End-to-end LoRa security is compatible with any LoRaWAN
Microchip Technology has partnered with The Things Industries to develop what is believed to be the first end-to-end security solution that adds secure, trusted and managed authentication to LoRaWAN devices around the world.
It uses hardware-based security from the radio-agnostic ATECC608A-MAHTN-T CryptoAuthentication microcontroller, with The Things Industries’ managed servers and Microchip’s secure provisioning service.
Security remains a weak spot for the LoRa ecosystem with vulnerabilities that leave the network and application server keys accessible in the memory of modules and microcontrollers that are paired with a LoRaWAN stack. If keys are accessed in a LoRaWAN device, a hacker can impersonate it and authorise fraudulent transactions. This collaboration is claimed to “significantly” simplify provisioning LoRaWAN devices and to address the inherent logistical challenges that come with managing LoRaWAN authentication keys from inception and throughout a device’s lifetime.
Traditionally, network and application server keys are unprotected in the edge node, and unmonitored, as LoRaWAN devices pass through various supply chain steps and are installed in the field. The Common Criteria Joint Interpretation Library (JIL) ATECC608A is pre-configured with secure key storage to isolate a device’s LoRaWAN secret keys from the system. Sensitive keys are never exposed throughout the supply chain nor when the device is deployed, explains Microchip. The company adds that its secure manufacturing facilities safely provision keys, eliminating the risk of exposure during manufacturing. Combined with The Things Industries’ agnostic secure join server service to the LoRaWAN network and application server providers, the solution decreases the risk of device identity corruption by establishing a trusted authentication when a device connects to a network.
Each purchase of an ATECC608A-MAHTN-T device comes with one year of managed LoRaWAN join server service through The Things Industries. Once a device identifies itself to join a LoRaWAN network, the network contacts The Things Industries join server to verify that the identity comes from a trusted device and not a fraudulent one. The temporary session keys are then sent securely to the network server and application server of choice. The Things Industries’ join server supports any LoRaWAN network, from commercially operated networks to private networks built on open-source components. After the one-year period, there is the option to extend the service.
Microchip and The Things Industries have also partnered to make the onboarding process of LoRaWAN devices seamless and secure. LoRaWAN device identities are claimed by The Things Industries’ join server with minimal intervention, relieving developers from needing expertise in security. Customers can choose any LoRaWAN network and also migrate to any other LoRaWAN join server by re-keying the device.
The ATECC608A can be paired with any MCU and LoRa radio. Developers can deploy secure LoRaWAN devices by combining the ATECC608A with the SAM L21 MCU, supported by the Arm Mbed OS LoRaWAN stack, or the SAM R34 system-in-package (SiP) with Microchip’s LoRaWAN stack.
For rapid prototyping, designers can use the CryptoAuthoXPRO socket board and The Things Industries provisioned parts in samples with the SAM L21 Xplained Pro (atsamd21-xpro) or SAM R34 Xplained Pro (DM320111).
