Security Analysis of the Matter Protocol

Erstveröffentlichung
2023-06-06Authors
Loos, Melissa
Advisor
Ehret, HeikoKleber, Stephan
Referee
Kargl, FrankHauck, Franz
Abschlussarbeit (Master; Diplom)
Faculties
Fakultät für Ingenieurwissenschaften, Informatik und PsychologieInstitutions
Institut für Verteilte SystemeAbstract
This thesis focuses on evaluating the security of the recently released home automation standard Matter, which is intended to improve the security and interoperability of smart home devices. The goal of this work was to analyze the security implications that can be derived from the specification of Matter, and to determine whether the Matter standard fulfills the promises made regarding its security. Our analysis was done by creating a threat model and performing a manual vulnerability analysis, where we focused on determining the attack surface and potential vulnerabilities, dangerous deviations that could be made by vendors, and by providing concise examples of possible implementations that could reduce the overall security of Matter in the field. In addition, we added a test catalog and Tamarin models of Matter’s PAKE, SIGMA exchange during the CASE as well as plain SPAKE2+ for future use in symbolic verification. We were able to show that Matter is able to mostly fulfill its claims, explain where Matter deviates from its promises, and provide recommendations on how to further increase Matter’s security. Our work also identifies weaknesses in the specification for which we expect future revisions of the specification to add additional mandatory requirements to address them. With this work, we aim to help security researchers, device manufacturers, and specification developers in gaining a comprehensive picture of Matter’s security model, and ultimately contribute to overall security and privacy.
Date created
2023
Subject headings
[GND]: Internet der Dinge | Sicherheit | Materie | Spezifikation | Eingebettetes System[LCSH]: Internet of things | Matter | Embedded computer systems | Home automation
[Free subject headings]: iot | security | specification | protocol | connectivity standards alliance | csa | schutzwerk | it | embedded | smart home | standard
[DDC subject group]: DDC 000 / Computer science, information & general works | DDC 620 / Engineering & allied operations
Metadata
Show full item recordDOI & citation
Please use this identifier to cite or link to this item: http://dx.doi.org/10.18725/OPARU-48934
Loos, Melissa (2023): Security Analysis of the Matter Protocol. Open Access Repositorium der Universität Ulm und Technischen Hochschule Ulm. http://dx.doi.org/10.18725/OPARU-48934
Citation formatter >