Beruflich Dokumente
Kultur Dokumente
SECURITY
FULL ENDTOEND ENCRYPTION
FOR IoT APPLICATION PROVIDERS
PROPERTIES OF
LoRaWAN SECURITY
LoRaWAN security is designed to fit the the LoRaWAN network as part of the payloads exchanged between the
general LoRaWAN design criteria: low network join procedure. This ensures end-devices and application servers.
power consumption, low implementation that only genuine and authorized devices LoRaWAN is one of the few IoT networks
complexity, low cost and high scalability. will be joined to genuine and authentic implementing end-to-end encryption. In
As devices are deployed in the field networks. some traditional cellular networks, the
for long periods of time (years), LoRaWAN MAC and application traffic is encrypted over the air interface,
security must be future-proof. The messaging are origin authenticated, but it is transported as plain text in the
LoRaWAN security design adheres integrity protected, replay protected, and operators core network. Consequently,
to state-of-the-art principles: use of encrypted. This protection, combined end users are burdened by selecting,
standard, well-vetted algorithms, and with mutual authentication, ensures that deploying and managing an additional
end-to-end security. Later, we describe network traffic has not been altered, is security layer (generally implemented by
the fundamental properties that are coming from a legitimate device, is not some type of VPN or application layer
supported in LoRaWAN security: mutual comprehensible to eavesdroppers and encryption security such as TLS).
authentication, integrity protection and has not been captured and replayed by This approach is not suited in LPWANs
confidentiality. rogue actors. where over-the-top security layers
Mutual authentication is established LoRaWAN security further implements add considerable additional power
between a LoRaWAN end-device and end-to-end encryption for application consumption, complexity and cost.
SECURITY IMPLEMENTATION
The security mechanisms mentioned networks. LoRaWAN security uses the which are used during the device authen-
previously rely on the well-tested AES cryptographic primitive combined tication process. Allocation of EUI-64
and standardized AES1 cryptographic with several modes of operation: CMAC2 identifiers require the assignor to have an
algorithms. These algorithms have been for integrity protection and CTR3 for Organizationally Unique Identifier (OUI)
analysed by the cryptographic community encryption. Each LoRaWAN device is from the IEEE Registration Authority. Sim-
for many years, are NIST approved and personalized with a unique 128 bit AES ilarly, LoRaWAN networks are identified
widely adopted as a best security key (called AppKey) and a globally unique by a 24-bit globally unique identifier
practice for constrained nodes and identifier (EUI-64-based DevEUI), both of assigned by the LoRa Alliance.
SECURING APPLICATION PAYLOADS
LoRaWAN application payloads are always encrypted end-to-end between the end-device and the application server. Integrity
protection is provided in a hop-by-hop nature: one hop over the air through the integrity protection provided by LoRaWAN protocol
and the other hop between the network and application server by using secure transport solutions such as HTTPS and VPNs.
MUTUAL AUTHENTICATION
The Over-the-Air Activation (a.k.a. Join are then derived, one for providing integ- order to prove/verify the packets authen-
Procedure) proves that both the end de- rity protection and encryption of the ticity and integrity. The AppSKey is dis-
vice and the network have the knowl- LoRaWAN MAC commands and appli- tributed to the application server in order
edge of the AppKey. This proof is made cation payload (the NwkSKey), and one to encrypt/decrypt the application pay-
by computing an AES-CMAC4 (using the for end-to-end encryption of application load. AppKey and AppSKey can be hidden
AppKey) on the devices join request and payload (the AppSKey). The NwkSKey is from the network operator so that it is not
by the backend receiver. Two session keys distributed to the LoRaWAN network in able to decrypt the application payloads.
LoRaWAN AppSKey
NwkSKey
Network
Security
Application
Security
1
AES - Advanced Encryption Standard. It is a public encryption algorithm based on symmetric secret keys, allowing message encryption and authentication. 2 CMAC - Cipher-based
Message Authentication Code. 3 CTR - Counter Mode Encryption. It is a mode of operation of AES algorithm relying on a counter to encrypt streams of data. 4 AES-CMAC - Cipher-based
Message Authentication Code using AES encryption algorithm to provide message integrity and authenticity. 5 CBC is a mode of operation of AES algorithm relying on an initialization
vector and the previous data block to encrypt streams of data.
The LoRa Alliance and LoRaWAN Marks and logos are trademarks of Semtech Corporation or its subsidiaries in the U.S. and/or other countries