Microchip logo
  • All
  • Products
  • Documents
  • Applications Notes

TrustFLEX LoRa® Secure Authentication with the ATECC608B Secure Element

Security with any LoRaWAN™ Join Servers

When it comes to LoRaWAN security, provisioning and storing network server and application server authentication keys are as important as they are complex due to the nature of the shared key authentication model. Because of this, you will face three main challenges when implementing secure authentication on a LoRaWAN network:

  • Protecting the symmetric keys both in the infrastructure of the network and at the end node
  • Overcoming the manufacturing logistics of securely shipping and distributing the physical symmetric keys into millions of edge nodes
  • Preventing attackers who will be taking advantage of this known security vulnerability from accessing keys and impersonating your system
Service Plan Logo - TrustFlex

To overcome these challenges, you can strengthen the authentication process by implementing hardware-based secure key storage both at the edge node and in the LoRaWAN network infrastructure. This prevents the exposure of authentication keys to software, firmware, manufacturing sites, end users and other third parties. Our ATECC608B-TFLXLORA secure elements can adapt to any join server provider for the LoRaWAN industry. These devices are pre-configured to match the join procedure necessary to connect a device to a LoRaWAN network. The ATECC608B-TFLXLORA also provides a JIL “high” rated secure key storage to isolate keys in the nodes. This is especially valuable in LoRaWAN systems that are based on a shared key security model and leverage a wide variety of traditional low-power microcontrollers. The devices will then have to be provisioned with the symmetric keys corresponding to the join server service provider, which is known as the secret exchange procedure.

The AES128 authentication keys are also hosted and protected in a managed join server. In addition to manufacturing the provisioned devices, Microchip generates a manifest file that contains the public credentials necessary to pair the secure element to the join server. Through a claim procedure available via the selected join server service provider’s web portal, the keys in the secure element are claimed and then owned by your company after the manifest file has been uploaded in that portal. This process simplifies the unsecure and hard-to-scale provisioning practices used without secure key storage. The join server is completely agnostic to the network server and/or application server providers to preserve business scalability and offer you freedom of choice in your architecture. Flexibility doesn’t stop here though. The secure element is a microcontroller-agnostic solution that adds hardware-based secure key storage to any LoRa-connected products.

Benefits of Using the TrustFLEX ATECC608B for LoRa-Based Designs:

  • Pre-configured secure elements with AES128 authentication keys
  • Leverages Microchip’s secure provisioning service
  • LoRaWAN authentication and secure boot use cases
  • Offers network- and application server-agnostic join servers
  • Works with any join servers
  • Simplifies logistics of shipping shared keys and reduces manufacturing costs
  • Provides a unique, trusted, protected and managed device identity
  • Supports rekeying between join servers and the secure element
  • Provides JIL rated “high” secure key storage
  • Includes protection against anti-tampering, side-channel attacks
  • Provides microcontroller-agnostic implementation
AWS_DeviceQualification_LogoLockup_iot_500px ATECC608B

Start Developing Your LoRa Solution

To quickly begin developing your next LoRa-connected design with secure authentication, click on the Development Tools tab at the bottom of this page.

Develop with the SAM R34 LoRa SiP and the ATECC608B-TFLXLORA for Any Join Servers

Contact our sales organization if you are interested in using a secure element with your LoRaWAN design. Please also check out our pre-provisioned devices for The Things Industries and Actility that are currently available for the Trust&GO platform.