LoRaWAN puts security first: Page 3 of 4

July 04, 2019 // By David Armour, Senior Product Manager, Semtech Corporation
LoRaWAN puts security first
Traditionally, security has been an afterthought in computer network designs, which has helped make many of them vulnerable to hacking. But the LoRaWAN low-power wide area network (LPWAN) provides an example of a network technology that was designed from the outset to take security into account.

Once the AES-CMAC has been computed and verified, the join server and device create a pair of session keys. One is the NwkSKey, which is used to protect LoRaWAN network commands; the other is the AppSKey, which encrypts the application data. The keys are distributed to the LoRaWAN network server and relevant application servers, respectively. This maintains a separation between application data and network management messages. This avoids the need to share keys with the network operator. Users can be sure packets containing application data simply pass through the LoRaWAN gateways and network routers without the risk of snooping or man-in-the-middle attacks.

All traffic sent and received by a sensor node is protected using the two session keys. The payload of each packet is encrypted using the AES counter mode (AES-CTR). This embeds a frame counter and message integrity code (MIC) computed using the NwkSKey code in the payload. The combination of protections prevents packet-replay attacks, in which a hacker inserts data in a message and retransmits it into the data stream.

Although LoRaWAN enforces security as part of its core design, a number of aspects are outside the control of the protocol designers and need to be taken care of by the applications developer or integrator. The key elements that need attention are key management and provisioning.

Design category: 

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.