LoRa® security solutions

LoRa® security solution provides secure key configuration for Microchip and The Things Industries, The CryptoAuthentication™ appliance and hosted LoRa Join server enable developers to deploy securely connected applications on the LoRaWAN™ network.

Amsterdam, Netherlands, January 31, 2019 -- As the LORA® (Long Distance) technology ecosystem accelerates, security remains an area of improvement in the market due to the network and application server Key Vulnerability (MCU) paired with the LoRaWAN™ stack that is left behind by memory access to modules and microcontrollers.If the key is accessed in a LoRaWAN device, hackers can impersonate it and authorize fraudulent transactions, which can result in scalable attacks while service revenue, recovery costs and brand equity are substantially reduced. Microchip Technology Inc. and partner Things Industries today announced the launch of a suite of security solutions to add secure, trusted and managed authentication to LoRaWAN devices. The solution brings hardware-based security to the LoRa ecosystem, Combine The MCU and radio-independent ATECC608A-MAHTN-T CryptoAuthentication device with The Things Industries' hosted join server and Microchip's security configuration services.

The joint solution simplifies the configuration of LoRaWAN devices, addressing the logistical challenges of managing LoRaWAN authentication keys from device inception through device management. Traditionally, network and application server keys are not protected in edge nodes and are not monitored, and LoRaWAN devices go through various supply chain steps and are installed on-site. The Common Standard Joint Interpretation Library (JIL) Advanced ATECC608A is pre-configured with a secure key store that keeps the device's LoRaWAN key isolated from the system so that sensitive keys are not exposed throughout the supply chain or when the device is present. Deploying Microchip's secure manufacturing facility provides the keys securely, eliminating the risk of exposure during manufacturing.

Similar to how prepaid data plans apply to mobile devices, each purchase of an ATECC608A-MAHTN-T device requires a year of hosted LoRaWAN join server service through The Things Industries. Once a device identifies itself as a member of The LoRaWAN network, the network contacts The Things Industries to join the server to verify that the identity is from a trusted device and not a fraudulent one. The temporary session key is then securely sent to the selected network server and application server. Joining servers at Things Industries support any LoRaWAN network, from commercially operated networks to private networks based on open source components.

Developers can do this by combining the ATECC608A with SAM L21 MCU, deploying a secure LoRaWAN device ®Mbed™ OS LoRaWAN stack supported by ARM, or the recently launched SAM R34 system-level package with Microchip's LoRaWAN stack.For rapid prototyping, Designers can ained SAM L21 Xplained Pro (atsamd21-xpro) or SAM R34 Xplained Pro (DM320111) in a sample using a CryptoAuthoXPRO socket board and The Things that ained Pro Industries configures components.