PAGE |20
threats Matter posed from the beginning provided a helpful guide to understanding what they needed to guard against. “We created a threat model to understand all the different ways that people could attack Matter. And we wrote down about 100 different ways that they could come in and attack and came up with countermeasures … Now, we have over 250 ways that we’ve come up with and we continue to add to the countermeasures,” explained Hanna. The ‘basics’ of setting out the security when they started were looking at secure communications; encrypting the messages, protecting the confidentiality of users, and making sure messages sent are coming from authorised parties. They went further than that, in making sure every Matter-compliant device comes with a QR code, not just for the end user’s convenience, but to trigger a series of security steps. “This includes having the phone find the device on the network, having them mutually authenticate to make sure this is the device to be set up and the phone is authorised to set it up,” he explained. “We had 10 major security features that were added in the first version of Matter … we added a new one last year, which has the ability to revoke certificates of authenticity,” Hanna continued. “In case someone does figure out how to create a counterfeit certificate, we now have the capability to revoke it.” WHAT’S MISSING FROM MATTER? The excitement the standard has generated and the ‘coopetition’ of
Steve Hanna, Distinguished Engineer at Infineon Technologies
The Mirai botnet incident in 2016, a huge cyber attack that infected millions of devices, is cited as an example of what can happen when malware can exploit vulnerable IoT devices and turn them into bots used for DDoS attacks, thereby increasing the ‘swarm’ of attacks. “Governments around the world have been paying a lot of attention the last decade or so to IoT and establishing requirements for cybersecurity … It’s not just a concern for individual consumers, but a national security threat as well,” stressed Hanna. Hanna played a part in outlining the security requirements for Matter, which he explained he saw as a key part of reassuring end users. “Once they know their security is a top priority and they can see the evidence of that, they become more comfortable, more willing to buy things and connect them up … that leads to overall societal benefits,” he said.
Because of the nature in which cybersecurity works, understanding the
WWW.IOTINSIDER.COM
Powered by FlippingBook