Unlocking the Future: Exploring Device Attestation in the CSA Matter Ecosystem

Seamless Device Credential Provisioning for a Secure and Connected IoT World
Senior Director, Security Solutions
5 minute read

SCTE Cable-Tec 2023 Informational Banner

We're gearing up for an exciting event at SCTE Cable-Tec 2023 in Denver, taking place from October 16th to 19th. On October 18th, between 3:00 pm and 5:00 pm, our security expert, Dr. Xin Qiu, will be presenting a captivating Lightning Talk in Security Summit on Device Attestation in the CSA Matter Lifecycle. But that's not all—join us for a Live Demo, where we'll unveil the intricacies of Matter Device Credential Provisioning for IoT Devices and the groundbreaking HomeVantage™ GPON/Ethernet Gateway. The world of connectivity and security is rapidly evolving, and we're here to keep you at the forefront of innovation.

Security Summit - Lightning Talk: Device Attestation in the CSA Matter Lifecycle

Join us for an informative session at SCTE Cable-Tec 2023! On October 18th, from 3:00 pm to 5:00 pm, esteemed industry experts will share their insights during a special session in room 104. Dr. Xin Qiu will present an overview of Device Attestation within CSA Matter, the new unifying smart home standard that has garnered significant attention from industry leaders and companies alike. CSA Matter, or Connectivity Standards Alliance https://csa-iot.org/ Matter, represents a groundbreaking industry initiative with a clear mission: to create a unified standard that empowers seamless communication among smart home and IoT devices. This ambitious endeavor aims to enhance interoperability, security, and reliability in our increasingly interconnected world. A key facet of this initiative is its resolute commitment to security enhancement, focusing on two pivotal foundations: device attestation and software security. This approach is designed to fortify the security and reliability of products that have become an integral part of our daily lives.

CSA Matter places a strong emphasis on security right from the outset, during the device manufacturing phase. Key elements like secure boot and device attestation credentials, commonly referred to as DACs, are woven into Matter's foundation, establishing a robust security framework.

In the context of the CSA Matter ecosystem, device manufacturers are required to provision a unique Elliptic Curve Cryptography (ECC)-based key and certificate into each device. These certificates are issued through their respective Production Attestation Intermediate (PAI), which is linked to the Root, Product Attestation Authority (PAA). Notably, all PAA certificates are securely stored within the Distributed Compliance Ledger (DCL), while their corresponding private keys are maintained within Hardware Security Modules (HSMs) hosted by each individual PAA. It is within this framework that the foundational structure of the CSA Matter Public Key Infrastructure (PKI) takes shape.

In this framework, the DAC/PAI/PAA certificate chain serves as the foundational basis for establishing device authentication within the Matter Commissioning Process, spanning from initial device manufacturing to integration into a consumer's home network. Following successful commissioning, a device receives a fresh operational certificate with its own distinct chain. Known as the Node Operational Certificate (NOC), this credential works together with the corresponding Intermediate Certificate Authority (ICA) and Root Certificate Authority (RCA), enabling secure communication among all devices within the consumer's home network.

Live Demo: DAC and NOC Over-the-air (OTA) Provisioning

Join us for our live demo sessions in Meeting Room M31 on Oct. 17th, from 4:00 pm to 5:00 pm, and in Meeting Room M24 from 1:15 pm to 2:15 pm MT. Please note that seating is limited, so reserve your spot via LinkedIn at Dr. Xin Qiu or Rafie Shamsaasef.

During our live demo, we will unveil our latest development in over-the-air provisioning of digital credentials, focusing on resource-limited devices like STM32WB55 (a Matter device selected by ST) and the CommScope HomeVantage™ gateway.

  1. Factory Provisioning of CSA Device Attestation Certificates (DAC): we will connect the STM32WB55 to a laptop via a serial link, simulating a manufacturing programming station. The device will then connect to CommScope's PKIWorks™ Essentials over the internet to download certificates.

    We will demonstrate the seamless and secure process of provisioning CSA Device Attestation Certificates (DACs) and associated Product Attestation Intermediate (PAI) certificates during manufacturing. Our demonstration will highlight our ability to fast track manufacturers' development for a secure factory-deployable process, ready for production rollout, while minimizing manufacturing errors.

  2. Over-the-Air Provisioning of Node Operational Certificates (NOC): we will connect a HomeVantage™ NVG578LX GPON/Ethernet Gateway with Wi-Fi 6 to a tablet via WiFi interface, enabling it to connect to PKIWorks™ Essentials over the internet to download certificates.

    While Device Attestation Credentials serve as the foundational basis for establishing device authentication within the Matter Commissioning process, following successful commissioning, each device receives its NOC along with the corresponding ICA and RCA. This enables secure communication among all devices within the consumer's home network.

About CommScope Sentry™

CommScope Sentry™, previously known as the CommScope PKI Center™, has established itself as a leader in the field of PKI and device software security services, boasting a longstanding commitment to research and development since the 1980s. Leveraging extensive expertise in device security spanning over 40 years, CommScope Sentry™ protect cryptographic keys and certificates throughout the manufacturing process and combat piracy and counterfeiting in the field. Additionally, with more than 200 patents in PKI and device security, along with WebTrust audit certification, we solidify our position as a trusted and capable provider in the industry. Our holistic perspective and comprehensive understanding of industry-specific nuances and best practices enable us to effectively address unique challenges, driving innovation and interoperability within IoT and beyond.