Co-Founder and CEO of The Things Industries Wienke Giezeman announced the launch of Global Join Server (GJS) which is a secure component of the LoRaWan server. As an ecosystem, Global Join Server allows activating devices of any LoRa network from anywhere on the World. According to Giezeman, it works with the Things Network, the Community Network, cloud hosting solutions, etc. It works no matter if it is a part of a network server outside the Things Industries, as long it uses LoRa standard interfaces.
The Global Join Server’s role is to store root keys, generate session keys and send them securely to the Network Server and Application Server. There is no more need to send keys by email or to print them on the boxes, they are already in a secure place. The Things Industries offers to device makers, module makers and distributors, access to a network-agnostic Join Server of LoRaWAN. With GJS there is no need for manufacturers to keep several SKUs. They only need to provide keys to end-device which will be stored in a safe place. Buyers on the other side only need to use a one-click device claiming procedure to transfer the ownership in the Join Server. Buyers can claim ownership through a web interface, API or a QR code scanning application while selecting a preferred network and application server for LoRaWAN. Activation can be automated and the whole process makes this device activation more secure, faster, cheaper with less error-prone.
A hardware secure module inside the device is the next step. This module is the place where the root keys are provisioned. Nobody can read those keys while they are inside these modules, because they are physically protected from tampering. Last year’s solution from Microchip is accompanied by ST, Trusted Objects and Cypress. Microchips solution is Trust&GO Lora with ATTECC6080A Secure Element. This element is pre-provisioned with the corresponding authentication keys and provide a JIL rated secure key storage to isolated keys in the nodes. With this approach, the keys are never exposed to the outside world. The keys are inserted in a secure element inside the chip during production. Keys are linked with a Global Join Server of the Things Industries. Authentication goes this way: the manufacturer sends a manifest that does not contain any key to the device maker, device maker upload the manifest to a Join Server to claim secure elements in the device makers account. After that, makers can produce the device and print LoRa Alliance standardized QR code which is unique and helps the owner to claim the device. While we are talking about secure elements, we must mention that we are talking about a single chip of 2×2 mm. It is not an unfamiliar IC, as we mentioned it recently while talking about ESPRESSOBin ULTRA Gateway.
We believe that security is for security and not for commercial vendor lock-in. We have built-in features that will make sure that the device maker is never locked in to any network. Like for instance your SIM card is doing in 4G/5G.
-Wienke Giezeman, Co-Founder and CEO of The Things Industries
Dejan Petrović is a long-time reviewer in a computer magazine World of Computers (Svet Kompjutera) based in Belgrade, Serbia. He is experienced in WiFi, Bluetooth, and other wireless devices and technologies. He also write about single board computers (SBC), microcontrollers, electronics and embedded systems in general. When not writing, he designs various custom PCBs, assemble and write software for it, according to clients requirements.