Continue to Site

Microcontroller Tips

Microcontroller engineering resources, new microcontroller products and electronics engineering news

LoRaWAN security design tips, Part 2: Taking the integrated approach

By

Part 1 of this two-part series on security design discussed using a stand-alone security chip. Here in Part 2, we’ll cover solutions that use an integrated chip and module, combining security and microcontroller (MCU) functions in a single chip.

Integrated chip

Cypress’ PSoC 6 MCU single-chip, dual-core architecture comprises the Arm Cortex-M4  and the Arm Cortex-M0+. Based on 40nm technology, the chip draws 22 microamps per Megahertz (M4) and 15 microamps per Megahertz (M0+). The security functions such as authentication are built-in. Additional security is implemented with hardware isolation using memory and peripheral protection.

As with a submarine, when one compartment is damaged with water rushing in, another compartment can be sealed off to keep the water out.  Similarly, hardware isolation within the PSoC 6 MCU  prevents malware from spreading, even when one segment is successfully attacked. (Figure 1).

LoRaWAN security design
Figure 1: The Cypress’ PSoC 6 MCU architecture provides hardware isolation to protect malware attack from spreading. (Source: Cypress)

Modular approach

Designing digital circuitry is one thing. Working with RF signals is an entirely different challenge. That is why some OEMs or developers prefer taking a modular route. OneThinx has integrated the Cypress PSoC 6 and the Semtech radio chip on one module. Measuring 24.5 x 20 x 2.4 mm, the Onethinx Core LoRaWAN™ Module has been pre-certified by the LoRa Alliance. When the module is incorporated into a final system, the OEM or integrator is not required to go through the LoRa Alliance certification process again. This potentially saves time and resources. (Figure 2).

Figure 2: Measuring 24.5 x 20 x 2.4 mm, the Onethinx Core LoRaWAN Module has been pre-certified by the LoRa Alliance. (Source: OneThinx)

Implementing the Cypress’ PSoC 6 protects the root keys in the following manner.

  • The Cypress chip provides a mechanism to securely transfer the root keys from the key management system (KMS) to the device at manufacturing time (for example by using a TLS communication channel between the KMS and the end-device). TLS refers to transport layer security, a protocol that protects communications between client/server applications.

2)   The Cypress chip securely isolates the LoRaWAN stack, which has access to the keys, from the user code, which may potentially contain paths to exploit the root keys.

Figure 3: The Cypress PSoC 6-based module will perform all the security functions including the over-the-air activation (OTAA). (Source: OneThinx)

As shown in Figure 3, the Cypress PSoC 6-based module will perform all the security functions including the over-the-air activation (OTAA) and securely perform the authentication through the gateways and network servers and then to the join servers. The join server will finish the key provisioning tasks.

Conclusions

Part 1 and Part 2 of this series survey two different approaches to security. With one approach, the use of a stand-alone security chip gives designers more flexibility, in that individual MCUs can be selected from STMicroelectronics, NXP, Renesas or others. On the other hand, with the modular approach, many design decisions and integration choices have been determined, which shortens development and test time with proven results. Additionally, with the LoRa Alliance pre-certified module, developers can avoid going through a potentially lengthy certification process.

You may also like:

Copyright © 2023 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy