Executive Summary - HIP 72: Secure Concentrators #661
vincenzospaghetti
started this conversation in
Executive Summaries: HIPs
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Executive Summary - #489
High Level
HIP-72 proposes the implementation of Secure Concentrator Cards (SCCs) in the Helium IoT network to address the security flaw in existing Helium Hotspots. SCCs are similar to standard LoRaWAN concentrator cards but come with additional features such as a Secure Microcontroller Unit (SMCU) and a GPS receiver. The SMCU digitally signs LoRa data packets upon reception, ensuring their authenticity and preventing tampering.
The implementation of SCCs is optional, and there is no requirement for hardware upgrades or new purchases. Existing Helium Hotspots without SCCs will continue to function normally, while those with SCCs will receive enhanced rewards of 1.25x for Proof of Coverage (PoC). This incentivizes the adoption of SCCs and promotes a more secure Physical Root of Trust for the Helium IoT system.
The introduction of SCCs will impact the entire Helium IoT network by providing a reliable source of data for PoC algorithms. It will also enable the DIY community to build their own hardware, increasing the diversity and proliferation of Hotspots. Additionally, SCCs will enable a new type of location service using Time Difference of Arrival (TDOA) for low-power devices.
The hardware architecture of SCCs is based on Semtech's LoRa Corecell Gateway reference design, with the addition of an SMCU. The SMCU cryptographically signs RF data received from the SX1303 LoRa baseband processor, ensuring its authenticity. Measures like buried traces, shielding, and potting material are employed to make it physically difficult to access the SMCU and SX130x components.
Hardware Keys Managed by MCC
Manufacturers of SCCs must undergo an approval process by the Helium Manufacturer Compliance Committee, similar to Hotspot manufacturers. They are responsible for installation and service, either by integrating SCCs into Hotspots or by providing SCCs separately. The hardware audit process for SCCs aligns with the requirements specified in HIP-19 for Hotspot hardware.
The onboarding process for SCCs involves staking $10 USD worth of HNT for each Secure Concentrator produced by manufacturers. The staking period is fixed at three years, and the staked HNT is converted to veHNT and delegated to the IoT subDAO. Any earnings from staking activities are transferred to the Manufacturer's wallet, but violations of the Helium Foundation Ethics document may result in partial or full burning of the staked balance.
Hotspot registration using SCCs is similar to Data-Only Hotspots, with a Binding transaction that includes the Hotspot's swarm_key, the SCC's Hardware Key, and the Hotspot Owner's wallet address. While there are no fees for Hotspots with SCCs except for subsequent Binding transactions, a small Sol.
Additional Details on Keys
The SMCU stores a unique ED25519 keypair, the Hardware Key, generated during manufacturing. This key is used for cryptographic operations and is securely stored in the SMCU's non-volatile memory. The Hardware Key is distinct from the swarm_key used in Helium Hotspots and allows existing miners to upgrade their concentrator cards with SCCs.
To ensure secure firmware, the SMCU firmware includes a bootloader that verifies the cryptographic signature of the application image at each power-up. The firmware also incorporates two App Signing Keys, one that will be managed by the Helium Foundation (and MCC) and the other optionally provided by manufacturers. This allows for firmware updates while ensuring compatibility with the open-source GPLv3 license.
Rewards Increase for SCC Adoption
In terms of rewards, SCCs are eligible for enhanced PoC rewards only when Witness packets include valid GPS time and location data. If a Secure Concentrator lacks a valid GPS lock, it will not receive any rewards. This incentive structure supports the overall security benefits that SCCs bring to the Helium network.
Implementation
A significant amount of code and workflow design was developed specifically for this by the HIP Author. Additionally, The Helium Foundation Grants program has funded an initial design of an SCC hardware version and firmware, and Rak is the manufacturing partner for an initial version of the SCC. Furthermore, a version of the SCC design has been prototyped, and a second version is currently being tested by the MCC (this is mentioned in the HIP as a reference hardware design).
It is important to note that Helium Core Developers have implementation over this HIP and are given the authority to determine how this is implemented in the Helium Network.
MCC & Audit Process
Note that this HIP defines an open-source specification for the design, and many manufacturers will now be allowed to develop their own concentrator. They are not required to use this reference design, and the MCC will determine an audit process for each manufacturer of the SCC. In all situations involving an SCC, the manufacturer will have to pass an alternative secure element process.
The MCC defines two cases for audit:
Expected Deliverables & Stakeholders
Helium Core Developers
Changes to:
MCC
Changes to:
Makers
Changes to:
Additional Resources
Executive Presentation
Open Source Design Repo
Manufacturers Compliance Committee input on HIP
Audit of MCC Efforts
MCC To Community Call on SCC
Beta Was this translation helpful? Give feedback.
All reactions