Skip to main content

LoRaWAN®: Security Built-in

Content type: Article Categories: Energy

Why LoRaWAN Is The Industrial I-IoT Enabler You Can’t Ignore (3/5)

Discover in our third article of this series how LoRaWAN’s built-in capabilities can be utilized to ensure a secure deployment.

Key Takeaways

  1. LoRaWAN operates with multiple layers of robust security; The network layer security, application layer security and end-to-end security.
  2. LoRaWAN specification includes session keys, frame counters, and MIC codes to offer optimum protection against possible cyber attacks.
  3. OTAA keys offer maximum levels of security.
  4. As with any network, it’s best practice to install the latest firmware and software updates, use strong passwords, and implement physical security measures.
  5. LoRaWAN security is an ongoing priority, and the LoRa Alliance is continually working to identify and address potential vulnerabilities.

Multiple Layers Of Robust Security

To ensure that the network is protected and your data is kept secure, LoRaWAN has multiple security layers. Firstly, the network layer includes security features such as device authentication, network and session keys, and frame counters. Next, the application layer security ensures data is kept secure by utilizing payload encryption and full decryption. Finally, end-to-end security is achieved with message integrity checks and sophisticated device activation mechanisms.

In short, by implementing security measures at multiple layers, LoRaWAN ensures the entire data transmission process is secure as it travels from the device to the application server.

Solid Security Built-In Through Specification

The LoRaWAN specification has built-in security features to protect against the latest forms of cyber attacks. These features include session keys, frame counters, and MIC (Message Integrity Code) codes.

Session keys are generated during the Join procedure. These ensure secure communication between the device and the network server. Frame counters guarantee the freshness and authenticity of each message – crucial to prevent replay attacks. Finally, MIC codes are added to each message to detect

Figure 1. This series of articles looks at five essential criteria how to best digitize an industrial facility

“We always advise customers to consider the following aspects: vendor lock-in, battery life, security, range, and competing and complementary technologies.

tampering with the message content during transmission. By working together, these security features ensure the integrity, authenticity, and confidentiality of LoRaWAN communication, providing a robust security framework for IoT applications.

OTAA Security Offers Maximum Security

LoRaWAN security works to protect communication between LoRaWAN devices and the network server. Device authentication and authorization with the network server are achieved in one of two ways: Over-The-Air-Activation (OTAA) and Activation-By-Personalization (ABP). OTAA is by far the most secure method; however, LoRAWAN retains the second method, ABP, for when it is necessary to prioritize speed over security.

With OTAA, the device and network server perform a secure handshake by generating a unique set of keys for the device. These are then sent to the network server for verification, after which the server sends the device a set of session keys to encrypt and decrypt messages between them. This process guarantees that only authorised devices can communicate with the network server.

With ABP, a device is pre-programmed with a set of keys, which are used to authenticate and authorize the device to communicate with the network server. The session keys are also pre-programmed, meaning the device does not perform a handshake process with the network server. This method is faster and more efficient than OTAA; yet, because the keys are preprogrammed, they are less secure and can potentially be exposed.

OTAA’s unique keys and secure handshake process give greater security. ABP can be more appropriate for prioritising speed over security. With both methods utilized for LoRaWAN communication, engineers are free to choose which best suits their specific use case.

Best Practises Can’t Be Ignored

It’s important to remember that while LoRaWAN does offer built-in security features, more than these alone may be needed to fully protect against all possible attacks. By implementing additional best practices, such as using strong passwords, secure device provisioning, and regular firmware updates, organisations can further enhance the security of their LoRaWAN networks and devices.

These measures can minimize the risk of unauthorized access, data breaches, and other security incidents, ultimately helping to ensure the integrity and confidentiality of sensitive data transmitted over LoRaWAN networks.

LoRaWAN. Committed To Tomorrow’s Security Needs

The LoRa Alliance ® periodically updates the LoRaWAN specification to address any known security vulnerabilities and to improve overall security. For example, in 2020, the LoRa Alliance released a new version of the LoRaWAN specification, which included several security enhancements such

Figure 2. Technically and financially, LoRaWAN enables engineers to digitize almost all industrial assets

as the introduction of new types of cryptographic algorithms for improved security, stronger security for multicast communication, and updates to the process for joining a network to reduce the risk of attacks.

These updates demonstrate the LoRa Alliance’s commitment to continually improving the security of the LoRaWAN protocol, ensuring its users can operate with confidence in the security of their IoT deployments.