A Starter Guide for the New Matter Smart Home Automation Protocol

Smart homes have revolutionized the way we interact with our living spaces. Connected devices that can be controlled with a voice command to Alexa or simple tap on a smartphone have made daily life more convenient. As the Internet of Things (IoT) continues to grow, the number of devices and protocols that govern them has exploded; however, with so many different devices and platforms available, it can be difficult for consumers to ensure their smart home products are compatible and secure. Matter is a new standard for smart home devices, designed to simplify the user experience, improve security, and promote interoperability among devices from different manufacturers. In this learning module, we'll take a closer look at what Matter is, how it works, and some of the development tools that are available from Nordic Semiconductor.
Related Components | Test Your Knowledge

sponsored by

2. Objectives

Upon completion of this module, you will be able to:

• Describe how Matter works, including what controllers and devices can connect to a Matter network
• Discuss the advantages of the Matter protocol
• Understand the way Matter devices connect and communicate
• Discuss how Matter supports seamless connectivity between devices, even if they are from different manufacturers
• Explain Matter’s built-in security features

3. Basic Concepts

What is the Matter protocol?

The Matter protocol is a communication protocol for smart home devices. It provides a standardized and secure method of communication between smart devices, regardless of the brand or manufacturer. The protocol was developed by the Connectivity Standards Alliance (formerly known as the Zigbee Alliance) and is based on open internet and networking standards.

Many smart home platforms, including Amazon Alexa, Apple HomeKit, and Google Home, have integrated the Matter protocol. This means that Matter-compatible devices can work seamlessly with these platforms without the need for additional bridges or hubs. It also means that users can mix and match devices from different brands and manufacturers without worrying about compatibility issues.

For transport, Matter uses Wi-Fi, Ethernet, and the Thread networking protocol, which is an IPv6-based wireless networking protocol designed for low-power devices. Thread provides a reliable and secure network for smart home devices, and it is optimized for devices with limited processing power and memory. Most mains-powered Thread devices can act as Thread Mesh Extenders (Thread routers) that expand the network's range and resilience. Thread automatically adapts to devices being added or removed from the network.

Figure 1: A Matter network using Wi-Fi and Thread

Matter supports a wide range of device types, including lights, thermostats, door locks, and more. It includes features such as end-to-end encryption and authenticated device pairing to ensure the security of the smart home network. Matter also supports Bluetooth LE for the secure commissioning of devices.

How was Matter created?

The Matter communication protocol was created through a collaborative effort between major players in the smart home industry. In December 2019, the Connectivity Standards Alliance announced its plan to create a unified smart home standard that would bring together various existing protocols and create a cohesive ecosystem. The goal was to simplify the smart home experience for consumers and reduce fragmentation in the market.

The Connectivity Standards Alliance brought together over 180 companies, including tech giants such as Apple, Google, Amazon, Samsung, and Nordic Semiconductor to form a working group. This working group began developing the new protocol, which was called "Project CHIP" (Connected Home over IP). The protocol aimed to create a secure and reliable method of communication between smart home devices, regardless of their brand or manufacturer.

In October 2022, the Connectivity Standards Alliance announced that Project CHIP had officially become Matter, and that the protocol was ready for certification. Nordic has also been actively working to ensure that its hardware platforms and software development kits (SDKs) are fully compatible with the Matter standard. In addition, Nordic has been involved in development of open-source Matter SDK, Matter interoperability testing and certification, which is an important step in ensuring that Matter devices work seamlessly with other Matter-certified devices, even if they are from different manufacturers.

What are the advantages of Matter?

