A vital component of the family is trust. We put our faith in the stability of our floors, the functionality of our ovens, the flushing action of our toilets, and the security of our doors. According to Mike Nelson, VP of IoT security at DigiCert, we don’t always hold our home electronics to the same standards. However, we should because they pose a serious concern when they are inside our home.
IoT (Internet of Things) devices for the home are incredibly popular, but they are frequently alarmingly unsecure. Then, different kinds of threats, such as identity theft, secret surveillance, and computer hacking, may become possible.
Consumers rarely know which devices are secure or which constitute a personal threat to their digital security, but that is not their fault. However, the Internet of Things is a very prominent area of technology. According to McKinsey, 127 new devices are added to the internet each second, and according to IDC, there will be 55.7 billion IoT devices on the planet by 2025.
It follows that individuals are essentially inviting internet risks into one of the most private spaces they will ever visit by introducing digital risk into their homes on a daily basis. Additionally, they have few options for carefully deciding how much digital danger they are ready to take. There is currently no method to tell which IoT home gadget is secure and which is not without knowledge in the field.
It needs to be altered. Consumers must have the freedom to decide for themselves how secure the IoT gadgets they bring into their homes should be.
That is why a certification programme is so sensible. Customers would be able to tell which devices have been certified for security, and more importantly, security would become a competitive advantage, giving the market a reason to encourage the development of safe devices.
One of the main characteristics that makes the new certification so significant is this.
What is the dilemma?
As a “industry-unifying standard to enable reliable, frictionless, and secure communication,” Matter describes itself. This communication protocol, developed by the Connectivity Standards Alliance (CSA), attempts to interoperate with IoT household devices.
This has been a tenacious issue with IoT home gadgets. Even while these gadgets are becoming more and more common in homes around the globe, there are still many instances where an IoT device from one brand cannot communicate with or work with an IoT device from another. This goes against the whole idea of a smart home, where technology creates a single coherent infrastructure that allows one to control the features of that home, such as playing music or adjusting the lighting and heat.
IoT devices will be able to overcome these obstacles and enable
customers to use IoT home gadgets in concert thanks to Matter’s unified Internet Protocol-based standard. However, those stated objectives conceal an element of security that is equally important to Matter.
IoT equipment is notoriously unsecure. Many products have a number of serious vulnerabilities built into them from the time of creation when they get on retail shelves. Hardcoded passwords, improper authentication issues, updating issues, and a lack of encryption for the data that the devices deal with are a few examples of these.
As a result, they are simple targets for cybercriminals who will use their computing power for cryptocurrency mining, DDoS botnets, or to steal their owners’ personal information. According to a 2021 Kaspersky report, the business had discovered 1.51 billion IoT device breaches. That alone represented an increase from the prior year of 639 million breaches.
Because of this and the fact that these devices are in high demand and are becoming more and more common quickly, cybercriminals have a big chance and everyone else has a big reason to worry.
That is why the development of matter is so significant. For the equipment that it certifies, Matter requires stringent security measures.
It necessitates a multi-layered security strategy at the device attestation and authentication levels to guarantee the confidentiality, availability, and integrity of the data that the devices utilise.
Additionally self-contained are its security features. Matter does not rely on the security of the communications technologies, such as Thread or Wi-Fi, on which it runs because it offers a single application layer for approved devices to communicate.
AES with 128 bit keys, SHA-256 to maintain integrity, and ECC for digital signatures and key exchanges are among the strongest civilian cryptographic standards that must be used. These standards are also required.
Additionally, it is crypto-agile, allowing cryptographic protocols and keys to be changed as new versions of Matter are released and the threat environment changes.
PKIs and certificates
Importantly, the matter requires the device to use PKIs and certificates. These have the benefit of being able to receive identities via PKI and utilise certificates to confirm those identities. This makes it possible to certify each device as a Matter-compliant device.
DACs, which are attached to Matter-certified devices during the manufacturing process and signed by an issuing Certification Authority (CA), are provided with each one. This certificate is used to confirm the device’s identification when it is commissioned into Matter and to ensure that it may be folded into a Matter fabric, enabling interoperability with other Matter devices.
With the IoT, security professionals may sometimes find themselves playing catch-up. It sometimes seems like it is developing too quickly to effectively address the underlying security issues. However, Matter is a significant IoT security intervention.
In-store availability of Matter-certified devices is anticipated for later in 2022. Matter is finally giving customers control over security decisions by providing an industry-backed standard to protect and certify IoT home devices. Hopefully, by doing this, users will encourage the market to reward producers of IoT equipment that is secure. The Matter standard may just turn security into the competitive differentiator for the IoT.