Q&A: Blockchain-powered, distributed device authentication central to Matter’s security push, DigiCert says
When you want to develop a technology standard that promises to connect all smart lights and other connected gadgets in the home, you need the security to do the job.
This is what DigiCert, a digital security company known for its encryption certification, wants to provide for Matter, an upcoming interoperable smart home standard that is tentatively due by the end of this year.
The standard has been initiated by major smart home players such as Google, Amazon, Apple, Samsung with the aim of averting a new debilitating arms race for proprietary standards.
To do so, it uses existing frameworks such as Wi-Fi, Ethernet, Bluetooth Low Energy and Internet Protocol communication, and open protocols such as Thread to work with each other.
The use of existing protocols means device and data authentication and security are essential. The various protocols must have a security basis.
DigiCert has played a key role in developing the security-related aspects of the protocol, designed to be widely supported while ensuring that all devices, apps and platforms can work seamlessly together.
Mike Nelson, Vice President of IoT Security at DigiCert tells Techgoondu that Matter raises the bar for IoT security compared to existing smart home standards.
Blockchain and distributed ledger technologies play a role in this, he says, over a question and answer session.
NOTE: Answers have been edited for style, with additional background information on features and standards
Q: How does Matter approach security differently compared to existing smart home standards, such as Zigbee, Z-Wave or Tuya?
ONE: The Matter security specification has been developed in collaboration with many industry stakeholders over the past few years. The Matter specification takes a secure-by-design approach to ensure that devices can be trusted throughout their lifecycle.
The security specification is a layered approach with strong, easy to implement, resilient and agile security approaches.
One way is to establish a strong device identity so that only trusted devices can join a smart home. Secure standard software updates help ensure integrity.
Each device is validated to ensure it is authentic and certified. Communication is secure, whether unicast (one-way) or multicast (to several parties or devices).
Commissioning of devices is also easy, secure and flexible, while a distributed compliance ledger (DCL) ensures that there is up-to-date information.
DCL operates through a network of servers hosted by the Connectivity Standards Alliance (the body responsible for Matter) and its members.
The servers host a copy of the database of information about Matter-certified devices. Devices will communicate with the server and back through a blockchain-based, cryptographically secure encryption protocol.
Matter-compliant devices will check with DCL to verify device compliance and relevant certifications, known as a Device Attestation Certificate (DAC), as well as commissioning instructions, manuals and firmware upgrade availability and update guidance.
Q: How do DigiCert’s implementations add value to an established and generally robust IP-based connectivity implementation that relies on existing communication standards?
ONE: Existing communication standards are usually unable to provide reliable information about the device at the other end of the line, including whether or not it is an authentic device.
As part of the Matter protocol, DigiCert will issue DACs that allow devices to cryptographically prove that they are authentic devices manufactured by an approved Matter vendor.
DigiCert provides a ready-to-deploy, fully compliant platform that accelerates members’ time to market and removes the compliance burden of managing Public Key Infrastructure (PKI) in-house.
Public Key Infrastructure is a platform that issues, distributes, stores, authenticates and revokes unique “passports” (commonly known as digital certificates) that typically identify a digital device and/or content.
Such “passports” can serve as unique identifiers when they use a common, agreed-upon language to unlock (decrypt) or prevent (encrypt) access and use of information.
Q. What benefits should consumers expect when adding a Matter-certified device to a smart home network and using a Matter-certified smart home device?
ONE: Consumers should expect all their devices to work seamlessly and securely with their home network and digital assistants, without the existing walls between proprietary ecosystems that currently prevent devices from working together.
Consumers can also expect privacy and trust in their homes. Matter-compliant devices and the data they generate and transmit will be secure.
For devices to work together securely, it must be possible to determine which devices meet the security requirements of Matter, and DigiCert device authenticity certificates help provide these assurances.
Q: ZigBee to Matter bridges will drive adoption of the latter in the nascent years of launch, as device manufacturers need time to expand a portfolio of native Thread- and Matter-based sensors and IoT solutions.
Given Matter’s role as an application layer, can we expect bridged Zigbee devices to perform as they did or even better than before, or is there a chance that integration pitfalls may persist for a while longer?
ONE: Certainly, the ability of devices from different manufacturers to work together means that the devices can already do things they previously could not do.
We’re excited to see what additional capabilities Matter vendors can offer using these new capabilities.