Alternative keyboard protocol/interface (besides USB and PS/2)

[Proto]

Hello everyone:

Do you know of any alternative keyboard connector interfaces besides USB and PS/2? Have you heard of any efforts to create one?

I'm most interested in contemporary or new efforts, not things that historically preceded PS/2 like the AT interface.

What about alternative protocols? I've been fascinated lately by SpaceWire and the related IEEE 1355 standard, which is billed as "low cost and low latency" and seems quite a bit more modern than PS/2. I wonder if anyone has looked at using them for something as simple as keyboards.

I realize that a new interface and protocol would be hard to introduce into the marketplace at this point. I'm just wondering if anyone has thought this through and proposed anything. Even though the benefits would be marginal to most users, I think it would be worth developing a dedicated, simple, and well-engineered keyboard protocol and interface. The keyboard is the primary and universal interface for desktop computers, of which there are more than a billion, so I'm surprised that we don't have a dedicated, modern, secure standard. In some environments, USB ports are undesirable for security reasons. Having keyboards depend on a multipurpose port that opens up a lot of attack surface and complexity is a bad idea. PS/2 is clunky and apparently leaks more electromagnetic radiation than USB – enough to enable researchers to recover almost all keystrokes from 20 meters away.

To clarify what I think the benefits of a new standard would be, my wishlist is:

• - small, reversible connector, in the same ballpark as Apple's Lightning or USB Type-C
  - much more secure than USB, with extremely limited scope of messaging, basically no non-keyboard features
  - simple and cheap (don't need 12 pins like Type-C, probably just four or so, and much simpler hardware/software implementation)
  - deterministic and guaranteed latencies (there's remarkably little data on USB keyboard and mouse latencies, and it's not clear how much variance there is out there) – keyboard latency seems like a trivial issue, and I'd prefer that it be cleanly solved and documented (relatedly, I think it would be great to have the GUI of an OS be a real-time operating system, with guaranteed latencies of well below a second for pretty much every user action)
  - massively reduced EM signature/leakage -- ideally it really should be pure optical
  - NKRO

I'd love to see electrically inert fully optical keyboards, where light is sent by the PC to the keyboard via plastic optical fibers, and in the keyboard the light passes through the keyswitch mechanisms, and each key press has a distinctive effect on that light, which is returned to a simple sensor back in the PC. There are lots of ways to approach that basic scenario, and lots of old patents on that from the 1960s, 70s, and 80s. (Here's a good example patent.) There doesn't seem to be a good reason to depend on electronics and generate EM just to implement a keyboard. An optical board would have zero electric or electronic components – it would just be a mass of metal or plastic – and would crush any latency variance or complexity, at least on the keyboard itself.

It would also be cool if we could do more to prove that an input or data came from a physical key press on an attached keyboard, i.e. user action. A modern OS should really draw a much clearer distinction between physical user actions/authorizations and everything else. I don't like the way OSes lump both applications and humans together as "users", and fail to distinguish physical actions. USB opens up a lot of opportunities for a device to lie about what it is, to transfer a lot of complex data unbeknownst to the user, etc. It seems easier to prove the physicality and liveness of an input with optical than with electronics, but I'm sure this issue could be solved with electronic devices too.

Anyway, I'm interested in any work or proposals you know of.

[Findecanor]

The good thing with USB HID protocol is that it is so versatile. As a hardware designer you are not limited to making an input device be just a keyboard. It could also be a game controller, a mouse and have all sorts of dials, sliders and switches for all sorts of things. USB allows a physical device to also be multiple virtual devices at once (called "interfaces"), for instance a clavier, a finger-print reader and a DAC for your headphones etc. Keyboards with programmable backlighting often have an additional interface for talking with the backlighting software on the host.
The Kinesis Advantage2 even has a disk interface which allows you to copy and change layouts, and upgrade the firmware using any file manager. You can't do all this on any other interface. Other interfaces are also not hot-swappable.

The bad thing with the USB HID protocol is that versatility implies complexity ... which increases the likelihood for bugs.
Unfortunately, there are (have been) some bugs in both MacOS, Windows, Linux and BIOSes and some other subtle limitations in how they work that make them not work 100% all the time. It is only because of those bugs that NKRO over USB has been such a challenge.
DIfferent OS:es also have support only for selected features in the USB HID specification and not the whole thing and sometimes interpret things differently - or in their own way.

I see the security issues with USB as a software problem. USB is a host-controlled protocol which needs to activate each logical interface explicitly. If you want a locked-down USB port that could handle keyboards only then that should be possible .. in theory. It might also be possible to make a device that acts like a firewall for USB if you would want one.
Latency over USB is a question of polling rate: Because the bus can be shared with other devices on a hub, the host may poll a device less often if another device needs its attention. A device could also tell the host that it does not need to be polled that often.

I agree that USB should have had a simple reversible connector from the start. Apple's Lightning is physically very nice but it is silly in that it uses electronics in the cable to be reversible (and for audio) - otherwise it is practically simple USB 2.0.
USB Type C is just too complex and have too many wires that are unused for the HID protocol.

