IoT security should be a competitive differentiator

Trust is a fundamental part of the home. We trust our walls to stand up straight, our floors to hold solid, our ovens to work, our toilets to flush and our doors to keep intruders out. We don’t often consider the same standards for our home technology, says Mike Nelson, VP of IoT security, DigiCert. And yet we should, because they can pose a significant risk from directly inside our home.

Home IoT (Internet of Things) devices are proving immensely popular and yet often troublingly insecure. This can open the door to all manner of threats such as identity theft, covert surveillance or digital compromise.

This isn’t the fault of consumers they rarely have any idea about which devices are secure or which pose a personal threat to their digital security. Still, the IoT is an immensely popular field of technology. McKinsey estimates that 127 new devices are connected to the internet every second and IDC has predicted that there will be 55.7 billion IoT devices around the world by 2025.

That means that every day people are bringing digital risk into their homes and all but inviting online threats into one of the most sensitive places they will ever go. Furthermore, they have little means of making a considered choice about the level of digital risk they’re willing to accept. Without expertise in the area, there is currently no way of telling which IoT home device is secure and which isn’t.

That needs to change. Consumers need to be able to make their own decisions about the security of the IoT devices they bring into their own home.

That’s why a certification scheme makes so much sense. It would allow consumers to see which devices are certified to a secure standard and crucially, make security a competitive differentiator thus creating market incentives to make secure devices.

That is one of the key qualities that makes the new certification matter important.

What is matter?

Matter describes itself as an “industry-unifying standard to deliver reliable, seamless and secure connectivity.” Started by the Connectivity Standards Alliance (CSA), this communication protocol aims to make IoT home devices interoperable.

This has been a stubborn problem in the field of IoT home devices. Although these devices are flooding homes all around the world, there remain many cases in which an IoT device from one brand, cannot speak to or interoperate with an IoT device from another. This runs counter to the very notion of a smart home – in which the technology forms one cohesive infrastructure with which one can control the functions of that home such as playing music or controlling heat and lights.

Matter intends to provide a single Internet Protocol based standard which will allow IoT devices to break down those barriers and enable smart home users to use IoT home devices together. However those headlined intentions obscure an equally significant part of Matter: Security.

IoT devices are famously insecure. Many arrive on store shelves with a series of profound vulnerabilities embedded in them at the point of manufacture. These can include hardcoded passwords, lacking proper authentication, inabilities to update and no encryption for the data that the devices interact with.

As a result, they’re easy prey for cybercriminals who will rope them into DDoS botnets, hijack their compute power for cryptocurrency mining or exploit the private information of their owners. A Kaspersky report from 2021 noted that the company had recorded breaches of 1.51 billion IoT devices. That itself was an increase of 639 million breaches from the previous year.

Combine this fact with the high demand for these devices and a rapidly growing supply of them, and you have a huge opportunity for cybercriminals and a big problem for everyone else.

Matter security

That’s why matter is such an important development. Matter specifies strong security controls for the devices that it certifies.

It demands a layered approach to security at the levels of device attestation and authentication ensure the privacy, integrity and availability of the data that the devices use. 

Its security provisions are also self contained. Because Matter provides a single application layer for certified devices to communicate, it does not rely on the security of the communications technologies on which it runs such as Thread or Wi-Fi.

It also mandates the use of the strongest civilian cryptographic standards available including AES with 128 bit keys to protect confidentiality and integrity as well as SHA-256 to preserve integrity and ECC for digital signatures and key exchanges.

It’s also crypto-agile so that cryptographic keys and protocols can be swapped out as Matter releases new versions and the threat landscape transforms.

PKIs and certificates

Crucially, matter mandates the use of PKIs and certificates within the device. The point of these is that they can be provided with identities through PKI and use certificates to verify those identities. This allows each device to be certified as a Matter-compliant device.

Mike Nelson

Matter certified devices come with their own Device Attestation Certificate (DAC) which is signed by an issuing Certification Authority (CA) and inserted into the device during the manufacturing process. When the devices are commissioned into Matter that certificate is used to verify the identity of that device and ensure that it can be folded into a Matter fabric, thus allowing interoperation with other Matter devices.

Security practitioners might often find themselves playing catch up with the IoT. It sometimes feels like it’s growing too fast to really address its fundamental security problems at the root. However, Matter represents an important intervention in IoT security.

Matter certified devices are expected to hit store shelves later in 2022. By offering an industry-backed standard to secure and certify IoT home devices, Matter is finally putting security decisions in the hands of consumers. By doing this, consumers will hopefully drive market incentives for IoT manufacturers to create secure products. Security should be a competitive differentiator for the IoT and the Matter standard might just make it that.

The author is Mike Nelson, VP of IoT Security, DigiCert.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Army’s new next generation squad weapon programme to launch ARC’s weapons intelligence platform

Posted on: August 12, 2022

Washington – Armaments Research Company, Inc, a technology and data company serving national security and public safety customers, announced their Internet-of-Things (IoT) full-stack technology will be introduced in the Next Generation Squad Weapon (NGSW) programme of record, in partnership with Sig Sauer. For the first time in 65 years, the U.S. Army’s initiative will replace

Read more

Connected logistics market to hit $47.6bn valuation by 2029 backed by MaaS for fleet management

Posted on: August 12, 2022

The global connected logistics market stands at a valuation of US$22.2 billion (€21.61 billion) in 2022 and is projected to reach $47.6 billion (€46.34 billion) by the end of 2029. Demand for connected logistics is estimated to increase at a compound annual growth rate (CAGR) of 11.5% over the forecast period (2022-2029).

Read more
FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox