LoRa® Secure Authentication with the ATECC608A Secure Element

This solution is archived and will no longer be updated. We recommend that you use the TrustFLEX ATECC608B-TNGLORA for LoRa instead.

When it comes to LoRa® security, provisioning and storing network server and application server keys is as important as it is complex. Because of this, it is also a known security weakness that attackers may try to use to exploit your system by accessing these keys. This can be avoided by implementing a secure hardened key storage both at the node and in the LoRaWAN™ backend which will strengthen the authentication process by removing exposure of authentication keys to software, firmware, manufacturing sites, end users and other third parties. Microchip’s ATECC608A-MAHTN secure element provides a JIL “high” rated secure key storage to isolate keys in the nodes. This is especially valuable in LoRa systems which are based on a shared key security model and leverage a wide variety of traditional low-power microcontrollers.

The Things Industries’ join server service architecture makes securing LoRaWAN connections both easy and portable. This service is network server agnostic, application server agnostic and gives you the ability to protect your connection from anywhere, at any time. Similar to how a data plan works for a mobile device, each purchase of a Microchip ATECC608A-MAHTN secure element device comes with one year of managed LoRaWAN join service through The Things Industries. Once a device identifies itself to join a LoRaWAN network, the network contacts The Things Industries join server to verify that the identity comes from a trusted device and not a fraudulent one. The derived session keys are then sent securely to your network server and application server of choice. The Things Industries join server supports any LoRaWAN network, from commercially-operated networks to private networks built on open source components. After the one-year period ends, The Things Industries provides the option to extend this service.

Microchip and The Things Industries have also partnered to make the onboarding process of LoRaWAN devices seamless and secure. LoRaWAN device identities are claimed by The Things Industries Join Server with minimal intervention, removing the need for developers to have expertise in security. Customers can not only choose any LoRaWAN network, they can also migrate to any other LoRaWAN join server by rekeying the device. This means no vendor lock-in and full control over where and how the device keys are stored.

All ATECC608-MAHTN-T secure elements provide:

• An already defined and configured memory zone within the secure element with all the agreed policies necessary to work with the TTI join server and respect the LoRaWan authentication protocol. More precisely, the ATECC608A-MAHTN is configured for authentication, re-keying and secure boot use cases. 
• Built-in provisioning for the network key and application keys. Both of these authentication keys will be used to connect to the network and application LoRa server of choice. The Things Industry does offer such services, but their join server is agnostic of those layers.

The ATECC608a-MAHTN-T is a secure element which comes with one year of complimentary access to The Thing Industries’ join server. Once the first year elapses, you can work directly with TTI to manage the cost and maintenance of connection to the join server separately.

Without a simplified onboarding process, such as the one provided by Microchip and The Things Industries, the procedure to provision the authentication keys is not only complex but also unsecure. The handling of AES keys is particularly sensitive as the developers will need to be well aware of the security risks associated to the deployment and management of a shared key model not only in the hardware but across all the stacks of the LoRa network including cloud back-end architecture and all of that from prototyping to production at a global scale.

During prototyping and development phases, the first complexity is in the choice of selecting a technology provider in the segmented LoRa industry. Now, security is recognized as a gap and needs to be added which greatly increases the complexity of a design. Examples of the questions you’ll now need to answer are: What is the starting point to securely provision authentication keys in secured storage? How will you to develop, deploy and manage a join server on the LoRaWAN? How will you make sure the keys of the join server and the ones in the edge node match? How will you avoid the keys leaking throughout the whole process? How will you distribute shared keys securely? Where should you start?

During production, assuming the previous questions have been answered and designed in, the question becomes this: how will you handle millions of shared keys in a secured environment between a join server provider, the site where keys are provisioned and how they are exposed through the complete supply chain (semiconductor, distribution partner, design house, ODM to finally arrive to the OEM)?

Microchip and TTI have taken all of those constraints into account to simplify the onboarding and logistics. This bundled solution provides simple-to-use yet robust security foundations for LoRa products. The process can be simplified to: 

1. Purchase the ATECC608a-MAHTN-T secure element
2. Open a TTI account and activate the join server 
3. Claim the batch of ATECC608a-MAHTN-T secure elements to your TTI join server
4. Start coding your application, without the design burden of securing your authentication

Security is often mistaken as just encryption. While encryption is an important element of security, encryption alone doesn’t solve all security needs. Encrypting and storing a key in a standard memory does not mean that a system is secure since firmware and software bugs are a natural part of coding and will always exist. In addition, there is another considerable attack surface to consider during the manufacturing process where keys and other cryptographic assets can be severely exposed to employees and equipment. All these backdoors are attack surfaces which can be exploited to spoof a key and inflict malicious actions on a device or system.

The usage an ATECC608A secure element combined with Microchip’s provisioning service will help to isolate your keys from software, firmware, manufacturing, third-party companies and users. It also simplifies and reduces the cost and complexity of your supply chain by leveraging Microchip’s provisioning service.

The secure element is equipped with active anti-tampering protections as well as side-attack channel protections. All of the cryptographic functions involved with the key are in the same secure boundary as the secure element. This architecture can be used with any microprocessor or microcontroller to reduce backdoors to keys at a very affordable cost for a high grade of security. The ATECC608A secure element has been rated JIL “High” demonstrating its high robustness in protecting keys.

To quickly begin developing your next LoRa-connected design with secure authentication, follow the steps below which include hardware recommendations as well as resources from The Things Industries.