There are several advantages to the Matter protocol that make it a significant step towards creating a more unified smart home ecosystem. Here are some of the key advantages:

• Interoperability: One of the main advantages of the Matter protocol is that it provides a standardized method of communication between devices from different manufacturers. Devices from different brands can be mixed and matched without worrying about compatibility issues.
• Security: Matter includes features like end-to-end encryption and authenticated device pairing to ensure the security of the smart home network. Users can be confident that their smart home devices are secure and protected from hacking and other security threats.
• Multi-admin feature: Matter includes a multi-admin feature that allows multiple user accounts to have administrative access to the same smart home ecosystem. Each person can have their own account with administrative access to the smart home ecosystem, giving each user equal control over the devices in the home, without the need for account and password sharing. Multi-admin can also be useful for households with guests, as they can be given temporary access to the smart home ecosystem without compromising the security of the overall system.
• Simplified setup: Matter is designed to be easy to set up and use. The protocol includes a simple and intuitive setup process that allows users to quickly connect their smart home devices to their network without the need for additional bridges or hubs.
• Support from major players: Matter is backed by major players in the smart home industry. This means that users can expect a wide range of devices to support the protocol and chances are high that it becomes widely adopted.
• Improved user experience: By providing a standardized method of communication between devices, Matter aims to simplify the smart home experience for consumers. Users can enjoy a more seamless and integrated smart home experience, with fewer compatibility issues and more intuitive controls.
• Backwards compatibility: Matter is designed to work with existing devices as long as they are equipped with the necessary hardware and software to support the protocol. Devices that are currently using other smart home protocols, such as Zigbee or Z-Wave, may be able to communicate with Matter devices via bridge devices.

The Matter protocol is designed to be scalable and flexible, which makes it suitable not just for use in the home, but also industrial and commercial environments. Matter can be used to create smart building systems that can help improve efficiency, reduce energy consumption, and enhance overall safety and security. The Matter protocol's focus on interoperability and ease of use makes it an attractive option for commercial and industrial settings, where there may be a variety of different devices and systems from different manufacturers in use.

The Matter controller

A Matter controller is used to pair and control the Matter accessory device remotely over a network, interacting with it using Bluetooth LE and the regular IPv6 communication. The controller can, when combined with a Thread border router in the same device, act as a central hub for a smart home ecosystem using the Matter protocol.

In a smart home ecosystem using Matter, there are multiple ways to set up a Matter controller. One option is to use a standalone device, such as a smart home hub, that is specifically designed to act as a controller. Standalone devices are equipped with the necessary hardware and software to communicate with Matter devices and manage the smart home ecosystem. A smartphone or tablet can also be used. There are several apps available that can connect to Matter controllers, allowing users to control their smart home ecosystem directly from their mobile device. The app provides a graphic user interface to communicate with Matter devices and manage their activities.

4. Analysis

How does Matter work?

The Matter protocol works by providing a standard language that smart home devices can use to communicate with each other. The language is based on open internet and networking standards, and it is designed to be interoperable with a wide range of devices and platforms.

Matter uses the Thread networking protocol, which is an IPv6-based wireless networking protocol designed for low-power devices. Thread is a decentralized mesh network architecture where all devices can communicate with each other directly, providing a reliable and secure network for smart home devices, and it is optimized for devices with limited processing power and memory.

When a new device is added to a Matter network, it goes through a simple setup process, allowing it to connect to the network and begin communicating with other devices. The setup process includes authenticated device pairing, which ensures that only authorized devices can join the network.

Once a device is connected to the Matter network, it can communicate with other devices using the Matter data model, a standard language used by smart home devices to communicate with each other. The Matter data model is designed to be interoperable with a wide range of platforms. Devices from different manufacturers are able to communicate with each other seamlessly, without the need for additional bridges or hubs.

The Matter data model includes a set of common commands and data formats that devices can use to exchange information. For example, a light bulb that supports the Matter protocol might use the language to send commands to turn on or off, adjust brightness, or change colors. A thermostat might use the language to report temperature readings, set heating and cooling schedules, or adjust temperature settings.

Matter also includes features like end-to-end encryption to ensure the security of the smart home network. This means that all communication between devices is encrypted and protected from hacking and other security threats.

