“Wireless Made Fun!" - Secure Authentication with SAMR34 & ATECC608A and The Things Industries’s Join Server

Welcome to the Microchip Workshop we did at The Things Conference 2020 in Amsterdam. From here you have the choice to either follow the Lab manual instructions described below or to follow the Microchip_workshop_slide.pdf document which expose you on a real situation with use cases

1. Abstract
2. Prerequisites
3. Resources
4. Hardware Setup
5. Lab 1
6. Lab 2

With hands-on approach, you will be guided through the process of getting started with developing a secure LoRa® end device product using Microchip Technology’s SAM R34/R35 Low Power LoRa® Sub-GHz MCU
and pre-provisioned ATECC608A secure element along with TTI Join server.

The SAM R34/R35 is a highly-integrated LoRa® family which includes an ultra-low power, high-performance 32-bit microcontroller (MCU), LoRa transceiver and software stack. With certified reference designs, and proven interoperability with major LoRaWAN™ gateway and network providers, the SAM R34/35 MCUs significantly reduce time to market for Internet of Things (IoT) designs. More details on the product page

Among "Wireless Made Fun!" solutions, checkout our
"Wireless Made Easy!" technology brick with SAMR34, ECC608A and TTI Join Server.

• The Things LoRa(r) Gateway
  

• SAM R34 Xplained Pro Evaluation Kit
  

• CryptoAuthentication UDFN Socket Kit
  

• ATECC608A-TNGLORA Secure Element
  

• Device security (manifest) file. You can obtain this from your Microchip Direct order history
  

• Access to The Things Industries Cloud Hosted. Contact The Things Industries to get onboarded
  

• An application in The Things Industries Cloud Hosted. See instructions
  

• Your The Things Industries Join Server address. See Join Server addresses
  

• Download and install Atmel Studio 7.0 IDE.
  https://www.microchip.com/mplab/avr-support/atmel-studio-7

• Open Atmel Studio 7.0 IDE.
  

• Then, you need Advanced Software Framework (ASFv3) v3.47.0 release or upper release.
  Install ASFv3 as an extension to Atmel Studio from the menu: Tools -> Extensions and Updates …

• Once the installation is complete, you must restart Atmel Studio.
  

• Download and install a serial terminal program like Tera Term.
  https://osdn.net/projects/ttssh2/releases/

Note: ASFv3 is an MCU software library providing a large collection of embedded software for AVR® and SAM flash MCUs and Wireless devices. ASFv3 is configured by the ASF Wizard in Atmel Studio 7.0 (installed as an extension to Studio). ASFv3 is also available as a standalone (.zip) with the same content as Studio extension (https://www.microchip.com/mplab/avr-support/advanced-software-framework).

Important: Until the next Atmel Studio IDE release, you have to manually install the Device Part Pack for developing with SAMR34/R35 on Atmel Studio 7.0 IDE. (all products released in between IDE releases of Atmel Studio should be manually added by user to develop applications).

• Go to Tools -> Device Pack Manager
  
• Check for Updates
  
• Search for SAMR34 and click install
  
• Repeat the same for SAMR35
  
• Restart Atmel Studio 7.0 IDE
  

Several accounts have been created specifically for this workshop in the microchip tenant.
An appendix sheet with the credentials has been provided during the workshop.
Outside this workshop, you need to have your own TTI account with your own tenant.

Useful links:

• TTI Network server
  
• TTI Join server
  
• The Things Stack Guides
  

TTI and Microchip developed a security solution for LoRaWAN that enables secure key provisioning and secure cryptographic operations using secure elements.

• End-to-end LoRaWAN Security solution
  
• Claim ATECC608A Secure Elements
  
• Activate devices on the Things Industries Cloud Hosted
  

Configure the DIP switch of the CryptoAuthenticationUDFN Socket kit for I2C communication with the host microcontroller. 1, 3 and 6 must be placed to ON position

Open the socket board

Make sure the ATECC608A device is ready to be inserted in the right direction. Make sure the pin 1 of the component (represented by a point) is located at the bottom left.

Place the Secure Element in the UDFN socket

Make sure the Secure Element is properly seated and the pin 1 is located at the bottom left.

Close the clam shell lid.

Attach the CryptoAuthenticationUDFN Socket kit to the SAM R34 Xplained Pro board on the EXT3 header.
Plug the antenna. Attach a USB cable to SAM R34 Xplained Pro board's EDBG micro-B port on the right.
The USB ports powers the board and enables the user to communicate with the kits.

• Wait for USB driver installation and COM ports mounting.
  
