[In-depth article] Learn how Matter ensures IoT security

btty038

[In-depth article] Learn how Matter ensures IoT security [Copy link]

As time goes by, advances in technology and devices will make our smart homes smarter, but they will also open new doors for cybercriminals, making system security a top concern.

The Matter standard is the result of a joint effort by CSA and its members (Amazon, Google, Smart things, Apple, Comcast, etc.) to solve the problem of a fragmented smart home ecosystem. The solution they created allows interoperability from the radio all the way to the cloud interface and the smartphone-side applications that interact with IoT devices.
Matter is a unified IP connectivity protocol built on proven technology that helps connect, build reliable and secure IoT ecosystems. Matter will support Wi-Fi, Ethernet and Thread communications at launch. Bluetooth Low Energy (LE) will be used only for networking purposes. Matter also ensures that any object built on the standard is inherently reliable, secure by design, and compatible with each other at system scale. In short, Matter is a game changer.
With Matter, consumers will be able to buy any Matter smart home device and have it work with any platform of their choice. As a result, consumers will no longer be limited to a single platform such as Apple HomeKit, Google Home, Amazon Alexa or Samsung SmartThings. At the same time, Matter also eliminates the need to install dozens of applications on the onboard device - instead, you only need one.

InteroperabilityThe
Matter standard enables interoperability for all smart devices. Interoperability is key to success in the IoT market, and Matter brings the connectivity cohesion that the IoT needs—it solves both interoperability and connectivity issues. It also helps free up developers’ time, allowing them to focus more on innovation at the application, product, and hardware levels. Ease of
UseFor
consumers, the promise of Matter is a simpler buying experience. When consumers choose a product with the Matter logo, they are assured that the new product will interoperate with their network, smartphone, and all other Matter IoT devices in their home network. As a result, consumers will have more product choices without having to worry about it not working with other smart home devices. On the
other hand, this is also a win for retailers, as they can provide a more streamlined buying experience and reduce returns due to consumer network compatibility issues.
From a product developer’s perspective, they don’t have to worry about coordinating network ecosystems when developing products, nor do they have to worry about creating firmware for their own product stock keeping units (SKUs). With one product for all markets, product development becomes simpler because all Matter code is available to any product developer. Building product developers’ base products on a common code base not only makes it easier for developers, but also further enhances interoperability; this means easy integration. It also limits development overhead; as only one hardware (HW) and software (SW) SKU is needed to cover all customers, whether they are Apple HomeKit users, Google Home users, or other product users. This allows developers to focus their time on innovative application use cases and maximizing revenue, rather than spending time dealing with connectivity challenges.
Overall, Matter is a win-win for consumers, retailers, and developers.
Reliability
In addition to interoperability and ease of use, the Matter standard is designed for reliability. So how is this achieved? Matter takes a simple approach, using mature technologies to achieve reliability goals. It does not define new protocols, but combines existing technologies that are mature and proven in practice - technologies such as IP communications are reused.
Matter’s advantage in reliability is that it leverages a large community base consisting of enterprises, major chip vendors, standards bodies, developers, etc. - all of whom are involved in debugging, fixing, and general knowledge dissemination of software and hardware. This makes overall development easier for everyone.
Open Source
Matter software is open source; it’s available to everyone. This helps with interoperability because all products are built on the same software and standards. Developers now have access to code, development tools, and CSA certification programs, ensuring interoperability across all vendors.
For product developers, this also increases ease of use because they can easily change component suppliers without having to face a new API for each supplier. This also means that product developers do not need to write or rewrite code for their target applications, thereby reducing costs and time to market. This also eliminates the burden of SW development (writing new code or updating code) if developers need to switch to another chip vendor Security Matter takes
security
very seriously. Matter's security architecture is based on best practices such as "Secure Design" and "Zero Trust". Each device has a unique identity; each device that joins the network must be verified to ensure that it is a legitimate Matter certified device. It is worth noting that every message sent by a Matter device is encrypted and authenticated; each Matter device is also certified and must provide a unique product code and ID before joining the user's network. In addition, only after being verified and enabled can the device work on the network. Matter has also built in security mechanisms that allow application and network administrators to block unauthorized or unauthenticated devices.
Matter raises the bar for IoT security

Comprehensive
Matter's built-in security ensures that every device is authenticated, every piece of information is protected, and over-the-air firmware updates are secure.
Strong device authentication
As part of the commissioning process, certificates are installed on Matter devices. No device can join the Matter network until it is fully authenticated. This ensures network security for all devices at the same time. Matter includes rigorously tested algorithms and security technologies such as public key cryptography; users do not need to transmit or reveal their private keys to anyone, greatly reducing the chances of cybercriminals discovering personal keys.
Easy for developers and users to use
Matter's security technology makes it easier for IoT product developers to create devices. Matter core provides open source code, such as examples and test vectors for all security features. All the required tools are located in the GitHub repository and define the software implementation of Matter security in a modular way. Therefore, users and developers do not need to worry about security issues - security is there!
Resilient design
Matter tries to anticipate and reduce as many potential attack vectors as possible. Matter builds security at every network layer with the concept of "zero trust" as the starting point. Since application layer information is independent of network layer encryption, even a malicious device that obtains the Wi-Fi access password cannot eavesdrop on application layer information. The use of message counters makes each encrypted message unique, so it cannot be replayed and has strong resilience. When a new communication starts, the Matter protocol establishes trust between the two nodes; this is based on the secure exchange of certificate credentials owned by each node and establishes trust between the two parties, that is, the certificate authentication session establishment (CASE) session. The certificate is generated by the debugging node during the debugging process. In addition, due to the use of encryption technology, Matter can effectively prevent eavesdropping; and due to the application of the over-the-air update system, Matter can effectively avoid possible security vulnerabilities.
Agility
All devices within the Matter network are agile and secure. With cryptographic flexibility, Matter can respond to new developments and threats. Its core specification abstracts all cryptographic primitives, leaving ample space for future specification versions. At the same time, the modular design of the Matter protocol also provides space for new protocol replacement when security risks arise in the future.
Security debugging in Matter
Self-application and learn how to use it. However, with Matter, the customer onboarding process (adding new devices to the network) has been challenging since the early days of IoT devices. Each new device needs to download its own application.
How will Matter-based IoT devices be natively integrated into the operating system?
Step 1: Consumers bring their Matter-enabled device home, turn it on or download a Matter or Matter-enabled app to their smartphone or tablet, and then power on the device. Powering on the device is critical for Bluetooth communication between the phone app and the device.
Step 2: Each device comes with a unique QR code that contains all the information needed to discover and identify the device. Scanning the QR code with a smartphone triggers the onboarding process and serves as an ownership check. Scanning the QR code triggers the onboarding process and the proximity check. The QR code is unique for each device; it contains the vendor ID and product ID.
Step 3: Once the smartphone discovers the device, it uses the 8-digit passcode obtained from the QR code to create a secure channel, a Password Authentication Session Establishment (PASE) session, over Bluetooth Low Energy. Through this PASE session, the smartphone verifies the identity of the device.
Step 4: The smartphone verifies the device identity by checking the validity of the Device Attestation Certificate (DAC) and the device’s certification status with the CSA.
Step 5: When the device is confirmed to be authentic, the onboarding program provides it with the Node Operation Certificate (NOC) and the Matter network credentials. This NOC will identify the device on the Thread network and serve as the root of its communication security.
Step 6: Using the obtained NOC, the device will be discovered on the Matter network. The onboarding program will discover the device again and establish a highly secure CASE session with the NOC. This will ensure that the network credentials and NOC are all transmitted correctly.
Step 7: At this point, the device has been connected to the Matter network and can communicate with it. Now, your smartphone, tablet or voice command device can start controlling the end node.
In short, Matter takes IoT security to a new level that has never been seen before. It not only solves the security problems of IoT device developers, but also provides the same level of security guarantees to consumers who use their products. In addition, it also solves the network security problems of users, while creating greater ease of use and interoperability for the entire IoT ecosystem directly to the cloud.

Source: Qorvo Semiconductor

好好xuexi

Thanks for sharing, I learned a lot, thank you