Go back to Insights >
Smart Homes

Why Matter Matters - An Interview with Hardy Schmidbauer

Kudelski IoT has been preparing its Matter Certificate Authority/Device Attestation Authority service for a while now, and it was officially launched this week after receiving approval from the Connectivity Standards Alliance. We asked Kudelski IoT Hardy Schmidbauer to give us a high-level overview of the Matter standard and what it means for device and silicon manufacturers, and what they need to know in order not only to achieve Matter certification, but how to ensure they secure the entire lifecycle of their product.

Hardy Schmidbauer
Hardy Schmidbauer
SVP of IoT, Kudelski Group
Updated on
June 13, 2023
Matter security is about more than just certificates. It's about looking at the entire product lifecycle and designing in security from the start.
Tweet this
The twitter symbol

What is Matter is and what value it provides for the industry?

Matter is a new standard targeting the smart home industry.  If you’ve tried to get different smart home devices or ecosystems to work together, I’m sure you’ve struggled. For instance, if you’ve tried to get your Ring doorbell to connect to your Google Assistant and then work with your iPhone, that’s not always the easiest thing to do. And I’m sure most people have encountered challenges around that. So Matter is really trying to solve that interoperability challenge in the smart home ecosystem. It’s built around, you know, four main pillars. The first one is simplicity, the second one is interoperability, the third one is reliability and connectivity, and the fourth one is security.

In basic terms, how does Matter work?

Matter ensures that all of your home devices work together. Seamlessly. And I think that’s the simplest way to phrase it for those of us who were are not 100% immersed in the tech on a day-to-day basis.

How does Matter improve security?

Matter really had a focus on including security in the specification, which is critical to already have from the design phase. You can’t add it at the end of a design. So they’ve done a good job of really defining security in the specification, ensuring authentication of the devices so that you know it’s an authentic device. You can’t trick and connect devices which are not authenticated into the network.

How can companies proactively address security for any connected IoT device?

I think that’s a great point. You know, I think some consumers have kind of lost faith that their devices are secure. And I think that’s hurting adoption somewhat in the industry. And I think that’s what Matter’s really trying to solve by really proving and ensuring the security of the ecosystem. Outside of Matter, really any design should follow a security design thinking process, right? And I think a lot of companies haven’t been doing that, and I think there’s a lot of regulations and standards now that are really starting to push security, so now it will need to be thought of and included in the design from the early architecture phase.

The process that we really try to help companies with at Kudelski IoT is to first do a security architecture and threat modeling for your product and your solution because security’s not a one-size-fits-all solution. A cat tracker doesn’t need the same level of security as a smart meter.  So you can’t try to push really high security on every product because it will potentially make those products non-competitive or too expensive for the market. So defining the right level of security and doing the threat modeling is really the first important step. Then you can take that and include the appropriate level of security in the design specification from the beginning so that your engineers can really design towards a very specific security target. And then at the end of the design process and the certification process I think it’s then important to go back and have an independent expert really evaluate that the security target was also met in the device. It’s important to have somebody go in and try to hack or compromise that device to see if the security target was met or not before you go to market. We help companies at Kudelski IoT to go through that process, and we even do a lot of the security architecture and threat modeling for companies, to help them build that into their specification. We have a great team in Switzerland who eat, drink and breathe security, helping companies go back in and really evaluate the security of the devices to make sure that they hit defined targets.

How does Kudelski IoT help Matter manufacturers?

Part of the Matter specification and certification today is that is your device needs to be authenticated. So Kudelski IoT is now one of the very few approved Product Attestation Authorities, otherwise known as a Certificate Authority. We provide Device Attestation Certificates to companies which really ensures that authentication. So without that, you can’t even join into a network or communicate with other devices if you don’t have that Device Authentication Certificate. Matter has also included security and encryption into their specification and have other kind of recommendations on security as well. Security is not tested as part of the certification process today other than having the Device Attestation Certificate, but I think that is one thing that they’re looking at to include as well in the standard and in the certification process in the future.

What do Matter adopters need to do beyond certification to help ensure the long-term security for their products?