I don't think that there should be a completely new "standard" but that there could be a new keyboard protocol over USB. Keyboards with analogue key sensing are coming and maybe the best way would be to make a separate protocol just for that, with a tighter specification that would provide less room for different interpretations and different errors.

[Proto]

I've always found polling strange for a keyboard protocol. Have you seen the changes in USB 3.0? I think it offers an event-driven or interrupt model.

Locked-down USB via software is possible in theory, but I think we have plenty of experience at this point that software solutions that are possible in theory are almost never actualized in any sort of reliable way. In a world where OSes are built with C, C++, and assembly, I just think we should stop pretending that security can be delivered via software.

I'm a big advocate of simple physical security solutions over software (or in addition to software). For example, every laptop and desktop should come with a simple slider to cover the webcam and microphones. Relying on a software-controlled indicator light to know when someone has hacked your webcam is just ridiculous. On any computer, wi-fi and Bluetooth should be air-gappable with a physical switch that creates a true physical airgap between those cards and the rest of the system. And a keyboard port should be physically incapable of being anything else.

Since every computer needs a keyboard, it never made sense to me that moving keyboards to the same port we use for printers, flash drives, cameras, lamps, external hard drives, etc. was really buying us much in terms of part cost or ease of implementation. A port that every computer would need to have scales pretty well on the manufacturing side, especially if it's dead simple because it only supports keyboards. I also wonder about the way USB buses are linked to CPUs via PCIe, and whether we could somehow skip that and do something more direct. I've read a bit about RapidIO and how it's supposed to be simpler and lower latency than PCIe. The latency gains won't matter for keyboards, but if it's simpler it might be interesting.

I just discovered there is one other port and possible protocol: Apple's Smart Connector on the iPad Pro. It's magnetic, with three contacts. I wonder what the details are there. It's mostly used for keyboards. Lightning is the most perfect connector implementation I've ever seen in terms of size and simplicity – they nailed it. A connector that is a solid monolithic insert seems better than the hollowed out-with-tongue format of USB-C. I know people say that it's better to have the springs on the connector rather than inside the port, for ease of replacement for failed parts, but I think that argument depends on how common failure is.

[Findecanor]

I've always found polling strange for a keyboard protocol. Have you seen the changes in USB 3.0? I think it offers an event-driven or interrupt model.

I have not looked at USB 3.0, but ... actually the polling that is used by the USB HID protocol is called "interrupt" in USB terminology, which could be a bit confusing.

But I don't think that faster than 1 ms latency is that important, really.
There are many game controllers for major games consoles that use Bluetooth. Those have much more latency than 1 ms, but I have not heard anybody complain about their wireless controllers being too slow.

In a world where OSes are built with C, C++, and assembly, I just think we should stop pretending that security can be delivered via software.

There is no such a thing as a safe programming language.

[ArtoriasEdgeworth]

I remember a person on the forum using a version of Apple's charging cable to create a hot-pluggable number pad add-on to his 75% keyboard. It magnetically latches and shouldn't emit any radiation. Maybe the IEEE 1394 (FireWire) four pin port could be useful for a custom keyboard port? There are nearly no peripherals that use it. I think it has a faster Baud than most USB, as well. I think it does go through PCIe, however. I don't know about the EMR that it outputs, but I'll do a little bit more research.

[Daniel Beardsmore]

As I noted in another topic, I really appreciate how the Macintosh II approached ports: one type of port for plugging in slow things, and another type for plugging in fast things. (With serial being a notable exception of course!)

I am happy to make an exception for displays in the era of the Macintosh II, since anyone who really wanted more than one display—which it was designed to handle—would surely be rare enough of case as to justify fitting an adapter card. But now, it's all too easy to wrestle with incompatibilities: your PC might have DisplayPort and HDMI and your displays might come with VGA and DVI! We now have at least four separate sockets for PC displays (DisplayPort, HDMI, DVI and VGA) along with various Apple connectors, and even when you buy an adapter (e.g. HDMI to DisplayPort) you can end up with one that converts in the wrong direction (especially if the wrong type is the only type you seem to be able to buy).

One of my favourite expressions is, of course: the great thing about standards is that there are so many of them to choose from.

Do we really need to pollute this already festering mess with yet another standard and yet another connector? It's painful enough trying to plug in a monitor — do we really need plugging in a keyboard to go down the same route?

What you have to remember is the belief in creating an industry standard is an arrogant one. If you need a secure protocol, then at the very least it should be USB-based, perhaps with a DIP switch to toggle the controller between standard mode (with red status LEDs) and secure mode (with green status LEDs, except that this won't help anyone who's colourblind!)

[Proto]

I remember a person on the forum using a version of Apple's charging cable to create a hot-pluggable number pad add-on to his 75% keyboard. It magnetically latches and shouldn't emit any radiation. Maybe the IEEE 1394 (FireWire) four pin port could be useful for a custom keyboard port? There are nearly no peripherals that use it. I think it has a faster Baud than most USB, as well. I think it does go through PCIe, however. I don't know about the EMR that it outputs, but I'll do a little bit more research.

