Matter - The Overview (Part 1)

Tim Conrad – Senior Security Consultant

11 August 2022

As the Matter Standard (formerly known as Project CHIP) by the Connectivity Standards Alliance (CSA) will probably be released in Fall 2022, we at grandcentrix, couldn’t resist to start playing with the protocol and the examples that are already available on GitHub.

Note:
This blog post is written for developers and other people with a technical background and interest in a security focused overview of Matter.

Attention:
Please note that the Matter specification will continue to evolve and parts of the article might be out-dated, if you spot a mistake, please contact matter@grandcentrix.net.

We would like to walk you through Matter, with the simple example of a light bulb and a light switch, to explain some basic concepts. A deeper dive will be provided in smaller boxes if you like to have some more insight.

The Story

In a future (not) far, far away, Alice wants to set up a new smart light system and decided for a brand-new Matter device. Still warm from the factory, she unboxes the new Matter light switch. The new light switch will work without any cloud app, vendor bridge, nor will it need a vendor app to be used (Matter support will be added natively to Android and iOS). Alice will just need her home IP network with Wi-Fi, Ethernet or Thread and Alice is ready to go. Alice already owns Matter lights and wants to connect the newly bought switch to them.

Matter Specific Terms:

Node: An addressable entity which supports the Matter protocol stack and (once Commissioned) has its own Operational Node ID and Node Operational credentials. A device may host multiple Nodes.
Fabric: A logical collection of communicating Nodes, sharing a common root of trust, and a common distributed configuration state.
Commissionee: A new device that will be added/comissioned to a Fabric, to become a Node.
Commissioner: The role that adds new devices to the Fabric. The commissioning will be done by a Smartphone or a Smart Speaker, which are in themselves Nodes of the Fabric.
Administrator: A Node having Administer privilege over another Node.

Commissioning a new Device

After Alice unboxed the new device, she will power on the switch and start the commissioning.

1.) Alice will scan the QR-Code, printed on the device, to get all needed information to set up the device. The QR-Code contains base38 encoded binary including the values:

Version
Vendor ID
Product ID
Custom Flow
Discovery Capabilities
Discriminator
Passcode
Padding
TLV data (optional) (used to configure the Custom Flow)

MT:C8XA0SRB00KA0648G00

QR-Code:

The QR-Code will contain information (see bullet point c.) about how the device can be set into commissioning mode. An example would be “Press button on the back for X seconds.” or “Power on device with Volume + button pressed.” seamlessly integrated into the user experience of the smartphone. No need for searching the manual or internet how to set up a device.

Matter is full of features that should make it very comfortable for customers to integrate Matter products from different vendors into their networks.

2.) After following instructions on how to set the device into commissioning mode. Alice’s smartphone will start a Bluetooth Low Energy (in the future other interface like NFC might be available) scan to find the device based on the QR-Code data and connect to it.

3.) Now, the session between smartphone and device will be secured using Matter’s PASE (Passcode-Authenticated Session Establishment) protocol. The protocol is based on a Password-Authenticated Key Exchange (PAKE). The password is derived from the QR-Code’s Passcode using a Password-Based Key Derivation Function (PBKDF). After the keys are established, they are used to encrypt, authenticate and privacy protect the Matter messages send between both parties (for the encryption and authentication concern, as is usually done in modern protocols, an Authenticated Encryption with Associated Data (AEAD) primitive is used). The PASE protocol is only used during commissioning.

Privacy Protection:

Privacy protection takes care of the obfuscation and deobfuscation for message header fields after encryption and decryption. Fields that are protected are:

The Message Counter
Source ID
Destination ID

4.) The Commissioner requests a Device Attestation from the light switch. This will be done in form of a challenge-response protocol that will be checked against the Distributed Compliance Ledger (DCL). The goal of this step is to provide the user with a cryptographic proof that the device in front of Alice is legit. The device uses the Device Attestation Credentials (DAC) to prove its identity to the commissioner. The DAC is based on a certificate chain with a root certificate (called Product Attestation Authority (PAA)) which is managed by the Connectivity Standards Alliance (CSA). The PAA signs a vendor issued certificate (called the Product Attestation Intermediate (PAI)) which signs a device unique DAC containing metadata such as Vendor ID and Product ID and the Certification Declaration which is provided by the CSA as part of the Product Certification process. Optionally, the response could also include the result of the recommended measured boot process which could indicate the users if the firmware was tampered.

