Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices
After years of competitive jockeying, the leading tech giants have agreed to embrace a brand new open-source standard – called Matter – that will allow consumers to mix and match smart home devices and platforms.
Related: The crucial role of ‘Digital Trust’
After numerous delays and course changes, the Matter protocol, is set to roll out this fall, in time for the 2022 holiday shopping season. To start, seven types of smart home devices will be capable of adopting the Matter protocol, and thus get affixed with a Matter logo.
Matter is intended to foster interoperability of smart home devices – so a homeowner can stick with just one voice assistance platform and have the freedom to choose from a wide selection of smart devices sporting the Matter logo.
What this boils down to is that a consumer living in a smart home filled with Matter devices would no longer be forced to use Amazon’s Alexa to control some devices, while having to switch to Apple’s Siri, Google’s Assistant or Samsung’s SmartThings to operate other devices. No surprise: Amazon, Google, Apple and Samsung are the biggest names on a list of 250 companies supporting the roll out of Matter.
The qualifying types of smart home devices, to start, include light bulbs and switches; smart plugs; smart locks; smart window coverings; garage door openers; thermostats; and HVAC controllers. If all goes smoothly, surveillance cams, smart doorbells and robot vacuums would soon follow.
DigiCert, the Lehi, Utah-based Certificate Authority and a supplier of services to manage Public Key Infrastructure, has been at the table helping develop the privacy and data security components of Matter. I had the chance to discuss the wider significance of Matter with Mike Nelson, DigiCert’s vice president of IoT security. Here’s what we discussed, edited for clarity and length.
LW: When a consumer sees a smart home device with a Matter logo this fall, what do you hope that conveys?
Nelson
Nelson: The Matter logo represents seamless interoperability for consumers, ultimately enhancing users’ experience and control. It also represents digital trust [insert the way we are defining DT] between all compliant devices from different manufacturers.
LW: What was the core security issue that had to resolve in deriving Matter?
Nelson: The security challenges present in many smart home devices include device identity, proper authentication (user and device), confidentiality of sensitive data, and integrity of software.
The Matter specification focuses on establishing a robust immutable identity for each device and requiring all participants to use security credentials (digital certificates) that are chained to secure roots of trust. This practice ensures that only trusted devices can identify and interoperate with other Matter compliant devices.
LW: How did the alliance resolve this core security issue?
Nelson: The Matter security specification has been developed collaboratively with many industry stakeholders over the last several years. The Matter specification takes a secure-by-design approach to ensure devices can be trusted throughout their lifecycle. The security specification is a layered approach with strong, easy to implement, resilient and agile security approaches.
The security specification raises the bar for IoT security and privacy through the following approaches:
•Establishing a strong device identity so only trusted devices can join a smart home
•Secured, standard software updates to ensure integrity
•Validation of every device to ensure it is authentic and certified
•Secured unicast and group communications
•Easy, secure, and flexible device commissioning
•Up-to-date info via Distributed Compliance Ledger
LW: What was the core privacy issue and how was it resolved?
Nelson: There are a number of privacy threats with smart home devices. Security cameras, smart speakers and other monitoring devices could enable a bad actor with access to eavesdrop on members of a home. Additionally, data theft could reveal sensitive information about consumers.
LW: Near term – can you paint a picture of a likely adoption scenario in 2022 and 2023? (For instance, would the alliance be happy if Matter wins over more smart home platform suppliers and device manufacturers?)
Nelson: We are seeing many CSA members participating in Matter moving quickly to achieve compliance with the specification. I believe we will see Matter-compliant devices on the shelf before the end of the year.
LW: Long run – what’s a plausible, hoped-for outcome; how does Matter connect to the progress of advanced IoT systems?
Nelson: IoT security has finally evolved to a state where manufacturers aren’t only concerned about securing their devices. Industries are begging to look at how to securely connect with devices from other manufacturers to improve the end users’ experience. Matter is leading the way with this effort and I believe we will see other industries follow. The CSA also has plans to expand Matter beyond smart home and into smart commercial buildings and potentially other industries.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/qa-heres-how-the-matter-protocol-will-soon-reduce-vulnerabilities-in-smart-home-devices/
