Skip to main content

LoRaWAN™ Security

This document summarizes the key content of the document LoRaWAN™ Security: A White Paper® published by Gemalto, Actility, and Semtech for the LoRa Alliance™ in February 2017.

General about LoRaWAN™

LoRaWAN™ is a wireless network technology for large areas (LPWAN) that enables cost-effective, mobile, and secure two-way communication for IoT, M2M, smart cities, and industrial applications.

Key features of LoRaWAN™ security:

  1. Complete end-to-end encryption: LoRaWAN™ is one of the few IoT networks that implements end-to-end encryption.
  2. Mutual authentication: Ensures that only genuine devices connect to authentic networks.
  3. Integrity protection and confidentiality: Protects data from manipulation and unauthorized access.
  4. Use of proven algorithms: Based on AES encryption, which is NIST-approved and widely accepted as best practice.
  5. Low power consumption, complexity, and cost: Designed to fit LPWAN environments.
  6. Future-proof: Capable of handling future security threats.

Implementation of LoRaWAN™ security

Unique keys and identifiers: Each device has a unique 128-bit AES key (AppKey) and a globally unique identifier (DevEUI). Session keys: Two session keys (NwkSKey and AppSKey) are derived from AppKey to protect network and application data. Protection of application data: Application traffic is always encrypted end-to-end between the device and the application server. Physical security: Keys can be stored in tamper-resistant devices (Secure Element) for increased security.

Security for backend interfaces

HTTPS and VPN are used to protect communication between network and application servers.

Key facts and misconceptions

Use of AES:
Some sources claim that LoRaWAN™ encryption only uses XOR and not AES. In fact, AES is used in the standardized CTR mode, which uses XOR encryption operations.

Key distribution:
To prevent operators from decrypting traffic by having access to AppKey, the management of AppKey can be handled by an external entity.

Implementation and deployment of security:
The LoRa Alliance works to ensure that the protocol and architecture specifications are secure, while recognizing that the overall security of the solution also depends on the specific implementation and deployment.

Summary

LoRaWAN™ has been designed with security as a fundamental aspect. It offers advanced security features that meet the needs of scalable, energy-efficient IoT networks. Unlike many other IoT technologies, it already provides dedicated end-to-end encryption at the application level.
The overall security of your solution also depends on the specific implementation and deployment.
Enkey AB offers a complete security solution from sensor/meter to cloud service, to create a hassle-free management for property owners who want to leverage the strength and cost-effectiveness of IoT. If you have questions or concerns regarding LoRaWAN™ security, please contact us via email at Enkey.