• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Microcontroller Tips

Microcontroller engineering resources, new microcontroller products and electronics engineering news

  • Products
    • 8-bit
    • 16-bit
    • 32-bit
    • 64-bit
  • Applications
    • 5G
    • Automotive
    • Connectivity
    • Consumer Electronics
    • EV Engineering
    • Industrial
    • IoT
    • Medical
    • Security
    • Telecommunications
    • Wearables
    • Wireless
  • Learn
    • eBooks / Tech Tips
    • EE Training Days
    • FAQs
    • Learning Center
    • Tech Toolboxes
    • Webinars/Digital Events
  • Resources
    • Design Guide Library
    • DesignFast
    • LEAP Awards
    • Podcasts
    • White Papers
  • Videos
    • EE Videos & Interviews
    • Teardown Videos
  • EE Forums
    • EDABoard.com
    • Electro-Tech-Online.com
  • Engineering Training Days
  • Advertise
  • Subscribe

LoRaWAN security design tips: Designing with a stand-alone security chip

March 26, 2019 By John Koon Leave a Comment

With the growth of the Internet of Things, cyber attacks are increasing at an alarming rate (Figure 1). Key provisioning, a process of key generation and device authentication, is a critical part of establishing security. Whoever holds the key will be able to access the payloads, i.e. the valuable data stored in the application server(s). While the LoRaWAN specification defines the process of key provisioning, it is up to developers to ensure that the key provisioning steps are securely carried out.

During the manufacturing process, the end devices are assigned two root keys as specified by the LoRaWAN specification v1.1 (NwkKey and AppKey ). When the end devices attempt to connect with the application server via the network server, by sending the root key related information over, there’s no guarantee that this process is secure. In some cases, the information is just written down by the contract manufacturer’s employees on a piece of paper. The real risk is that if a hacker gets ahold of the root key by either copying or re-keying, the system security will be compromised.

stand-alone security chip
Figure 1: Cyber attacks are increasing at an alarming rate. (Image source: Microchip)

A security chip comes to the rescue

Last February, Microchip Technology introduced a single-chip (ATECC608A) solution where a separately downloaded, one-of-a-kind code is paired with a chip that has a unique ID. The security chip is an 8-pin, low-power IC which draws 150nA in sleep mode. As shown in Figure 2, ATECC608A is assigned a unique ID when it is shipped to the customer/manufacturer. Additionally, a manifest file can be downloaded by the customer. To further increase security, the customer obtains the chip and the manifest file via different channels.

Figure 2: The authentication process using stand-alone security and third-party Join Server. (Image source: Microchip).

How does the authentication process work?

As shown in Figure 2, there are multiple steps involved. Step 1 is self-explanatory. Steps 2 and 3 show the two important components that the customer will obtain to achieve security; the chip and the manifest file, as explained earlier. Step 3 is the most important. At this point, the customer will upload the manifest file information to the Join Server. (See footnote 1). In this case, the Join Server is supported by a third party, The Things Industries (TTI). Note that the manifest file contains all the needed information, including the unique ID of the device. Prior to this step, TTI has already received the chip information from Microchip. Any information uploaded by the customer can be verified by TTI. Once verified, true authentication is complete, as shown in Step 4.

What if the chip is stolen?

There’s always the possibility that the chip could be stolen and fake devices built. However, TTI has the chip identity on record, so if a manifest file is missing or a fake ID is created, the authentication will fail and the request to join will be rejected.

Using the combination of a security IC chip and a manifest file protects the true identity of the end device. The four-step process allows the customers/users to achieve a high level of security. Even if the security IC chip is stolen, hackers still cannot connect with the application server or join server to steal data. Finally, one other advantage of using the manifest file is its scalability. Tens of thousands of security ID’s can be efficiently uploaded to the join servers all at once. 

Footnote 1: The LoRaWAN specification calls out the application, network, and join servers. The network server is operated by the network provider. The application is operated by the end user. Alternately, the end user may choose not to own but to lease the application server from the network provider. Finally, the join server is typically operated by a third party independent of the network provider to increase security. In this case, the network provider will not have access to the security keys.

You may also like:

  • LoRaWAN security design
    LoRaWAN security design tips, Part 2: Taking the integrated approach
  • LoRaWAN cybersecurity
    Cybersecurity basics: Authentication and “key” management in LoRaWAN, Part 2

  • Cybersecurity basics: Server and end device relationship to LoRaWAN network,…

  • Secure provisioning service builds-in security from inception to life of…

Filed Under: 8-bit, Applications, FAQ, Featured, microcontroller, Products, Security Tagged With: basics, FAQ, microchiptechnologyinc, thethingsindustries

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Featured Contributions

Five challenges for developing next-generation ADAS and autonomous vehicles

Securing IoT devices against quantum computing risks

RISC-V implementation strategies for certification of safety-critical systems

What’s new with Matter: how Matter 1.4 is reshaping interoperability and energy management

Edge AI: Revolutionizing real-time data processing and automation

More Featured Contributions

EE TECH TOOLBOX

“ee
Tech Toolbox: 5G Technology
This Tech Toolbox covers the basics of 5G technology plus a story about how engineers designed and built a prototype DSL router mostly from old cellphone parts. Download this first 5G/wired/wireless communications Tech Toolbox to learn more!

EE Learning Center

EE Learning Center

EE ENGINEERING TRAINING DAYS

engineering
“bills
“microcontroller
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, tools and strategies for EE professionals.

DesignFast

Design Fast Logo
Component Selection Made Simple.

Try it Today
design fast globle

Footer

Microcontroller Tips

EE World Online Network

  • 5G Technology World
  • EE World Online
  • Engineers Garage
  • Analog IC Tips
  • Battery Power Tips
  • Connector Tips
  • DesignFast
  • EDA Board Forums
  • Electro Tech Online Forums
  • EV Engineering
  • Power Electronic Tips
  • Sensor Tips
  • Test and Measurement Tips

Microcontroller Tips

  • Subscribe to our newsletter
  • Advertise with us
  • Contact us
  • About us

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy