An important aspect of LoRaWAN security is that it uses symmetric-key cryptography. Each root key that is dedicated to a sensor node needs to be made available to a corresponding server application for the required session keys to be generated. To manage the keys that will be used by server applications and programmed into devices, the user needs to employ a key management system (KMS) that is responsible for distributing keys to systems that need them. For example, a KMS can make root keys available to the Join Server so that it can perform the required AppKey check and handle the initial session-key generation routines.
Similarly, the KMS can be responsible for providing the AppKey to each device when it is ready to be programmed during manufacture, production test or installation. To ensure high security when requests are made to the KMS, two-factor authentication or similar techniques can be employed. In a typical scenario, an end-of-line tester requests a key for each device that it probes using previously created session keys to encrypt the transaction. A second factor, such as the correct response to a challenge issued by the KMS, ensures that only the authorised tester is provided with the requested AppKey. The LoRa-Alliance defines for network service providers a back-end specification for methods to allow a Join Server to make secure requests to a user’s KMS.
Once delivered to the end device, the AppKey needs to be stored securely so that it cannot be read out and misused by a hacker who gains access to the hardware either physically or through network-based attacks. A microcontroller (MCU) with secure on-chip storage can satisfy this requirement. Alternatively, the MCU can be paired with a secure companion integrated circuit (IC) that is programmed with the AppKey and which takes care of the AES processing on behalf of the MCU. Cryptographic acceleration is also an effective hardware-based security feature to reduce transaction times significantly as well as power consumption.
With a sufficiently secure MCU, once it is programmed into on-chip flash there is no mechanism to read out the raw key. Physical protections can zero out on-chip keys if they detect an attack that shows a high risk of compromise. This ensures that the AppKey and other secure credentials cannot be stolen and misused.
Thanks to the decision to take security into account when designing the protocol, LoRaWAN’s designers have succeeded in building an LPWAN that can cope with the challenges of today’s IoT. Supported by an effective key-management infrastructure and choice of secure hardware for devices, integrators can achieve a high level of confidence that their systems are not vulnerable to hackers.