First of all, you need to design towards the Matter spec. That gives you an initial level of security that you need to include into your design to be able to pass the certification and also to be able to do the attestation. But I think companies should also - independent of that - really follow the process which I mentioned before of defining security targets, doing security architecture reviews, etc.  And if companies work with us on certificates, then we can help them through the entire security lifecycle as well. It’s not something that they have to choose, and they can even decide to do it later. But if you want to do in-field provisioning or you want to do secure FOTA updates over the air or you want to do key rotation or manage the security lifecycle of the device, that’s something that we can help companies do as well. We believe that no other Matter Certificate Authority provides this rich portfolio of important security services to their customers in addition to just providing certificates.

How are the prospects for Matter adoption looking like from your point of view?

I think that’s one of the really exciting things about Matter, because with any specification, getting the industry to adopt it is always the biggest challenge. I come from helping to build the LoRa Alliance, and getting a critical mass of the industry participating in the standard is always the biggest challenge for getting a new standard adopted and off the ground. And within Matter, you have all of the major players from the smart home industry which will really help drive its success if everybody’s participating and everybody’s committed to it. You have Apple, you have Google, you have Amazon, you have Samsung, you have Somfy, Legrand, Ikea, LG, even Huawei, participating within the standard. As well as having all the major semiconductor and microcontroller companies supporting the standards such as Microchip, Silicon Labs, ST, TI, Infineon, Nordic and other also really actively pushing the standard as well.

Will other industries beyond the smart home benefit from Matter eventually as it continues to grow and be adopted more widely?

Certainly. The initial target of Matter is really the smart home ecosystem around single family homes. Smart building scenarios are very similar to smart home scenarios with use cases around lighting, electrical outlets, thermostats, HVAC, access control with doorbells and door locks and windows, so it makes perfect sense to apply Matter to that space as well.  I think if Matter gets really high adoption in the consumer segment, we’ll see it used a lot more in the more industrial segments as well for IoT.

What are the long-term impacts of Matter and what do you expect from Matter in the future?

I think the smart home industry could be so much larger with real  interoperability. Some consumers have really been frustrated by the setup process of these different devices or different systems. I think if Matter can solve all of that and I think they have all the major players involved, who are really committed to solving consumer concerns. The potential volumes are huge. This cooperation is really critical for achieving the huge increase in the overall volume of the smart home industry that we’d all like to see.

What challenges are people facing with Matter adoption?

It’s early, so I haven’t heard anything yet. It’s all been very positive as companies are starting to roll out the first devices. The specification was only released late last year. You’re starting to see the first Matter devices at CES this year, and Samsung just announced additional Matter-compliant devices at their February event. So though it’s still early, everything we’re hearing has been very positive so far. But I expect that in the future we may see problems from companies who have taken too much of a short-cutted approach to designing security into their products, and we are really here to help them make sure that isn’t the case.

How does Matter work with the other standards that currently exist in the market?

That’s a great question because Matter is not a completely new connectivity. It’s not a new LTE version or it’s not a new connectivity option. It’s really including existing connectivity today, using WiFi, Bluetooth, and Thread which are all existing kind of connectivity standards. It’s great that it’s using what already works out there, while really focusing on the interoperability piece. And ensuring that seamless experience for consumers.

How will Matter work with legacy, non-Matter devices?

That’s part of any standard too. They’re looking to add other types of connectivity into the standard to use as well such as by WiFi 6. I think as the standard evolves, you’ll see it incorporate more and more different connectivity options as well, and companies will update their devices and gateways to be Matter compliant.

How do device creators get started on the journey of being a Matter-certified product?

With any standard the first step is to join the Alliance. That gives you access to the specifications and then you can start to look at adapting or designing your products per that specification, then getting it certified according to the processes they describe. And we’re here to help them on every step of the way if they need us.

Kudelski IoT is a full-service partner for Matter device and silicon manufacturers, offering both a Matter Certificate Authority as well as a wide range of security services and technologies that ultimately ensure a company's long-term success in the marketplace.


Matter-compliant certificate service

Kudelski IoT’s Matter Product Attestation Certificate Service enables companies to get scalable access to Device Attestation Certificates, letting them join the Matter ecosystem with confidence and ease. We can also be your strategic security partner throughout your entire product lifecycle.