Simplifying Integration And Security In Home Networks

An explosion of devices connected to the internet is driving vendors to implement standards that simplify the initial setup and improve security and integration with other devices, regardless of brand, network protocols, or country of origin.

Farthest along in this multi-ecosystem merge is the Connectivity Standards Alliance (CSA), which today is supported by more than 500 companies, including Apple, Google, Amazon, Infineon, Arm, Renesas, and Synopsys. CSA released the Matter 1.0 standard and certification in October 2022. Supported device categories span everything from smart door locks to a variety of sensors, thermostats, lights and lighting, smart hubs and bridges, garage door openers, wireless access points, blinds and shades, smart plugs, and smart TVs.

And that’s just the beginning. Companies supporting the standard say it will be deployed in industrial and commercial applications in the future, where many of the devices were designed to be part of a single-vendor’s ecosystem.

Matter is built on top of IPv6, which allows for application-to-application communication over WiFi, Ethernet, and Thread. But it also comes with some power/performance overhead. Because it is IP-based, it requires more memory than specifications like Zigbee, (there is bridging technology within Matter that allows for compatibility with existing Zigbee devices). Matter’s security considerations also may have an impact on hardware design. Security in the IoT world has been spotty, at best, and non-existent at worst, because vendors don’t want to pay for the extra design costs. But to remain competitive in the future, they now will have no choice.

While vendors may grumble, the upside for consumers is significant. With Matter, they can manage one environment, making it far simpler to securely add a new device to a network that isn’t all Apple or Google devices, for example, and to keep all of them updated to the latest version. The Matter protocol abstracts the underlying connectivity technologies, such as Wi-Fi, Thread, and Bluetooth LE, and uses a common software stack to support the various smart home ecosystems and voice services.

Whether this pivot from a walled garden model to something more open will result in more consumer excitement for IoT remains to be seen. But it does mean consumers have a base-level reference for judging what else they buy. And while adding enough memory and security capabilities into devices to ensure Matter compliance could be a challenge in some devices, the biggest challenges tend to be more financial than technical.

In fact, many devices already include the Matter protocol. “The ecosystem rolled out their software updates, so Matter is in your iPhone whether you know it or not, or your Android phone, or your Amazon device, or your Samsung TV,” said Skip Ashton, distinguished engineer at Infineon.

Chris LaPré, head of technology at CSA, said Matter could unleash new possibilities for devices and networks that begin to resemble Metcalfe’s Law, in which an increasing number of connections to a network correlates to increasing value. This already is happening with comprehensive energy/resource management, which utilizes multiple devices, and health and wellness applications.

“As the cost of energy fluctuates, maybe I do want to change the thermostat a little bit or use my blinds to cool the house before the sun comes out, or use this little bit of energy that the electric company won’t buy back at the same rate that I’m going to be paying for energy,” said LaPré. “When you’ve solved the interoperability problem you can start going after other issues, as well, like water conservation and home leak detection. As for health and wellness, aging in place is an interesting example. Let’s say my aging mother is home alone. How can I not spy on her but still know she’s okay? What if she doesn’t open the refrigerator when she normally does? There should be some machine learning algorithm that knows what she does during a normal day and then texts me and my sister when something’s wrong.”

The reference implementation is open source and available on GitHub, and the slew of Matter-related product announcements at January’s CES shows manufacturers were able to speedily implement the standard over just a few months. The challenge now is to square costs with price points that are appealing to consumers.

“If you look at the global trajectory of prices, they have come down to a spot where implementation is affordable even for simple device types, like smart plug sensors,” LaPré said. “Once global supply fixes itself, there will be more flash and RAM and the right radios for Matter devices. Lots of companies in the past six months have announced single die-type products, and that will also bring the cost down as they become more commonplace. With the adoption promises the big ecosystems have, the volumes will start to take off, as well, and all these things should be normalizing factors.”

While some companies are using software updates to make their devices Matter-compliant, others, are creating entirely new devices with more flash and RAM to accommodate the new standard.