Messaging between Matter devices

Interaction between Matter devices is defined by the Interaction Model layer. The initiator, typically a client device, is the node that initiates the interaction, while the target, typically a server device, is the node that is the recipient of the interaction. The Interaction Model comprises the following interaction types:

Read: The read action is used to retrieve the values of attributes or events. For example, a Matter controller might read the LockType attribute of a door lock device to display the correct icon to the user.

Write: The write interaction is used to modify attribute values. In the door lock example, a Matter controller might update the OperatingMode attribute of the device to put the lock in privacy mode.

Invoke: The invoke interaction is used to send commands. With a door lock device, a Matter controller can invoke the UnlockDoor command to unlock the door.

Subscribe: The subscribe interaction allows a device to receive data from a target device periodically, rather than having to poll for the data each time. In the door lock example, a Matter controller can subscribe to the LockState attribute of the device in order to be notified when the door is unlocked by another user.

Security features

One of the most important aspects of the Matter protocol is security, as it is designed to enable the seamless interoperability of smart home devices across a wide range of manufacturers and technologies, while ensuring that the data transmitted between these devices is protected from unauthorized access.

End-to-end Encryption

One of the key security features of the Matter protocol is end-to-end encryption. This means that all messages sent between devices are encrypted before transmission, and can only be decrypted by the intended recipient. This helps to ensure that sensitive data, such as passwords or other personal information, is protected from interception by unauthorized parties.

The Matter protocol uses AES-CCM encryption with 128-bit keys for end-to-end encryption of messages sent between devices. This encryption algorithm is a widely recognized and secure method of encrypting data, which provides strong protection against unauthorized access and interception. AES-CCM encryption is a combination of two algorithms: the Advanced Encryption Standard (AES) and the Counter with CBC-MAC (CCM) mode of operation. The AES algorithm is used to encrypt the data, while the CCM mode is used to ensure data integrity and authentication. This combination of encryption and authentication ensures that only authorized devices can access the data and that the data has not been tampered with during transmission.

To establish and maintain secure connections between devices, Matter uses a public key infrastructure (PKI). Certificates play a critical role in the Matter PKI, as they are used to authenticate devices and encrypt data transmissions. Each Matter device is assigned a unique certificate that includes a public key and identifying information, such as the device's name, model number, and manufacturer. These certificates are signed by a trusted certificate authority (CA) that is responsible for verifying the identity of the device and ensuring that it is authorized to participate in the network. When two devices on a Matter network need to establish a secure connection, they first exchange certificates to verify each other's identities. Once the certificates have been verified, the devices use their respective public keys to establish a shared secret key that is used to encrypt all data transmissions between the devices.

To ensure the security and integrity of the PKI, Matter uses a hierarchical trust model. At the top of the hierarchy is the Matter Root CA, which is responsible for issuing certificates to intermediate CAs, which in turn issue certificates to individual devices. This hierarchical trust model helps to prevent attacks such as man-in-the-middle attacks, as each device must be able to verify the authenticity of the CA that issued its certificate.

Matter Network Commissioning

When a new device joins a Matter network, it follows a commissioning procedure, which starts with the controller receiving onboarding information from the device. This onboarding data includes the 16-bit Vendor or Product ID, 12-bit device discriminator, 27-bit setup passcode, and 8-bit Discovery Capabilities Passcode. The onboarding data can be included on-device and/or in the packaging, and can be encoded as a Manual Paring Code (required), QR Code, or QR Code Payload. The commissioning procedure comprises these steps:

Device discovery: New devices advertise their presence to the controller through the following methods: Bluetooth LE, DNS-SD, or Wi-Fi Access Point (planned for future releases).  The advertisement priority is provided in the device’s onboarding data.

Security setup: The first session between devices is established using the Passcode-Authenticated Session Establishment (PASE) protocol, which is exclusive to the commissioning process.

Establish fail-safe: The new device backs up its original configuration. This is also used as a timer that sets a limit for the entire commissioning process.

Preliminary node configuration: The controller reads the Basic Information Cluster of the new device, and configures the device with regulatory information, including location and current UTC time.

Certificate verification: The controller checks whether the new device is Matter-certified. If the validity and ownership of the Matter Device Attestation elements cannot be proven, the verification fails.

Install operational credentials: The controller installs the Node Operation Certificate (NOC) and Operation ID on the new device, making it the new node on the Matter fabric.

Network commissioning: The controller provisions the new node with operational network credentials, either Wi-Fi or Thread, and requests that it connect to the network.

Operational discovery: The controller discovers that new node on the operational network using DNS-SD.

Security setup with CASE: Secure communication is established using the Certificate-Authenticated Session Establishment (CASE) protocol, which handles the exchange of NOCs to set up a session that is secured with a new pair of keys.

Disarm fail-safe: The new device removes the configuration backup, which also stops the fail-safe timer.

After this commissioning process, the new device is connected the network and can start sending and receiving AES-encrypted messages. The device will now have the following information configured: new instance name, new NOC, new private key for the NOC, new Access Control List, and information about the operational network.

Access Control

The Matter protocol also includes a robust access control system, which allows users to control which devices have access to their network and what actions these devices are allowed to perform. This lets users set up complex access policies and ensure that their network is only accessible by trusted devices. The access control system in the Matter protocol comprises these steps:

• Each device is assigned a unique identifier when it is added to the network. This identifier is used to authenticate the device when it sends or receives messages.
• The network administrator assigns different roles to each device based on its function and level of access to the network. A door lock might be assigned the role of "security device," while a thermostat might be assigned the role of "climate control device."
• Each role is associated with a set of permissions that determine what actions the device is allowed to perform. A security device would be allowed to lock and unlock doors, while a climate control device would be allowed to adjust the temperature in a room.
• Users are assigned roles and permissions based on their level of access to the network. A network administrator would have full access to all devices and functions, while a guest user would only be allowed to control certain devices or access certain functions.
• Access to the network is controlled through the use of secure credentials, such as passwords or security tokens. Devices and users must authenticate themselves with these credentials before they are allowed to access the network or perform any actions.
• All access attempts are logged and monitored to ensure that only authorized devices and users are able to access the network. If an unauthorized access attempt is detected, the network can take action and block the device or user from accessing the network.

5. Matter Development with Nordic

The nRF5340 DK and nRF7002 are two components from Nordic Semiconductor that can be used to create devices that are compatible with the Matter protocol. The nRF5340 DK can be used to create applications supporting Matter over Thread, while the nRF7002 adds Matter over Wi-Fi connectivity. The nRF5340 DK and nRF7002 work together seamlessly, allowing developers to easily add Matter connectivity to their designs.

The Nordic Semiconductor nRF5340 DK is a development kit designed to help developers build IoT applications using the nRF5340 system-on-chip (SoC). Multiple protocols are supported, including Bluetooth Low Energy (BLE), Zigbee, Thread, and now Matter. The nRF5340 SoC is a dual-core chip that includes both an Arm Cortex-M33 application processor and an Arm Cortex-M33 network processor.

The nRF5340 DK includes an integrated antenna and I/O interfaces to facilitate hardware development. Additionally, it is supported by software development tools such as Nordic's nRF Connect SDK, which includes software libraries and examples for Matter, Zigbee, and Thread protocols.

Nordic Semiconductor's nRF7002 seamlessly adds Wi-Fi 6 connectivity to the nRF5340 SoC. It is a low-power wireless solution that supports the 2.4 GHz and 5 GHz frequency bands, and supports all wireless protocols used in Matter. The nRF7002 is designed to be used in small, battery-powered devices that require a low-power, secure wireless connection, and can be easily integrated into a wide range of devices, including light bulbs, switches, and sensors.

