IoT security should be a competitive differentiator

Trust is a fundamental part of the home. We trust our walls to stand up straight, our floors to hold solid, our ovens to work, our toilets to flush and our doors to keep intruders out. We don’t often consider the same standards for our home technology, says Mike Nelson, VP of IoT security, DigiCert. And yet we should, because they can pose a significant risk from directly inside our home.

Home IoT (Internet of Things) devices are proving immensely popular and yet often troublingly insecure. This can open the door to all manner of threats such as identity theft, covert surveillance or digital compromise.

This isn’t the fault of consumers they rarely have any idea about which devices are secure or which pose a personal threat to their digital security. Still, the IoT is an immensely popular field of technology. McKinsey estimates that 127 new devices are connected to the internet every second and IDC has predicted that there will be 55.7 billion IoT devices around the world by 2025.

That means that every day people are bringing digital risk into their homes and all but inviting online threats into one of the most sensitive places they will ever go. Furthermore, they have little means of making a considered choice about the level of digital risk they’re willing to accept. Without expertise in the area, there is currently no way of telling which IoT home device is secure and which isn’t.

That needs to change. Consumers need to be able to make their own decisions about the security of the IoT devices they bring into their own home.

That’s why a certification scheme makes so much sense. It would allow consumers to see which devices are certified to a secure standard and crucially, make security a competitive differentiator thus creating market incentives to make secure devices.

That is one of the key qualities that makes the new certification matter important.

What is matter?

Matter describes itself as an “industry-unifying standard to deliver reliable, seamless and secure connectivity.” Started by the Connectivity Standards Alliance (CSA), this communication protocol aims to make IoT home devices interoperable.

This has been a stubborn problem in the field of IoT home devices. Although these devices are flooding homes all around the world, there remain many cases in which an IoT device from one brand, cannot speak to or interoperate with an IoT device from another. This runs counter to the very notion of a smart home – in which the technology forms one cohesive infrastructure with which one can control the functions of that home such as playing music or controlling heat and lights.

Matter intends to provide a single Internet Protocol based standard which will allow IoT devices to break down those barriers and enable smart home users to use IoT home devices together. However those headlined intentions obscure an equally significant part of Matter: Security.

IoT devices are famously insecure. Many arrive on store shelves with a series of profound vulnerabilities embedded in them at the point of manufacture. These can include hardcoded passwords, lacking proper authentication, inabilities to update and no encryption for the data that the devices interact with.

As a result, they’re easy prey for cybercriminals who will rope them into DDoS botnets, hijack their compute power for cryptocurrency mining or exploit the private information of their owners. A Kaspersky report from 2021 noted that the company had recorded breaches of 1.51 billion IoT devices. That itself was an increase of 639 million breaches from the previous year.

Combine this fact with the high demand for these devices and a rapidly growing supply of them, and you have a huge opportunity for cybercriminals and a big problem for everyone else.

Matter security

That’s why matter is such an important development. Matter specifies strong security controls for the devices that it certifies.

It demands a layered approach to security at the levels of device attestation and authentication ensure the privacy, integrity and availability of the data that the devices use. 

Its security provisions are also self contained. Because Matter provides a single application layer for certified devices to communicate, it does not rely on the security of the communications technologies on which it runs such as Thread or Wi-Fi.

It also mandates the use of the strongest civilian cryptographic standards available including AES with 128 bit keys to protect confidentiality and integrity as well as SHA-256 to preserve integrity and ECC for digital signatures and key exchanges.

It’s also crypto-agile so that cryptographic keys and protocols can be swapped out as Matter releases new versions and the threat landscape transforms.

PKIs and certificates

Crucially, matter mandates the use of PKIs and certificates within the device. The point of these is that they can be provided with identities through PKI and use certificates to verify those identities. This allows each device to be certified as a Matter-compliant device.

Mike Nelson

Matter certified devices come with their own Device Attestation Certificate (DAC) which is signed by an issuing Certification Authority (CA) and inserted into the device during the manufacturing process. When the devices are commissioned into Matter that certificate is used to verify the identity of that device and ensure that it can be folded into a Matter fabric, thus allowing interoperation with other Matter devices.

Security practitioners might often find themselves playing catch up with the IoT. It sometimes feels like it’s growing too fast to really address its fundamental security problems at the root. However, Matter represents an important intervention in IoT security.

Matter certified devices are expected to hit store shelves later in 2022. By offering an industry-backed standard to secure and certify IoT home devices, Matter is finally putting security decisions in the hands of consumers. By doing this, consumers will hopefully drive market incentives for IoT manufacturers to create secure products. Security should be a competitive differentiator for the IoT and the Matter standard might just make it that.

The author is Mike Nelson, VP of IoT Security, DigiCert.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES
woman holding her finger balance with coins

Quantinuum raises US$300m in equity funding

Posted on: April 18, 2024

Honeywell has announced the closing of a US$300 million equity fundraise for Quantinuum at a pre-money valuation of US$5bn. The round is anchored by Quantinuum’s partner JPMorgan Chase, with additional participation from Mitsui, Amgen and Honeywell, which remains the company’s majority shareholder. This investment brings the total capital raised by Quantinuum since inception to approximately

Read more
close up man using smart touch screen server

ITRI and Arm launch new SystemReady Lab in Taipei to boost AIoT industry

Posted on: April 18, 2024

ITRI has established the ITRI・Arm SystemReady Lab in Taipei, in partnership with Arm. This certification centre is the fourth of its kind globally, following the ones in the United States, Europe and India. The lab combines ITRI’s R&D strengths with the Arm SystemReady compliance programme to deliver comprehensive certification services for the AIoT industry. This

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more