“We’re seeing different companies taking different approaches,” said Ashton. “Some companies last year upgraded their microcontrollers or SoCs and put more memory in to anticipate this, and they’re rolling out their software updates. But customer software updates are harder than shipping new devices, just from a complexity standpoint. So others are rolling out new products with Matter, and they’re coming out now.”

There has been a push to add more performance and resources into devices for a variety of reasons. Some devices have been upgraded for entirely different reasons.

“Increasingly, companies that are selling the same widget to multiple customers would prefer to create a product that encompasses more than one need, as opposed to doing an ASIC chip,” said Sailesh Chittipeddi, executive vice president at Renesas Electronics. “We also find that customers want a level of hardware customization for certain applications, despite the fact that something at a lower cost actually may be sufficient if it’s done in software. The reason is they believe they will drive high enough volumes to amortize the cost. An interesting segment there is industrial, where there is a move back and forth between a pure ASIC kind of model and an MPU, with more general applicability, but with software associated with it.”

Still, that extra performance helps minimize the impact of a connectivity protocol like Matter, which appears to be gaining traction. Renesas, for example, said it will offer Matter support on all future WiFi, Bluetooth Low Energy, and Thread products.

Fig. 1: Matter 1.0 allows devices from different brands and platforms to communicate over WiFi, Ethernet, and Thread. Source: Infineon

Smart home security
Matter also can help with security. As consumers continue to fill their homes with smart devices, the need for security will only grow. Today, it is widely understood that security features must be both hardware- and software-based, and even basic IoT devices can be harnessed as a bot army, such as what happened with the 2016 Mirai attack.

“With IoT, there’s always a question of whether to design your own or use a standard component,” said Frank Schirrmeister, vice president of solutions and business development at Arteris IP. “The good news is there are so many development kits out there that it’s really mostly a software problem. From a hardware perspective, as long as the underlying components follow the protocol, you are fine. It’s more of a software problem than a hardware problem as long as you support the right standard.”

This simplifies Matter support. “There are also services in the system, and with those different parts of the system,” Schirrmeister said. “If you look into the list of solutions, you have end node things and edge node items, which are somewhere in the network because you want to do something as a user within the edge. Then you have hosted elements when things go back into the cloud. In that context, it is actually much more of a software problem than it is a hardware problem, because on the hardware side it trickles down in terms of requirements to the network-on-chip, such as what’s the priority between these different connectivity interfaces? How fast can the software look at things? Who has access to security at the lowest level? Those are all items that need to be considered.”

Fig. 2: An example of network-on-chip safety capabilities. Source: Arteris IP

What Schirrmeister described is akin to AUTOSAR or the GENIVI Alliance (now called the Connected Vehicle Systems Alliance) in the automotive world for common infrastructure components that can be used to swap low-level hardware components in and out, along with the software ports between them, yet the high-level software doesn’t necessarily change. “Those hardware abstraction levels work well,” he said. “At the interconnect level and at the IP delivery management level, it’s all about supporting the quality of service, and the security aspects in the network-on-chip that are required.”

For the Matter standard, security is a major selling point because all Matter devices must achieve certain security standards before being certified as compliant.

“The fundamentals of security have been baked in right from the beginning,” said Ashton. “There’s a secure device identity tied to a certificate, and that’s in the distributor compliance ledger that’s maintained by CSA. It’s very manufacturer-specific, so we can encode things like new software updates. It gets an operational certificate, and we’ve been doing operational certificates in networks for many years, but not in these smaller home networks. We can use that to set up security sessions on the network, and everything we send across the network is with a security key so everything is encrypted. These are all just best practices, and many devices did them, but not all of them. We’re saying it’s not just a best practice, it’s mandatory. From a consumer standpoint, that’s really meant to help provide some level of comfort with these devices.”

Some of those mandates have hardware implications, as secure enclaves have become commonplace. So if a security vulnerability is reported and a manufacturer doesn’t respond appropriately, CSA can revoke the device’s certificate.

“CSA has a product security incident response team. The technical experts would get together and discuss whether it’s a Matter protocol issue, a device implementation issue, or something else. Depending on who’s responsible, you then look for a fix, and you consider the severity of it and the implication of what happens if it is not fixed,” Ashton said.