Why do you think it wouldn't emit radiation? As far as I know, any electrical interface is going to generate electromagnetic radiation – generating electromagnetic radiation is how they work. I think the issue is how much "leakage" or EMI there is. I'm not an electrical or electronics engineer, so I'm out of my depth, but as I understand it there are ways to design a bus, interface, and connector standard so as to minimize EMI and emanations.

Since spying and eavesdropping by all sorts of parties, especially governments and criminals, is very salient at this point, and different types of EM sniffing attacks have documented, I think it's time the industry rolled up its sleeves and the did the solid engineering work that needs to be done to eliminate these issues. Things like a keyboard interface/protocol is so basic, yet there's never been a serious effort to just nail it down with good, careful engineering and move on to more interesting problems. It's weird the way the computer industry is so lazy and lets simple problems fester. Typing on a keyboard is the primary mode of operation of computers, the way we input most information – writing and editing textual content is just central to everything that's going on in modern human civilization. That act of typing needs to be secure from trivial BS like people sniffing EM with $100 in equipment. It's so central to how we use computers that it just needs to be a solved problem, and it looks trivial from an engineering standpoint. It's not a SpaceX or DARPA kind of problem – it's simple and the work needs to done so we can close out that attack vector and worry about other problems. We should never have to worry about someone accessing our keystrokes because our keyboard is leaking that information, since it's so easy to make keyboards that don't leak at all (optical, and possibly electrical ones too).

[ArtoriasEdgeworth]

Okay, maybe no EMR was the wrong thing to say. The magnetic field generated by the latching mechanism would definitely make it difficult for the radiation of the electrical signal to be read.

I'm studying for my CompTIA Security+ Certification, and have experience with penetration and reading keystrokes, this would not be the way I do it. I think that nearly destroying electromagnetic radiation is a fun project, however I think it doesn't ultimately serve a purpose.

Now that I've said that, I think it's a good idea to use a monolithic insert that's reversible, and has a higher Baud than USB and PS/2.

I think Mr. Beardsmore is on the right track. Instead of creating a proprietary standard, is there some way we can tune our PCs to be more responsive, so the keyboard can return less voltage, and therefore emit less readable radiation? Or make some I/O shields out of neodymium iron-boron magnets, for more obfuscation?

[Techno Trousers]

There is no such a thing as a safe programming language.

Well, it depends... You're right that no language alone will guarantee total security, but there are new languages that are tackling the core insecurity problems of C and C++. For example, Rust.

[ArtoriasEdgeworth]

I suppose you could also custom-make your connectors out of Mu-Metal. That would prevent the release of too much radiation.

[czarek]

Well you can go very low end and connect all rows and columns to some GPIO port of a controller (or even stupid IO expander), then maybe I2C over serial to the host computer. It would require a driver that would be doing matrix scanning though, but it would give 100% control over keyboard to the driver software.

[Chyros]

Apple will probably make a new plug at some point to get more money out of people.

[fohat]

Apple will probably continue to make new plugs at some point regularly to get lots more money out of people.

Fixed that for you.

[ArtoriasEdgeworth]

Ergh, having a hard-wired keyboard. Makes me cringe.

Ahaha, not too far off on the Apple thing.

[ArtoriasEdgeworth]

Also, just for curiosity's sake, why do most people use Mini USB B, and not Mini USB AB?

[Chyros]

Apple will probably continue to make new plugs at some point regularly to get lots more money out of people.

Fixed that for you.

[Daniel Beardsmore]

Seemingly one of the justifications for Lightning is that the plug can be inserted either way up. Fair point; the USB A connector is abominable. Most companies make the tongue out of black plastic so that you can't see it, some brands (Dell in particular) can't decide which way up to mount the sockets, not everything has the USB shield to say "this way is up" (my Sandisk USB flash drives for example) and the overall shape is so stupid that the plug won't even go in the right way up. With the PC down on the floor where it's hard to see the sockets, you can find yourself trying the plug both ways up and it won't go in either way. This way? Nope. Other way up? Nope. First way up? Nope. Is this even a USB socket … Yep … So …

Whether anyone should be to blame for making the üSB A plug the exact same width as an 8P modular plug, is another matter …

For a company like Apple, it's a very awkward problem. If they stick with industry standard, they'll be stifling innovation and condemning people to whatever committee-designed contraption the PC world tried to lump us with this time, but if they try to break out of this deadlock, everyone will complain that they're not following industry standard! Sometimes the only way to get something right is to just do it and let it stand on its own merit.

I'm sure someone here remembers their attempt to replace classic SCSI with USB … Oops.

[fohat]

Some of my micro-USB connectors (OEM Samsungs for my phone, for example) have the outgoing wire offset to one side which is great - even in the dark I can twist it in my fingers and get it right. Even the tiniest tactile cue is invaluable when so many hand-held things are symmetrical both ways.