Author: STMicroelectronics
One of Matter development’s biggest issues is a potentially false sense of security resulting from improperly implementing specifications. According to CommScope, a member of the ST Partner Program, failing to manage certificates or device attestation credentials (DACs) correctly can lead to security vulnerabilities, as DACs are the most sensitive parameters for establishing device authentication and trust within the Matter ecosystem. It can also mean a company can fail to meet the IoT Device Security Specification from the CSA, the consortium behind Matter.
Launched in March 2024, the specification establishes unique Critical Security Parameters (CSPs) and follows best practices on secure storage and management processes. Once device manufacturers meet the certification criteria, they obtain Product Security Verified Marks. Hence, the IoT Device Security Specification represents a significant milestone toward what some are calling a “global cybersecurity standard for smart home devices”1, by ensuring a more secure ecosystem that’s capable of meeting today’s growing threats. CommScope and ST are, therefore, collaborating to ensure STM32 developers can rapidly meet these requirements.
Security no longer optional
The entire industry has high hopes for Matter, which explains why so many are adopting it, from Apple to Samsung, Amazon, and Google, among many others, and why ST is a promoter member of the CSA. We even released an X-CUBE-MATTER software package to help developers rapidly release their products to market thanks to pre-certified code and demo applications. Moreover, we have already shown demos of a certified Matter system running on STM32 MCUs. The CSA explains that it created Matter “with security and privacy as key design tenets.2” Consequently, as a promoter member, ST ensured our customers have all the tools and hardware needed to meet the latest security requirements.
Sleeping on the job
The reason behind this new security push is simple. Until 2010, many developers didn’t even think the vast majority of IoT devices warranted security safeguards. This led to severe issues like the Mirai Botnet, which exploited IoT devices to launch massive DDoS attacks. Similarly, when researchers showed how they could remotely take control of a car by exploiting inherent vulnerabilities3 or that hackers spied on children’s bedrooms by breaching popular home security cameras4, people started to take notice. The CSA’s emphasis on security and privacy recognizes the critical importance of safeguarding users and devices in a world where threats are increasingly complex.
Rude awakening
The problem is that few device manufacturers have the expertise to properly design and implement security measures. What’s even worse is that many developers vastly underestimate what it takes to implement security in a Matter system. For instance, the IoT Device Security Specification requires that the private key never leave its origin device. As a result, many companies only discover their non-compliance when they enter the certification program to obtain the Product Security Verified Mark. This often leads to significant delays and expenses when teams must revisit their initial designs and implementations and address the security issues preventing them from obtaining the IoT Device Security certification.
Intentionally secure
STM32 and security
Any security implementation starts at the hardware level. No amount of software can save a device that doesn’t offer strict physical and logical safeguards. Hence, the STM32WB55, which many use to run their Matter application, offers tamper protection mechanisms. It also has multiple crypto cores accelerating AES symmetric and RSA/ECC asymmetric cryptography. Moreover, it supports secure firmware installations and provides key storage and management services. Furthermore, the STM32WBA5x devices, like the newly launched STM32WBA54 and STM32WBA55, which can work as a radio co-processor in a Thread border router in a Matter ecosystem, can target a SESIP3 and PSA Certified Level 3 certification. Accordingly, developers know that these devices can help them meet modern specifications.
CommScope security solutions
To allow developers to gain firsthand experience with Matter Device Attestation Credential provisioning without requiring software development, CommScope provides a video showcasing the process with a test DAC on an STM32WB5MMG evaluation board, the STM32WB5MM-DK. The CommScope solution provides services that handle certificate authority, provisioning services, certificate lifecycle management services, boot loaders, and app code signing. The services predate Matter and work in a wide range of IoT applications. In fact, their expertise has helped them anticipate the needs of developers, which is why ST featured CommScope Security Solution during Embedded World 2024.
In the video, CommScope shows a demonstration software package, which includes:
- The DAC provisioning firmware
- The programming station application
The DAC provisioning firmware runs on the STM32WB5MMG to generate the DAC key pair and its corresponding Certificate Signing Request (CSR) within the device. As a result, it keeps the private key secure. Users can use STM32CubeProgrammer, our popular debugging and flashing tool, to flash the DAC provisioning firmware onto the evaluation board. As for the programming station application, it facilitates communication between the STM32WB5MMG and the CommScope’s Matter DAC provisioning server (PKIWorks Essentials) by forwarding Certificate Signing Requests (CSRs) and receiving DACs. The demo is also close to a real-world example. When it’s time to move to production, the manufacturer must simply transition to a software package enabling the provisioning of DACs tailored for the product in question.
Simplified Path to Production & Certification
ST and CommScope recognize the pain points that come from transitioning from a proof-of-concept with a demo package to a production line. Hence, CommScope offers a pre-integrated and tested pre-production solution with an integration guide for our STM32WB5MM-DK Discovery Kit. Device manufacturers can thus create a factory-deployable workflow ready to roll out and fit into their existing factory processes with minimum software customization. Both ST and CommScope understand the challenges involved in modifying manufacturing processes. It involves careful planning and adjustments to optimize production yields, especially when integrating DAC provisioning into manufacturing lines.
Consequently, to facilitate the transition from test DACs to production DACs, device manufacturers only need to provide their company name, vendor ID, and/or product ID to CommScope. The company will then create a specific Product Attestation Intermediate (PAI) essential for DACs issuance during production. Each device manufacturer’s specific PAI(s) is linked to CommScope’s CSA-approved non-VID-scoped Product Attestation Authorities (PAAs) and recorded in the CSA’s blockchain, known as the Device Compliance Ledger (DCL).
Therefore, ST and CommScope’s pre-integrated software package includes necessary baseline software implementation and offers direct Certificate Authority Services tailored for various device manufacturers. In addition, CommScope’s expertise in security ensures that DAC private keys never leave devices and are securely stored within STM32WBA5x. This best practice enables device manufacturers to achieve IoT Device Security certification swiftly. Put simply, it removes a lot of complexity so engineers can focus on what they do best: develop unique features and release products ahead of everyone else.