Bootstrapping

Bootstrapping process to connect a LwM2M client.

To use the 1NCE LwM2M Service, every time a client IoT device with a 1NCE SIM wants to connect or reattach, the bootstrap server needs to be contacted at first. A direct connection to the LwM2M server without prior communication towards the bootstrap service is not possible.

The task at hand for the bootstrap server is to accept the initial connection, handle the authorization of the SIM device using the SIM-as-an-Identity service and provide LwM2M server connectivity instructions with one-time specific security credentials.

There are two possible methods to bootstrap a device. The bootstrapping can be performed either by encrypted DTLS communication (using PSK) or by using Plain COAP.

DTLS is using pre-shared key (PSK) provided by client device and identity of device (deviceId-iccid). If device is bootstrapping to secure server, the LWM2M server priority is changed to also secure server to be first.

The PSK can be set:

Using leshan client there is 2 examples to bootstrap:

  1. DTLS java -jar .\leshan-client.jar -b -u lwm2m.os.1nce.com:5684 -p <secret key in HEX> -i <identity>
  2. PLAIN java -jar .\leshan-client.jar -b -u lwm2m.os.1nce.com:5683

The following figure illustrates this process in detail.

The shown steps are the following (plain connection):

  1. The LwM2M client calls the bootstrap server at lwm2m.os.1nce.com:5683 using plain CoAP.

  2. The bootstrap server responds with a data message containing all the necessary information for the client to connect to the actual LwM2M server.

    LwM2M Server

    Resource

    Description

    Type

    Value

    0/0/0

    LWM2M Server URI

    String

    Example:
    coap://1.2.3.4:5683

    0/0/1

    Bootstrap-Server

    Boolean

    false

    0/0/2

    Security Mode

    Integer

    3 (NoSec)

    0/0/10

    Server Id

    Integer

    1111

    1/0/0

    Short Server ID

    Integer

    1111

    1/0/1

    Lifetime (s)

    Integer

    86400

    1/0/2

    Default Minimum Period (s)

    Integer

    1

    Bootstrap Server

    Resource

    Description

    Type

    Value

    0/1/0

    Bootstrap Server URI

    String

    Example:
    coap://lwm2m.os.1nce.com:5683

    0/1/1

    Bootstrap-Server

    Boolean

    yes

    0/1/2

    Security Mode

    Integer

    3 (NoSec)

    0/1/10

    Server Id

    Integer

    2222

  3. The LwM2M client device uses this information to trigger the registration on the LwM2M server using CoAP.

The shown steps are the following (with DTLS):

  1. The LwM2M client calls the bootstrap server at lwm2m.os.1nce.com:5684 using CoAPs.

  2. The bootstrap server responds with a data message containing all the necessary information for the client to connect to the actual LwM2M server.

    LwM2M DTLS Server

    Resource

    Description

    Type

    Value

    0/0/0

    LWM2M Server URI

    String

    Example:
    coaps://1.2.3.4:5684

    0/0/1

    Bootstrap-Server

    Boolean

    false

    0/0/2

    Security Mode

    Integer

    0 (Pre-Shared Key)

    0/0/3

    Identity

    Opaque

    Identity as binary data

    0/0/5

    Secret Key

    Opaque

    Private key for LwM2M Server as binary data

    0/0/10

    Server Id

    Integer

    1111

    1/0/0

    Short Server ID

    Integer

    1111

    1/0/1

    Lifetime (s)

    Integer

    86400

    1/0/2

    Default Minimum Period (s)

    Integer

    1

    Bootstrap DTLS Server

    Resource

    Description

    Type

    Value

    0/1/0

    Bootstrap Server URI

    String

    Example:
    coaps://lwm2m.os.1nce.com:5684

    0/1/1

    Bootstrap-Server

    Boolean

    yes

    0/1/2

    Security Mode

    Integer

    0 (Pre-Shared Key)

    0/1/3

    Identity

    Opaque

    Identity as binary data

    0/1/5

    Secret Key

    Opaque

    Private key for LwM2M Bootstrap Server as binary data

    0/1/10

    Server Id

    Integer

    2222

  3. The LwM2M client device uses this information to trigger the registration on the LwM2M server using CoAPs. The DTLS Pre Shared Key (PSK) that is provided by the bootstrap server and used for the registration is regenerated on every bootstrap request.