Dr. Dobb's is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Channels ▼
RSS

Mobile

Testing Security and Association for Certified Wireless USB


After several false starts, early adopters in Ultra-wideband RF technology arena are now sampling chipsets that have passed the WiMedia Platform Certification tests. This has generated a growing interest in the test requirements for Wireless USB. Both PC peripheral developers and mainstream consumer electronics vendors are actively engaging "first look" device teams in the integration WiMedia based wireless devices.

The developers of Wireless USB have strived to maintain the same usage and architecture as wired USB with a high-speed host-to-device connection. However, the increased attention to security issues has compelled the USB-IF to mandate comprehensive authentication and security support within the MAC layer of the wireless USB protocol. These requirements are defined in the Certified Wireless USB Association Model Specification v1.0 and govern how devices will discover and establish secure connections.

Association vs. security
The terms "association" and "security" are separate but related concepts in wireless USB.

Association is the process of establishing a trusted relationship between two wireless devices. This is a one-time event that requires user involvement to ensure devices are authorized to communicate, and is designed to prevent unauthorized or accidental connections between two unrelated devices. Security refers to the encryption mechanism used for protection of data in transit (AES 128).

Click here for Figure 1
Figure 1: In Wireless USB, the payload portion of the frame will be encrypted, which will prevent radio-based analyzers from decoding the "scrambled" USB traffic.

Complete security encryption keys are a combination of a predetermined connection key established during the association process and a second temporary "session key" which is generated between devices using a 4-way handshake that occurs every time two devices establish a connection.

With most early prototype chipsets, encryption can be disabled to allow analysis tools to record protocol traffic unencumbered by scrambled data packets. However all wireless USB logical transfers must be encrypted once pre-production devices undergo certification testing by the USB-IF.

The ability to decode the protocol events requires that the analysis tools can decrypt the traffic to identify the logical USB transfers. Conventional protocol analyzer tools must be pre-configured with the encryption key or the system will be unable to trigger in real-time or display the logical USB protocol events.

The association process
In an environment where there may be many Wireless USB hosts and many Wireless USB devices belonging to multiple users, there is a need to identify which devices are allowed to communicate with each other.

When two Wireless Wireless USB devices are brought together for the first time, they must identify themselves and the user must verify they are authorized to communicate. If there is no record that they have previously been authorized, they must perform a first-time association. The Certified Wireless USB spec defines two methods of establishing this trusted relationship: cable association and numeric association.

Cable Association
With the cable association model, users must associate a host to a device by physically connecting the two devices together with a standard USB cable. The two devices then exchange a unique 384-bit identifier over the USB cable that is known as the "connection context."

Click here for Figure 2
Figure 2: Wireless USB requires a one-time association to occur between host and device to establish the connection context. All subsequent communications automatically derive a session key from the shared communication context and use this key for encrypted communication.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.