standards

The Matter Smart Home Standard

/ bugejajoseph / Leave a comment
Photo by John Tekeridis on Pexels.com

Matter is a royalty-free smart home standard that promotes platform and device interoperability. Built on the Internet Protocol, Matter enables communication across smart home devices and ecosystems over a variety of IP-based networking technologies, such as Thread, Wi-Fi, and Ethernet.

The persistent need for an Internet connection experienced by modern IoT devices is likewise addressed by the Matter smart home standard. Indeed, Matter products run locally and do not rely on an Internet connection, although the standard is designed to readily communicate with the cloud.

Security is a fundamental premise of Matter. Matter functional security includes the following five characteristics:

  • Comprehensive – Matter is an open-source framework designed to provide comprehensive security with a layered approach that includes authentication, attestation, message protection and firmware updates, relying solely on its own security features and not on external communication protocols.
  • Strong – Matter implements a variety of security techniques, including a cryptosuite based on AES, SHA-256, and ECC, as well as passcode-based session and certificate-based establishment protocols. It also adopts device attestation and the CSA Distributed Compliance Ledger to guarantee a compliant and interoperable ecosystem.
  • Easy to use – Matter security is a smart device platform designed to make the implementation and use of smart devices much easier for device makers and consumers alike. It comes with open source reference implementations and well-defined security assets, making it a secure and simple solution for customers.
  • Resilient – Matter security is designed to protect, detect, and recover data, utilizing multiple protocols and measures to prevent denial of service attacks and provide resilience even when sleeping devices are involved.
  • Agile – Matter is a crypto-flexible protocol that abstracts cryptographic primitives, enabling the specification to be quickly changed or upgraded in response to new security threats. The modular design also allows for individual protocols to be replaced without completely overhauling the whole system.

Matter is paving the way for a secure and reliable connected home of the future. With its comprehensive security and ability to operate without an Internet connection, Matter is the ideal choice for modern IoT devices. It is revolutionizing the way home devices communicate, providing a safe and secure environment for the connected home of the future.

Read more here: https://csa-iot.org/wp-content/uploads/2022/03/Matter_Security_and_Privacy_WP_March-2022.pdf and https://csa-iot.org/all-solutions/matter/

IoT Cybersecurity: Two New Documents Published by NIST

/ bugejajoseph / Leave a comment

As an IoT practitioner or device manufacturer, it is important to keep up with the latest developments in IoT cybersecurity. The National Institute of Standards and Technology (NIST) has recently released two draft documents for public comment that are relevant to the IoT.

The first is a discussion essay titled “Ideas for the Future of IoT Cybersecurity at NIST: IoT Risk Identification Complexity“. This discussion paper lays the groundwork for forward-looking talks on detecting and addressing risks for IoT devices by drawing on NIST’s earlier work in cybersecurity for the IoT (for example, NISTIR 8259).

The second is a draft NIST Internal Report (‘NISTIR’) 8425 titled “Profile of the IoT Core Baseline for Consumer IoT Products“. NISTIR 8425 recalls the consumer IoT cybersecurity criteria from NIST’s white paper on “Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products,” and incorporates them into the family of NIST’s IoT cybersecurity recommendations. 

I recommend you keep tabs on these documents, particularly NISTIR 8425. 

Where are we today with IoT Security Standards?

/ bugejajoseph / Leave a comment

IoT security standards are necessary because the IoT is fundamentally insecure. It is hard to predict whether or not an IoT device will be hacked, and even if it is, what data will be compromised. There must be defined criteria for security standards for this technology to evolve responsibly without introducing new problems. Here is a quick rundown of some of the most recent security standards.

In the United States, in December 2020, the IoT Cybersecurity Improvement Act of 2020 was signed into law. This is the first piece of IoT legislation in the US aimed at ensuring that federal agencies only buy IoT devices that adhere to strict security protocols. A new cybersecurity standard for consumer IoT (ETSI EN 303 645 V2.1.1) products was introduced in the European Union in June 2020. The purpose of this standard is to encourage better security practices and the use of security-by-design concepts in the creation of new connected consumer products. The Department of Culture, Media, and Sport in the United Kingdom announced new measures also in June 2020 to protect users of internet-connected household devices from cyberattacks. They implemented a product assurance scheme that requires certified IoT devices to bear an assurance label or kitemark indicating that they have completed independent testing or a thorough and accredited self-assessment process.

When it comes to the IoT, one of the most crucial considerations is security. As the IoT grows more intertwined in people’s lives, security standards are required to keep it safe from hostile attacks and prying eyes. There is so much that can be done to improve IoT security, and this is an opportunity for bright minds to get together and influence the IoT’s future.

Finally please remember that you are welcome to contact me and suggest themes for future posts.