Making IoT Smart Home Devices Secure with Matter Security
We have all heard the rumors, gossip, and even news stories about bad things happening with the internet of things (IoT) smart home devices. These stories keep consumers from buying a product for fear that they could let a bad actor, or malware, into their home. It’s in the news with stories about hacked baby monitors saying spooky things in a baby’s room, or the theft of a casino’s high-roller database by hacking an aquarium’s smart thermostat.
IoT security practices for smart-home devices vary widely. A high-volume mobile device manufacturer with billions of dollars in brand equity will closely follow security best practices. However, a little-known Wi-Fi security camera maker might cut corners in the rush to bring a product to market—and it’s not always easy to know which products are trustworthy. Cyberattacks on smart home systems and devices can create real privacy and economic risks. The risks have been categorized as product malfunction, Distributed Denial of Service (DDoS) attacks, data and privacy breaches, theft of intellectual property, and potential harm to humans. The lack of rigorous, consistent security for smart home products is tolerated by early adopters but mass-market consumers don’t have that tolerance for risk. Security concerns have kept smart home devices from fulfilling the promise of automated intelligent homes.
Matter creates a new bar for IoT security
Matter is the new unifying smart home standard for interoperability and security among smart home devices. Announced in October 2022, the spec and certification program is the result of a collaboration involving close to 600 technology companies under the auspices of the Connectivity Standards Alliance (CSA) https://csa-iot.org/. Industry leaders Amazon, Apple, Google and Samsung are among the many collaborators. Matter makes smart home devices interoperable while improving and standardizing security across suppliers and IoT ecosystems. For consumers, seeing a Matter logo on a retail product simplifies buying decisions and, over time, should ease concerns about bad actors exploiting weaknesses in smart home devices.
For IoT smart device makers, Matter eliminates the need to integrate each product they develop independently with multiple proprietary smart home platforms, such as Amazon Alexa, Apple HomeKit/Siri, Google Home, and Samsung SmartThings. Instead, they can use the Matter software development kit (SDK) royalty-free to incorporate their products into the Matter ecosystem, where they seamlessly interoperate with these and other Matter-compliant smart environments. Instead of the current practice of smart home security being the discretion of the device maker, Matter offers a consistent , recognizable standard for security. And once device makers develop their Matter-compliant approach for security, they can have high confidence that they are abiding by industry best practices. Since the Matter specifications became public last fall, close to 1800 products have received Matter certification as of the time of writing.
What is Matter security?
Matter security uses modern, well-established security technologies and is architected to be secure by design. The foundation of Matter security is a permanent secure device identity, and it is defined as a Device Attestation Certificate or DAC. A DAC is a public key infrastructure (PKI) credential with a public key and private key pair that is signed by a trusted certificate authority. The private key should never leave the device and should be kept in secure storage within the device. The device identity is complemented with a secure firmware update and software update over-the-air (OTA) process to maintain the high security of the original device over the lifetime of the device.
DACs guard against fake or cloned products and associate specific devices with their manufacturer’s brand. Each device manufacturer has a unique vendor ID issued by CSA. Each product has a unique product ID also issued by CSA. Each product instance has a unique DAC bearing its manufacturer’s vendor ID and the product ID. Authentication of the brand and the product comes from the trust chain of DACs. For initial Matter security device testing and certification, a generic test DAC can be used. However for production, a unique DAC for each product instance is needed. So Matter device manufacturers need a reliable and trusted source of DACs.
How does a device manufacturer get a Matter Device Attestation Certificate (DAC)?
The question facing a device manufacturer is whether to develop the Matter certificate authority capability in-house or to purchase certificate authority services from an Alliance-qualified CA provider. To provide industry-leading security, Matter security requirements are stringent and can be arcane for an organization without established device security processes and certificate authority experience. For an in-house capability, the device developer needs to to prove that the processes and equipment for generating and storing private keys meet high industry standards that prevent them from being extracted. So if a device manufacturer does not already have this expertise, operational staff, secure environments and processes, months or years of time and considerable investment are required.
