Matter security concept

The Smart Home standard Matter provides high security standards to protect your privacy.

Trusted devices and secure control and communication are the central factors of the security concept. Encryption is a fundamental requirement for this.

Device certificate

Every Matter device has a unique certificate (Device Attestation Certificate (DAC)). This certificate protects against counterfeiting and ensures that the hardware indeed comes from the specified manufacturer. The device's authenticity is confirmed by a manufacturer certificate (Product Attestation Intermediate, PAI) signed by an official certification authority, the Product Attestation Authority (PAA).

Exchanging keys during setup

During the Matter setup (Matter-Pairing) of your Smart Lock (4th generation), the device certificate is crucial.

  1. When starting Matter activation in the app, the Smart Lock enters "Commissioning Mode," making it visible to smartphones and Smart Home Hubs.
  2. The Matter Controller initiates the PASE process (Password Authenticated Session Establishment), in which the controller and device establish a secure connection using a password. The password is provided as a QR code and numeric combination.
  3. After a successful connection, the controller verifies the device certificate (DAC) of your Smart Lock and grants the device access to the Smart Home network.
  4. The Smart Lock also joins the Thread network and receives an Operational Certificate (OpCert) from the Matter Controller, which is stored on the device.

These security measures prevent unauthorized access and also ensure that non-certified products that could compromise security cannot be added to the Smart Home network.
Communication between devices is authenticated and encrypted, minimizing potential points of attack for hackers.

Blockchain

The Matter standard includes a digital registry (Distributed Compliance Ledger (DCL)) that stores security-relevant information. This registry contains data about each product (e.g. manufacturer, product identification number, compliance tests, certificates, information about the current software version).

From a technical perspective, it is a distributed network of independent servers operated by the organization Connectivity Standards Alliance (CSA) and its partners. These servers are interconnected via a secure cryptographic protocol, eliminating a central point of attack manipulation. This principle is commonly referred to as "Blockchain."

The process works as follows:

  1. The manufacturer enters their product's data into the DCL directory.
  2. If the device successfully passes the certification process, the testing institute reports the "certified" status to the CSA.
  3. Based on this data, Matter ecosystems, regardless of their manufacturer (e.g., Apple, Google), can verify whether an added device complies with the standards, if the device certificate is correct, and if new software is available.

To prevent misuse, write access to the DCL database is restricted. Device providers can only add their own products associated with their vendor ID. Confirmation or revocation of device compliance can only be done by official certification authorities of the CSA, while read access is open to all.



Was this article helpful?