Microchip logo
  • All
  • Products
  • Documents
  • Applications Notes

Trust&GO LoRa® Secure Authentication with the ATECC608A Secure Element

Security with LoRaWAN™ Join Servers

When it comes to LoRa security, provisioning and storing network server and application server keys is as important as it is complex due to the nature of the shared key authentication model. Because of this, you will face three main challenges when implementing secure authentication on a LoRaWAN network:

  • Protecting the symmetric keys both in the network backend and at the edge node
  • Overcoming the manufacturing logistics of securely shipping and distributing the physical keys into millions of edge nodes
  • Preventing attackers who will be taking advantage of this known security weakness from accessing keys and exploiting your system

To overcome these challenges, you can strengthen the authentication process by implementing a secure hardened key storage both at the node and in the LoRaWAN backend. This prevents the exposure of authentication keys to software, firmware, manufacturing sites, end users and other third parties. Our secure elements—ATECC608A-TNGLORA for The Things Industries (TTI) and ATECC608A-TNGACT for Actility—are pre-provisioned with the corresponding authentication keys and provide a JIL “high” rated secure key storage to isolate keys in the nodes. This is especially valuable in LoRa systems that are based on a shared key security model and leverage a wide variety of traditional low-power microcontrollers.

To make adding secure elements to your design easier, the devices are paired with the join server services of either The Things Industries (TTI) or Actility for turnkey secure authentication. The corresponding AES128 authentication keys are also hosted and protected in their managed join servers. Through a claim procedure available via TTI’s or Actility’s web portal, the protected keys in the secure element are claimed and then owned by the company. This process simplifies the cumbersome and unsecure provisioning practice used without secure key storage. The join server is completely agnostic to the network server and/or application server providers to preserve business scalability, offering you freedom of choice in your architecture. Flexibility doesn’t stop here though. The secure element is a microcontroller-agnostic solution that adds hardware secure key storage to any LoRa-connected products.

Benefits of Using the Trust&GO ATECC608A for LoRa-Based Designs:

  • Pre-provisioned secure elements with authentication AES128 keys
  • Leverages Microchip’s secure provisioning service
  • Features pre-configured authentication and secure boot
  • Offers network- and application server-agnostic join servers
  • Works with both TTI and Actility
  • Simplifies logistics of shipping shared keys and reduces manufacturing costs
  • Provides a unique, trusted, protected and managed device identity
  • Is supported by Microchip and Arm® LoRaWAN stacks
  • Supports rekeying between join servers and the secure element
  • Provides JIL rated “high” secure key storage
  • Includes protection against anti-tampering, side-channel attacks
  • Provides microcontroller-agnostic implementation
AWS_DeviceQualification_LogoLockup_iot_500px ATECC608A

Start Developing Your LoRa Solution with Three Hardware Options

To quickly begin developing your next LoRa-connected design with secure authentication, choose one of the following options and the steps for each will guide you through the process of selecting the hardware and setting up your join server account.

Develop with the SAM R34 LoRa SiP and Microchip LoRaWAN stack on TTI join servers

Develop with the SAM L21 MCU and discrete Semtech Radio and Arm mBed™ OS LoRaWAN stack on TTI join servers

Develop with the SAM R34 LoRa SiP and Microchip LoRaWAN stack on Actility join servers