Reference Circuit 7388

MAXREFDES9001: Secured IoT LoRa Sensor Nodes using the DS28S60 and Google Cloud


 Download Reference Design Document



Designed, Built, Tested

This document describes the hardware shown in Figure 1 as well as its supporting software. It provides a detailed, systematic technical guide to set up and understand the MAXREFDES9001 reference design. The system has been built and tested, details of which follow later in this document.

Description

The MAXREFDES9001 is a complete Internet-of-Things (IoT) security reference design featuring a LoRa radio based, low-power, temperature sensor node secured with a DS28S60 secure co-processor, a LoRa gateway, and a Google Cloud application. This reference design showcases a robust and easy to manage end-to-end security scheme with authentication and confidentiality capabilities independent of the transmission link in use—the LoRaWAN protocol in this case. The MAXREFDES9001 is designed to easily integrate into embedded systems enabling confidentiality, authentication, and integrity of information.

The sensor node is motioned by the tiny, low-power, Cortex-M4 based microcontroller MAX32660 which periodically measures the ambient temperature with the help of the DS7505, authenticates and encrypts the temperature value using AES-GCM with the DS28S60 secure coprocessor, and sends it to the Google Cloud application over a LoRaWAN network, via a Raspberry Pi powered gateway. To prevent rogue nodes from publishing data, joining the nodes to the network requires a prior local verification using a convenient NFC based strong authentication with help of the MAX66242 Secure Authenticator and a dedicated Android application running on an NFC enabled Android device. Once this strong authentication is successful, proving that the node device is genuine, the Android device communicates with the Google Cloud application via Internet to provision the node device, that is, to generate a certificate for the node device and perform a AES-GCM key exchange between that device and the Google Cloud application. The Android device uses the MAX66242 as a NFC bridge in order to communicate with the node device’s microcontroller application and ultimately store the certificate into the DS28S60 co-processor, and have the key exchange done between the DS28S60 and the Google Cloud application, using the ECDH protocol. Once this step is achieved, the node device is ready to send its data to the cloud using the negotiated AES-GCM key. Further node authentication by the Cloud is possible using ECDSA since the node now has a valid certificate with a matching key pair. Incidentally, the provisioning process also joins the sensor node to the LoRaWAN network implemented using the ChirpStack solution, but this is not the main purpose of the reference design that exhibits a way to secure data without relying on the security of the various underlying communication links.

Key Features

  • Maxim’s DS28S60 ChipDNA™ technology protects private and secret keys against invasive attacks.
  • Maxim’s DS28S60 provides end-to-end security using hardware-based ECDSA authentication, ECDH key exchange and AES-GCM authenticated encryption.
  • Complete low-power sensor node board design
  • Sample LoRaWAN gateway implementation based on Raspberry Pi
  • Sample Google Cloud application showcasing end-to-end security with the sensor board’s DS28S60 including ECDH key exchange, and AES-GCM secure communication
  • Source code
  • Peripheral Module - compatible sensor expansion port
  • Raspberry Pi enables portable LoRaWAN Gateway deployment
MAXREFDES9001 Hardware Enlarge+

Reference Design Document

View PDF

Schematics

View PDF

Bill of Material

View PDF

PCB Layout


 
Status:
Package:
Temperature:

DS28S60
DeepCover Cryptographic Coprocessor with ChipDNA

  • Secure Coprocessor with NIST-Compliant Hardware-Based Crypto
  • Robust Countermeasures Protect Against Security Attacks
  • Enables Fast Time-to-Market with Easy End Application Integration
  • -40°C to +105°C, 1.62V to 3.63V

  • MAX32660
    Tiny, Ultra-Low-Power Arm Cortex-M4 Processor with FPU-Based Microcontroller (MCU) with 256KB Flash and 96KB SRAM

    • High-Efficiency Microcontroller for Wearable Devices
    • Power Management Maximizes Uptime for Battery Applications
    • Optimal Peripheral Mix Provides Platform Scalability

    DS7505
    High-Precision Digital Thermometer and Thermostat

    • Extends Performance Range with a Low-Voltage, 1.7V to 3.7V Operating Range
    • Maximizes System Accuracy in Broad Range of Thermal Management Applications
    • Reduces Cost with No External Components and Stand Alone Thermostat Capability