Diya Soubra, director of IoT Solutions at Arm, said that as the Matter protocol starts to improve communication across devices, security of devices and consumer data will continue to grow in importance. “In particular, Matter will require security services that are supported by a foundational Root of Trust,” he said. “The PSA Certified scheme will continue to support the industry in designing with security in mind. As the capabilities of these devices are increasing, there is also a greater need for on-device ML processing which will require higher levels of performance in a lower power envelope. This is also a fast-paced sector where time to market is key.”

Additionally, achieving the appropriate level of security of the system depends on both the protocol and the implementation. For example, a secure device could download an application that contains malware that compromises a whole network of devices.

“A Matter-compliant IoT device can borrow from security principles that have inspired other application areas, such as hard disk security, music distribution and over-the-top media delivery and consumption where the high-value digital assets need to be protected from pilfering or denial of service attacks,” said Prakash Madhvapathy, director of product marketing for Tensilica audio/voice DSPs at Cadence.

Madhvapathy recommends encapsulating security in the main SoC, because “peering into the innards of an SoC requires highly sophisticated tools” whereas observability of multiple on-PCB devices is possible with logic analyzers.”

It’s also possible to identify breaches in the field. “Embedded analytics technology can be used to actively monitor an IoT device boot sequence, and will enable a trusted boot sequence to be identified and the system to subsequently unlocked,” said Lee Harrison, director of product marketing for the Tessent Division at Siemens Digital Industries Software. “As the monitoring is done in hardware, it ensures that both the hardware and software elements of the IoT device are checked. Also, the monitoring can be placed at any number of locations around the system to avoid any side channel type of attacks.”

There’s also the process of hashing to protect an application. “The embedded application typically resides in an external flash device attached to the SoC,” Madhvapathy said. “Hackers could replace the flash program with their own and thereby gain access to the device. Defeating this approach requires careful design of the SoC such that initial boot-up occurs from on-chip ROM rather than from external flash. This small yet security-critical piece of on-ROM code should authenticate the application stored on flash before transferring control to it.”

Authentication can be achieved by storing a hash image of the application along with it. “The on-ROM code uses private, or secret keys to regenerate the hash from the application image and allows the application to run only if the hash matches what is stored on flash,” Madhvapathy said. “This also requires that an enterprising hacker not be able to read the on-ROM private keys. The SoC design can remove all pathways for a user to access these keys, such that only the authentication logic has access to it. Further, to ensure that even the hacker at the factory does not have access to the keys, the factory must ensure a secure mechanism to provision such keys onto the device such that no one is privy to that information.”

Taken together, the secret key on-chip and the initial boot code are the Root of Trust, which can include other functions such as true random number generators (TRG) that have a significantly higher degree of randomness than those offered by even very long, pseudorandom generators.

Other possible steps include assigning devices unique keys, encrypting the application with a different key than the one used for hashing, defeating powerline attacks by using SoC-activated TRGs to drown out variations that can be attributed to key bit-patterns, and disabling the debug port before shipment and then having a trusted field personnel inject an enablement key.

There is a huge range of approaches and expectations for security across the IoT ecosystem, with many of the highest-volume lowest-cost products being the least secure, noted Mike Borza, scientist in the solutions group at Synopsys. Further, there is a growing list of tools available to help with the design considerations as it relates to security.

“IP cores to build those secure foundations are helpful because they make it easier for non-security-experts to have a better probability of building a secure chip,” Borza said. “We’ve started to see some open-source hardware that looks like a good basis for this, in addition to some good commercial offerings. During the planning, architecture and design phases of development, we’re starting to see some tools emerge to help with risk assessment and identifying common weaknesses that may be relevant to a chip’s use case. A lot of these are built around knowledge in sources like the CWE (Common Weakness Enumeration) database.”

Conclusion
Efforts to unite the IoT ecosystem, increase security, and unlock new value for consumers are long overdue. Matter is a recognition that the chip industry is taking this very seriously, and the improvements are likely to be reflected in multiple other market segments as the technology is proven and matures.

— Ed Sperling contributed to this report.