Distributed Compliance Ledger (DCL):

The DCL is a distributed, append only data storage owned and hosted by CSA members and it’s used for tracking certification status and Vendor maintained information such as product name, product description, and upgrade firmware URL.

Write access: Restricted to members
Read access: Anyone

The DCL could prevent loss of information if a vendor is out of business, but the devices continue to work and allow the seamless integration of product-specific metadata in the user interface.

Home-brewed Devices:

It is intended to enable the user to allow devices with self-signed/developer Device Attestation Certificates in your Fabric. The user will acknowledge that accepting a device with failed attestation will undermine parts of Fabric’s security/trust.

But it will also allow technical enthusiast to build their own devices and use them based on the open-source Matter software.

5.) After verifying that we are dealing with a legit device and not a fake product, we will continue to set up the device. In this step, the Commissioner (the smartphone) will generate and install the Node Operational Credentials (NOC) on the light switch. The NOCs consists of the RootCA (symbolizing the Fabric and acting as its trust anchor) and a Node unique certificate and private key. The RootCA will be used by the Commissioner (which is considered the Fabric-wide administrator) to authenticate after commissioning has ended. The Node unique certificate and private key are used for communication between different Fabric Nodes.

6.) As BLE won’t be our primary mode of communication, we need to provide the credentials for our wireless network (Wi-Fi or Thread are currently supported).

7.) Before we finalize our commissioning, we need to add the Commissioner into the Access Control List of the light switch. The ACL will include information about the Fabric, privilege level (here Administer rights), authentication mode, subjects and targets. So, basically, who is allowed to perform which kind of actions for what kind of services on the current device.

8.) The commissioning is now completed and we can close the PASE and BLE session.

Bind a new Device

For now, our light switch is not very useful as we can’t control any light with it. But this will now change as we will bind the light-switch to one of our lights.

9.) Alice will open a session to (an already commissioned) light via Wi-Fi. For this the Certificate-Authenticated Session Establishment (CASE) is used. CASE is based on the SIGMA protocol, in contrast to the PASE protocol used during commissioning, CASE relies on the NOCs for key exchange. The exchanged keys are then used for encryption and privacy protection of the Matter protocol messages using AEAD.

10.) The Commissioner will now install the public parts of the light-switch’s NOC on the light bulb. The light bulb will use this to authenticate the light switch later on.

11.) Furthermore, a new ACL will be added to allow the light-switch to turn the light on and off.

12.)-13.) Will repeat the steps for the light-switch to provide the NOC’s of the light bulb.

14.) In this step, we will bind the light switch and its operation to the light bulb. Now we are finished with setting up our light-switch and light-bulb. What is unique to Matter is that the device will now directly communicate with each other and do not need any intermediate broker or server to forward the data.

15.) If the switch is now pressed to turn on the light, it will establish a secure session using CASE and the NOCs added by the Commissioner earlier.

16.) The switch sends the Matter commands to operate the light. And the light will turn on.

Multiple Fabrics - Multi Admin

With the concepts of Fabrics and trust originated from the Commissioner, it is possible to allow other users to configure their own Fabric on the device and operate the device independent of each other.

To allow a new person to administer the device, the current Commissioner re-opens the commissioning window and provides a new commissioning QR-Code (with a new Passcode) to the other person. The commissioning will work as before. The trust/security of the previous Fabric will be untouched.

Another way to provide your family and friends access to your Matter Smart Home will be configuring specific ACLs for family members (and their smartphones) to allow fine granular access to the Matter devices. For example, to create your own color and brightness settings and control the lights even though you are not the Commissioner.

Coming Soon

This is the first part of a series of blog posts. In the up coming post we will create a Matter capable light with an ESP32. In addition we walk you through the internals of Clusters, Endpoints and Attributes. See more in Part 2.