The Things Industries launches a Global Join Server to push secure LoRaWAN provisioning practices

The Things Industries provides a service that helps you adopt the right security practices for LoRaWAN deployments, independent of what LoRaWAN Network Server operator you use.

Every technology is just a tool that can be used in good ways and in bad ways. LoRaWAN is nothing different. When looking at IoT security it is sometimes easy to take short cuts, some of these short cuts are:

• Re-use of keys
• Easy to guess keys
• Keys exposed in mail, print or a sticker on the sensor
• Not storing the keys on the device properly
• In secure hand-over when the devices are passed along the different actors in the value chain. From device maker to distributors to systems integrator to end customer.

We have created a service that allows you to implement security practices in a scalable and cost effective way to avoid these security mistakes by using our global LoRaWAN Join Server.

What is a LoRaWAN Join Server?

The Join Server is a component of the LoRaWAN server defined by the LoRa Alliance?. Its role is to store root keys, generate session keys and to send those securely to the Network Server and Application Server of choice. The device contains the same root keys, which can be provisioned as part of end-devices assembly, distribution or upon installation. The Things Industries offers to device makers, module makers and distributors, access to a network agnostic Join Server. This allows for secure end-devices provisioning without network lock-in and knowing beforehand which network the end-user will select. No need for keeping several SKUs any longer. Manufacturers only need to provide the keys to the end-device in one safe place. After selling the device, the buyer uses a one-click device claiming procedure to transfer ownership in the Join Server. Subsequently the owner can configure the device to any LoRaWAN compliant network. The end-user claims ownership through the device claiming procedure (web interface, API, or a QR code scanning app) and selects its preferred network and application server. This activation flow can be automated end-to-end. For the end-user, this makes the process of device activation more secure, faster, cheaper, less error-prone and more flexible at the same time giving the flexibility to switch network and application at any time. 

We already got a great group of partners that are adopting the global join server.

The Join Server is now available for customers of The Things Industries, The Things Network users and customers of Senet. Prominent LoRaWAN device makers and systems integrators have access to the Global Join Server allowing them to securely provision their end devices.

Secure Element with Microchip

Furthermore, device makers and end-users can strengthen the authentication process by implementing a secure hardened key storage both at the node and in the LoRaWAN server. This prevents the exposure of authentication keys to software, firmware, manufacturing sites, end-users and other third parties. The secure elements from Microchip —ATECC608A-TNGLORA for The Things Enterprise Stack is pre-provisioned with the corresponding authentication keys and provide a JIL “high” rated secure key storage to isolate keys in the nodes. This is especially valuable in LoRa systems that are based on a shared key security model and leverage a wide variety of traditional low-power microcontrollers.

So the Global Join Server by The Things Industries offers device makers to securely manage their keys and transfer the authority of the device along the value chain without the physical exchange of keys. Meanwhile highly reducing the total cost of ownership.

What is even more exciting is to see how these companies already implement the secure element. Which are show cases in this video.

And more can be read here: https://thethingsindustries.pr.co/186342-talkpool-automates-secure-device-provisioning-with-the-things-enterprise-stack/

So increase IOT security, lower total cost of ownership with our Global Join Server. Want to join our Global Join Server ecosystem as a device maker or distributor? Email [email protected]