Tuya model receives Matter certification

  • November 13, 2023
  • Steve Rogerson

Chinese firm Tuya Smart’s TS24-U module achieves PSA Certified Level One, helping establish a secure development environment for Matter devices.

The TS24-U is a Matter over Thread module that comprises the EFR32MG24 RF processor chip, EFR32MG24, peripherals, and a built-in 802.15.4 phy and mac Thread network protocol stack and rich library functions.

Since the Connectivity Standards Alliance (CSA) announced Matter, manufacturers and OEMs have gradually increased their interest in the production of Matter devices. In addition to assisting users in achieving cross-brand connectivity and breaking the ecosystem barriers that have bound them, creating a safer and more comprehensive Matter device should guarantee end users receive stronger security protection.

The PSA Certified programme is an independent IoT security framework and certification scheme, originally founded by Arm and six security companies and evaluation laboratories to support the large-scale deployment of secure IoT.

Achieving PSA Certified Level One means the module has achieved the certification of security from design to deployment and gained the assurance of having the necessary security measures and defence mechanisms to respond to security threats and potential risks. Developers who use the module to finish Matter over Thread device development can not only ensure Matter devices have fundamental information security capabilities, but they also improve users’ trust in the brand’s product.

“Device security has never been more important, with connected devices being used all around us from intelligent buildings to smart homes and smart cities,” said David Maidment, senior director from Arm (www.arm.com). “Building security in from the ground up is crucial and Tuya has proven their commitment to security through this PSA Certified accreditation, ensuring the next generation of Matter devices are built on secure foundations.”

As a board member of the CSA and an early participant of Matter, Tuya has the expertise and practical accumulation in security due to its ongoing commitment to IoT development. Tuya released its full-stack options for Matter in addition to offering security modules, increasing security levels in the process of Matter device development.

While Thread and wifi have the potential of offering secure connectivity and access on their own, Tuya’s full-stack options for Matter, for instance, support the development of Matter over Thread or Matter over wifi devices, enabling Matter on top of the Thread or wifi layer to enhance the security performance of the Matter device.

Moreover, developers have to submit the product details and pass the Matter product compliance certification after developing Matter devices. To complete such a procedure, the developer must either buy a device attestation certificate (DAC) from a certificate issuer recognised by the CSA or create their own certificate infrastructure and secure a CSA licence. Obtaining such authorisation takes significant resources.

Tuya (www.tuya.com) has now obtained the CSA-approved PAA qualification and finished the development of Matter PKI, which can provide developers with high-volume DAC issuance while ensuring the security of the issuance process via hardware encryption machines.

The DAC can be obtained quickly and securely through Tuya’s authentication transfer programme for those developing Matter products based on Tuya’s technology, with no changes in hardware and software, and with the same device type and functionality as the Tuya-enabled one that passed the CSA’s certification.

This not only saves investment, but also shortens the development cycle and quickly pushes the products to market.

On the other hand, end-users can trace the certificate chain of the device’s DAC certificate to determine whether the Matter device in their hands came from the manufacturer listed on the device’s packaging, quickly identify counterfeit products, avoid uncertified devices entering the user’s network, causing problems in information security and other areas, and improve the security level of Matter device management.

Furthermore, the OTA firmware and software the developer used for remote upgrading must be verified and encrypted during the maintenance and updating process and, if the software update is not certified and not in the known manufacturers and compatible software list, it will not be allowed to update to ensure the security of device maintenance and update.

Users can benefit from the triple security protection of the enabling chip, module, Matter security specification, and Tuya security specification with full-stack options for Matter, including security check, security defence and auditing of external services such as OTA upgrading.

It integrates information security and compliance components into software development and management to ensure the quality and security level of software, hardware, products and services, guaranteeing the user’s Matter devices have the technical strength and brand power.