A Matter of Trust: The Developer’s Guide to Protecting Smart Homes with Matter

Since October of last year, when the Connectivity Standards Alliance (CSA) formally released Version 1.0 of Matter — the new standard for smart homes — companies have been working overtime to develop and introduce Matter-certified products.

It’s easy to see why everyone is moving so quickly. It’s because Matter brings a much-needed level of interoperability to what has, thus far, been a highly fragmented segment of consumer electronics. With Matter, devices from different manufacturers work together, effortlessly, right out of the box and across smart home control platforms.

The simplicity and flexibility of using Matter-certified products promises to change the trajectory for smart home, moving it from a niche application, favored by tech enthusiasts and those willing to cobble together the features they want, to a mainstream reality, where consumers, with little to no technical experience, can easily enjoy the many advantages of a connected home environment.

But What About Security?

Matter may make it easy to set up and operate a smart home network, but interoperability, on its own, isn’t enough to make a new standard like Matter viable. Consumers are increasingly concerned about security and privacy, too.

After all, smart home is a highly sensitive area, involving data about who we are as private citizens and how we conduct ourselves at home. Nobody wants a stranger accessing their home network through a smart dishwasher, eavesdropping on the audio of a smart speaker or recording what they see on a smart security camera.

Is Matter secure enough? Matter raises the bar on security for wireless protocols. Part of what makes Matter so compelling (and one of the reasons why we’ve invested so heavily in its development) is that the protocol was defined from the beginning, to deliver security as well as interoperability.

Built-In Security

The way we describe it to developers is that Matter has built-in security. A device can’t carry the Matter logo unless it’s passed Matter certification, and it can’t pass certification unless it meets the detailed security functional requirements of the standard, which cover multiple aspects of setup and operation of devices and are built on industry-proven security methods used for desktop, mobile and cloud computing. A Matter device must prove its identify and provide proof of Matter certification before being able to join the Matter network and then uses encrypted data only. It has a layered approach to security which includes:

• Easy, secure and flexible device commissioning
• Validation that each device is authentic and certified
• Strong device identity so only your device can join your smart home
• Up-to-date info via Distributed Compliance Ledger
• Verified access controls to prevent unauthorized actions
• Secured unicast communications
• Secured group communications
• Secured, standard software updates
• Verification of software integrity

Compared to today’s smart home setups, which tend to combine devices that use differing, non-interoperable communication schemes, Matter provides a more consistent, more resilient way to keep the home network safe from harm. As a result, it’s much harder for hackers to find ways to sneak onto networks, hijack devices, introduce fake devices into the setup, expose information or leak data.

A Developer’s Guide

To help developers understand how Matter handles security, and how best to prepare for the requirements of Matter certification, we asked Bill Curtis, a leading analyst specializing in Industrial IoT and IoT technology at Moor Insights & Strategy , to weigh in. Bill has been closely tracking Matter’s evolution as a standard and, as a tech evangelist, provides a unique perspective on what Matter means for developers.

As a follow-up to his introductory guide to the specification, titled “Matter – Making Smart Homes Smarter,” he’s written a new paper, titled “Matter – Making Smart Homes More Secure.” We think it’s the first deep dive on the subject and should be of special interest to developers, since not much has been published beyond the actual specification itself, to this point.

Bill begins by pointing out that today’s smart home setups are a “hodgepodge of non-interoperable connectivity schemes” that, due to their mix-and-match nature, leave gaps in security that attract hackers. Turning his attention to Matter, he underscores the importance of taking a standardized approach to security while introducing the basic tenets of Matter security. He follows this with a step-by-step explanation of Matter commissioning and the primary considerations for developing and manufacturing secure Matter devices.

The NXP Approach to Matter Security

Bill’s paper also takes a look at how NXP supports Matter development. His research included speaking to a number of our internal people and conducting a detailed review of our hardware, software and service offerings for Matter. It’s his opinion that we have “all the right ingredients,” citing the fact that we not only helped define the Matter security specification, but we also are “one of the first semiconductor companies to offer Matter-certified platforms with all the silicon, software, reference designs and services customers need to build and deploy secure products.”

From a hardware perspective, Bill highlights our Matter-ready SoCs , which support every level of Matter performance, from the K32W148 Wireless MCU, which can run on a coin-cell battery and provides the wireless Thread mesh networking and Bluetooth^® Low Energy capabilities along with processing power for simple device types, to the sophisticated i.MX 8M Mini or i.MX 83 MPU, which can be paired with a wireless MCU and be used to support high performance in OS-enabled systems for more complex applications. We offer different security options to meet the Matter security requirements and protect the Matter credentials. One option is the EdgeLock Secure Enclave which is integrated into the MCU, such the K32W148. Another option is the EdgeLock SE05x secure element and EdgeLock A5000 secure authenticator, which can be attached to any device and offer protection against advanced hardware attacks. To help the device manufacturers with the public key infrastructure (PKI) required for Matter, our EdgeLock 2GO service is a CSA-approved Product Attestation Authority (PAA) and offers different options to provision the Device Attestation Certificate into Matter devices, from pre-injecting credentials directly into silicon to delivering the credentials securely over-the-air (OTA).

More Matter to Come

We’re pleased that Bill recognizes our commitment to Matter and our talent for creating Matter-ready solutions that enable fast, painless certification. And we agree with Bill that Matter’s unique combination of interoperability and security plays to our strengths, as a leading provider of wireless, IoT and security solutions.

We are excited to continue to work closely with Bill in the months ahead and encourage you to stay tuned for more specialized content about Matter. In the meantime, you can discover more about how NXP supports Matter security by reading Bill’s new paper, titled “Matter – Making Smart Homes More Secure” and by visiting us at www.nxp.com/matter.

Authors