Nordic nRF Connect SDK

Nordic's nRF Connect SDK (Software Development Kit) provides developers with the tools needed to create firmware for Nordic's line of wireless System-on-Chips (SoCs), including those that support Matter. The SDK includes various APIs, libraries, and tools to help developers quickly implement their applications and integrate them with the Matter protocol. The SDK also includes examples of various applications that developers can build upon for their own projects. The example code is also available on GitHub.

Additionally, the SDK includes support for Bluetooth, Thread and Wi-Fi qualified/certified stacks, as well as security features required by Matter, such as Transport Layer Security (TLS) and Thread Network Encryption (TNE). Nordic's security implementation is based on the industry-standard mbedTLS library, which provides a robust, open-source implementation of TLS and other cryptographic protocols.

6. Glossary

• Application Programming Interface (API): a set of protocols, routines, and tools that enable different software applications to communicate with each other.
• Certificate: a digital document used to verify the identity of an entity, such as a website or a device. A certificate contains information that is used to establish trust and secure communication between different parties over a network.
• Encryption: the process of converting plain text or data into a coded language to secure it from unauthorized access or interception.
• Internet of Things (IoT): a category of physical devices, vehicles, appliances, and other objects that are embedded with sensors, software, and connectivity, enabling them to exchange data and communicate with each other.
• IPv6: a protocol for assigning unique IP addresses to devices on the internet to support the growing number of connected devices.
• Private key: a secret cryptographic key that is used in conjunction with a public key to encrypt and decrypt messages, verify digital signatures, and establish secure communication between two parties over a network.
• Public key: a cryptographic key that is widely disseminated and used to encrypt messages or verify digital signatures, allowing anyone to send encrypted messages or verify the authenticity of messages sent by the owner of the corresponding private key.
• Seamless communication: uninterrupted communication capabilities, even when roaming between different networks. In the Matter protocol, this refers to communication between devices, even if they are from different manufacturers.
• Smart home: a home equipped with internet-connected devices and appliances, such as lighting, heating, security systems, entertainment systems, and other household appliances that can be controlled remotely to enhance convenience, comfort, and energy efficiency.
• Software Development Kit (SDK): a set of software development tools that enable developers to create applications for a specific software platform, operating system, or hardware device.
• Thread: a low-power wireless networking protocol designed for IoT devices, providing a reliable and secure mesh network using existing network infrastructure and IPv6 addressing.
• Z-Wave: a wireless communication protocol designed for home automation and IoT devices, that uses low-power radio waves to enable devices to communicate with each other and a central controller. Z-Wave operates at 908 MHz.
• Zigbee: a wireless communication protocol for IoT devices that operates on low-power radio frequency. Zigbee operates at 2.4 GHz and is incompatible with Z-Wave. For more information, check out the Essentials of Zigbee.

*Trademark. Nordic Semiconductor is a trademark of Nordic Semiconductor Inc. Other logos, product and/or company names may be trademarks of their respective owners.

Nordic Semiconductor designs and manufactures wireless communication devices and solutions, with a focus on ultra-low power wireless systems-on-chips (SoCs). Nordic's product line includes the nRF series of wireless SoCs and development kits, as well as software tools like the nRF Connect SDK that facilitate the development of wireless applications.

nRF5340 Development Kit for the IoT

Buy Now

nRF5340- System on a Chip (SoC)

Buy Now

nRF7002- Wi-Fi 6 Companion IC

Buy Now

nRF7002 DK - nRF7002 Development Kit

Buy Now

Test Your Knowledge

Wireless Protocol 7

Complete our Essentials: Sensors 7 course, take the quiz, and leave your feedback to earn this badge.

Are you ready to demonstrate your Matter Protocol essentials knowledge? Then take a quick 10-question multiple choice quiz to see how much you've learned from this module.

To earn the Essentials Wireless Protocol 7 Badge, read through the learning module, attain 100% in the quiz at the bottom, and leave us some feedback in the comments section below.