• Launch Tera Term program and configure the serial ports mounted with: 115200 bps, 8/N/1

1. Open the TTI Network Server Console
   
2. Login by using the TTI Credentials from the appendix sheet
   
   
3. Select “Go to applications”
   
   
4. Select “thethingsconference” application
   
5. Go to “Devices” in the left menu and click on “+ Add Device” to reach the end device registration page.
   a) Fill the device ID (use the appendix sheet)
   b) Fill the MAC Version with: MAC V1.0.2
   c) Fill the PHY Version with: PHY V1.0.2 REV B
   d) Fill the Frequency Plan: Europe 863-870 MHz
   e) Scroll to the lower part of the device registration page and make sure that “Over the Air Activation (OTAA)” is selected
   f) Fill the JoinEUI (AppEUI in LoRaWAN versions before 1.1) (use the appendix sheet)
   g) Fill the DevEUI (use the appendix sheet)
   h) Uncheck External Join Server
   i) Fill the AppKey (use the appendix sheet)
   j) Click “Create Device”
   
   Exemples:
   
   
   
6. You will now reach the device overview page of your device. The end device should now be able to join the private network
   
   
7. Plug the antenna and always make sure you have the antenna plugged to your SAMR34 Xpro board before powering it up
   
8. Connect your SAMR34 Xpro board to the computer through the micro-USB cable. USB cable must be connected to the EDBG USB connector of the kit
   
9. Wait for USB driver installation and COM port mounting. The USB port powers the board and enables the user to communicate with the kit
   
   
10. Open Serial Console program (e.g. TeraTerm)
    
11. Configure Terminal setup
    
    
12. Configure Serial port setup, COMxx 115200 bps / 8 / N / 1
    
    
13. Restart the application by pressing Reset button on SAMR34 Xpro board
    
14. From the console, press ‘1’ to Select Lab1
    
    
15. Manually provision your device by entering:
    

• DevEUI
  
• JoinEUI
  
• AppKey
  Use the appendix sheet to find your OTAA credentials.
  

16. Press ‘1’ to confirm the provisioning
    
    
17. Enter your first name (10char max.) and press enter
    
    
18. Your device should successfully join the network
    
    
19. Press SAMR34 Xpro SW0 button to transmit an uplink message
    
    
20. Observe the result on the dashboard and confirm you can see your data
    
    

1. Perform the following hardware setup:
   a) Connect ECC608A Socket board to SAMR34 Xpro EXT3
   b) Plug the antenna and always make sure you have the antenna plugged to your SAMR34 Xpro board before powering it up.
   c) Connect your SAMR34 Xpro board to the computer through the micro-USB cable. USB cable must be connected to the EDBG USB connector of the kit.
   d) Wait for USB driver installation and COM port mounting. The USB port powers the board and enables the user to communicate with the kit.
   
   
2. Open and configure Serial Console program (e.g. TeraTerm): COMxx 115200 bps / 8 / N /1
   
3. Restart the application by pressing Reset button on SAMR34 Xpro board
   
4. From the console, press ‘2’ to Select Lab2
   
   
5. Observe the following identifiers coming from the ATEC6608A Secure Element
   
   
6. Record your own DevEUI and Serial Number
   
7. Ask the instructor for the manifest file which match your set of identifiers
   
8. Open the TTI Join Server Console
   
9. Login by using the TTI Credentials from the appendix sheet
   
   
10. Make sure you are connected to the Join Server
    
    
11. Select “Go to applications”
    
    
12. Select “thethingsconference” application
    
    
13. Go to “Devices” in the left menu and click on “+ Import Device” in order to claim the device
    a) Select format: “Microchip ATEC6608A-TNGLORA Manifest File”
    b) Select your manifest file
    c) Enable set claim authentication code
    d) Create devices
    
    
14. Click Proceed
    
    Your secure element is now claimed in your application. The secure element cannot be claimed by anyone else until you delete the device.
    
15. Observe your new device in the list
    
    
16. Claiming the secure element only create device on the Join Server: it is not registered on a Network Server or Application Server yet.
    This step requires the usage of the Command Line Interface (CLI). Refer to this guide"
    For the purpose of this workshop, the instructor will activate your device.
    
    
17. Open the TTI Network Server Console
    
18. Login by using the TTI Credentials from the appendix sheet
    
19. Select “Go to applications”
    
20. Select “thethingsconference” application
    
21. Go to “Devices” in the left menu
    
22. Your new device appears now in the TTI Network Server Application / device list
    
    
23. Come back to the Serial Console in order to interact with Lab 2 Application
    
24. Enter your first name (10char max.) and press enter
    
25. Your device should successfully join the network
    
    
26. Press SAMR34 Xpro SW0 button to transmit an uplink message
    
    
27. Observe the result on the dashboard and confirm you can visualize your data
    

Congratulations, you have finished the lab.