Responder Certificate chain length = 656 bytes (obtained from 1 st 2 bytes of chain) Get certificate chain in 256-byte segments GET_CERTIFICATE Request (offset = 36; length = 256) 49

50 Example Certificate Read Authentication Initiator Authentication Responder Verify that length and offset are valid Return requested segment of chain CERTIFICATE Response (256B) 50

51 Example Certificate Read Authentication Initiator Authentication Responder Certificate chain length = 656 bytes (obtained from 1 st 2 bytes of chain) Get certificate chain in 256-byte segments GET_CERTIFICATE Request (offset = 292; length = 256) 51

52 Example Certificate Read Authentication Initiator Authentication Responder Verify that length and offset are valid Return requested segment of chain CERTIFICATE Response (256B) 52

53 Example Certificate Read Authentication Initiator Authentication Responder Certificate chain length = 656 bytes (obtained from 1 st 2 bytes of chain) Get certificate chain in 256-byte segments GET_CERTIFICATE Request (offset = 548; length = 108) 53

54 Example Certificate Read Authentication Initiator Authentication Responder Verify that length and offset are valid Return requested segment of chain CERTIFICATE Response (108B) 54

55 Example Certificate Read Authentication Initiator Authentication Responder Verify certificate chain 55

56 Example Authentication Handshake Authentication Initiator Authentication Responder Certificate chain is valid, initiate authentication handshake CHALLENGE Request 56

57 Example Authentication Handshake Authentication Initiator Authentication Responder Generate and sign message contents CHALLENGE_AUTH Response 57

58 Example Authentication Handshake Authentication Initiator Authentication Responder Verify CHALLENGE_AUTH signature Source is trusted, so can increase power consumption 58