Alternatively, DACs can be obtained from an Alliance Product Attestation Authority (PAA) provider. The CSA website lists certificate authority services that have passed an exhaustive audit against the Alliance PKI certificate policy requirements. A Matter PAA provider provides what the Alliance calls a “Non-VID Scoped PAA.” VID is vendor ID. A non-VID scoped PAA means that the attestation is generic, and not specific to a device manufacturer. So a non-VID scoped PAA provider is qualified to provide credentials to multiple Matter device manufacturers. CommScope Sentry™ is an approved non-VID scoped PAA provider and has an extensive track record of serving the needs of device manufacturers at scale and across diverse manufacturing environments.
In addition to the non-VID scoped PAA, CommScope Sentry also offers a program to facilitate a device manufacturer creating their own VID-scoped Matter PAA. With this option, CommScope Sentry creates a PAA with the device manufacturer’s vendor ID embedded in it. Such a VID-scoped PAA is unique for the device manufacturer and can only be used for the product instances made by the device manufacturer. This option requires additional services and engagement with the Alliance and may be suitable for the largest manufacturers who value having their brand on the CSA Root of Trust distributed compliance ledger.
CommScope Sentry™ provides options to simplify Matter security
CommScope Sentry has thirty five years of experience in meeting the same device security levels required by Matter. CommScope Sentry has issued over six billion device certificates in a wide variety of global manufacturing environments, ranging from the highest-volume contract manufacturers and ODMs to custom manufacturers producing high-complexity equipment. CommScope Sentry PKIWorks™ provisioning and management platform is the result of a long evolution of security refinements and provides flexibility for a wide range of manufacturing environments. By using PKIWorks, Matter device manufacturers can focus on their device applications, leaving CommScope Sentry to address security and accelerate time to market for new Matter products. CommScope Sentry has an experienced technical and operational team knowledgeable in advanced silicon security libraries ready to support IoT device manufacturers in the development of new Matter-certified products.
Three different offerings of PKIWorks are available to support a range of Matter security device manufacturing needs: PKIWorks Basics, PKIWorks Essentials, and PKIWorks Complete.
Three CommScope Sentry PKIWorks offerings span different product and manufacturing use-cases
The first, PKIWorks Basics, is for manufacturers that need DACs, or keys and DACs, and have an established manufacturing provisioning system. It is a secure interactive web portal that accepts Certificate Signing Requests (CSRs) and generates corresponding DACs. It can also accept a batch of device IDs and generate both key pairs and DACs for those IDs. The generated device credentials can be downloaded and transferred to manufacturing provisioning systems. Compared to ad hoc systems that grow out of engineering development labs, PKIWorks Basics is highly secure and uses mature, refined security processes to ensure device credentials are securely and reliably provided for manufacturing.
PKIWorks Essentials automates credential creation using a machine-to-machine interface, and is for devices that can generate key pairs and need DACs for the key pairs to be installed automatically. PKIWorksTM Essentials eliminates the manual and multi-step process of issuing CSRs, uploading them to a web portal, downloading the credentials, transferring them to provisioning systems, and installing them on devices. The automation provided by PKIWorks Essentials eliminates potential human errors which can impact manufacturing production line efficiencies and is well-suited for high-volume production.
PKIWorks Complete goes a step further in reliable factory provisioning by generating key pairs in the air-gapped PKIWorks key vault, ensuring that the highest standards of key generation are met. Once the keys are generated, they are securely transferred to manufacturing sites over a managed secure VPN. PKIWorks Complete does not require sophisticated key-pair generation and random number generation functions on silicon, so lower-cost silicon can be used to lower the cost of IoT device. In addition, non-PKI based keys from popular licensing authorities like Google Widevine, Microsoft PlayReady, Apple FairPlay, and others can be loaded as well.
With these three options, CommScope Sentry makes implementing the sophisticated security of Matter easy for device manufacturers, and enables widespread adoption of Matter devices to bring the promise of smart homes to a much broader consumer market.