Secure IOT Ecosystem with ChipDNA™ PUF Technology

Using reference design MAXREFDES9001 to showcase how to securely transmit data end-to-end in an IOT system using cloud-connected LoRa sensor nodes.

The design consists of:

  • An Android app that provisions and registers sensor nodes to the IoT ecosystem via a Near Field Communication (NFC) connection.
  • One or more sensor nodes that transmit encrypted data over a low power radio connection to a Long Range (LoRa) Gateway.
  • A LoRa Gateway that transmits encrypted data via the internet to a cloud server, where the data is decrypted and displayed.

To ensure a sensor board is an authorized node, it first needs to be configured with digital certificates prior to operation in the IOT ecosystem, which is called provisioning. The provisioning uses an Android app running on an NFC-enabled handheld device to connect to the sensor board. The NFC connection uses the MAX66242 as a bridge to the DS28S60 cryptographic coprocessor on the sensor board. Through this connection, the app requests the DS28S60 to generate an ECDSA key pair. The resulting public key is unique and is sent along with an electronic serial number (ROM ID) and manufacturer ID (MANID) to the cloud server to generate the certificate based on these inputs. This certificate will be returned from the server and stored in the DS28S60. Using the Diffie-Hellman AES key exchange protocol, identical AES-GCM keys are generated in the cloud application and the DS28S60. Finally, the cloud application provides LoRa network keys to join the LoRa network, which are also stored in the node device. After provisioning completes, the server authenticates the sensor node by sending a random challenge to the DS28S60 through the NFC connection and then verifies the resulting ECDSA signature from the node is valid. With a valid result, the cloud server application registers the ROM ID of this node as genuine.

The provisioning and registration steps only need to happen once when a given node is added to the LoRa network. Afterward, normal operation can ensue, and the sensor boards can begin taking temperature readings to transmit to the cloud securely over the network. First, the data gets encrypted by the DS28S60 using the AES key exchanged during provisioning. Next, the encrypted sensor data is transmitted from the node to the LoRa gateway, which in turn sends the data over the internet to the cloud server. The server decrypts the data using the negotiated AES key and displays the data on a webpage. A rogue sensor node introduced to the LoRa network may attempt to send data to the cloud, but the server will not recognize the unregistered device and therefore can reject the data. Thus, the MAXREFDES9001 demonstrates a robust and easy way to manage end-to-end security in an IOT ecosystem using this embedded security solution from Analog Devices.