When you want to develop a technology standard that promises to link up all the smart lights and other connected gadgets at home, you need the security to be up to the task.
This is what DigiCert, a digital security company known for its encryption certification, wants to provide for Matter, a an up-and-coming interoperable smart home standard tentatively due by the end of this year.
The standard is initiated by major smart home players like Google, Amazon, Apple, Samsung with an aim to avert another debilitating proprietary standards arms race.
To do so, it employs existing frameworks like Wi-Fi, Ethernet, Bluetooth Low Energy and Internet Protocol communications, and open protocols like Thread to work with each other.
The use of existing protocols means device and data authentication and security are crucial. The different protocols need to have security baselines.
DigiCert has played a key role in developing the security-related aspects of the protocol, designed to be broadly supported while ensuring that all devices, apps and platforms can work seamlessly together.
Mike Nelson, the vice-president of IoT Security at DigiCert tells Techgoondu that Matter raises the bar for IoT security over existing smart home standards. Distributed ledger technologies play a part in this, he says, over a Q&A interview.
NOTE: Responses have been edited for style, with additional backgrounding on features and standards
Q: How does Matter approach security differently compared to existing smart home standards, such as Zigbee, Z-Wave or Tuya?
A: The Matter security specification has been developed collaboratively with many industry stakeholders over the last several years. The Matter specification takes a secure-by-design approach to ensure devices can be trusted throughout their life cycle.
The security specification is a layered approach with strong, easy to implement, resilient and agile security approaches.
The security specification raises the bar for IoT security and privacy through the following approaches:
– Establishing a strong device identity so only trusted devices can join a smart home
– Secured, standard software updates to ensure integrity
– Validation of every device to ensure it is authentic and certified
– Secured unicast and group communications
– Easy, secure, and flexible device commissioning
– Up-to-date info via Distributed Compliance Ledger
Q: How do DigiCert’s implementations value-add to an established and generally robust IP-based connectivity implementation relying on existing communication standards?
A: Existing communication standards are typically unable to provide any reliable information about the device at the other end of the line, including whether it is an authentic device or not.
As part of the Matter protocol, DigiCert will issue DACs that allow devices to cryptographically prove they are authentic devices produced by an approved Matter vendor.
DigiCert provides a ready-to-deploy, fully compliant platform that accelerates members’ time to market and removes the compliance burden of managing the Public Key Infrastructure (PKI) in-house.
Q. What advantages should consumers expect when adding a Matter-certified device into a smart home network and using a Matter-certified smart home device?
A: Consumers should expect that all their devices will work seamlessly and securely together with their home network and digital assistants, without the existing walls between proprietary ecosystems that currently prevent devices from working together.
Consumers can also expect privacy and trust within their homes. Matter compliant devices and the data they generate and transmit will be secure.
For devices to work together securely, it must be possible to determine which devices meet the Matter security requirements, and DigiCert device authenticity certificates help provide those assurances.
Q: ZigBee to Matter bridges will drive adoption of the latter in the nascent years of launch, as device makers need time to grow a portfolio of native Thread- and Matter-based sensors and IoT solutions.
Given Matter’s role as an application layer, can we expect bridged Zigbee devices to work the way they did or even better than before, or is there a chance integrative pitfalls may persist for a while long?
A: Certainly, the ability of devices from different manufacturers to interoperate already allows the devices to do things they previously couldn’t do. We are excited to see what additional capabilities Matter vendors can provide using these new capabilities.
CORRECTION at September 2, 2022, 4:19pm: To explain the technology behind the story, we had earlier attributed the use of blockchain technology to Mike Nelson. He did not mention this. The story has been edited to reflect this. We are sorry for the errors.
