The LoRaWAN™ specification has been designed from the onset with security as an essential aspect, providing state-of-the art security properties for the need of highly-scalable low power IoT networks.
Unlike many others IoT technologies, it already offers dedicated end-to-end encryption to application providers.
DATA INTEGRITY AND CONFIDENTIALITY PROTECTION
All LoRaWAN traffic is protected using the two session keys:
– For avoiding packet tampering, a Message Integrity Code (MIC) is computed with AES-CMAC based on NwkSKey.
– A frame counter is used for avoiding packet replay.
– The payload is encrypted by AES-CTR using the AppSKey.
Maximised security in Senlab LoRaWan sensors:
Sensing Labs allows the customization of the sensor safety.
Security material
DevEUI: This unique Identifier is public and is linked to the end node. It can be compared to the ID card.
AppEUI: This Identifier is public and is linked to the Join Server. It is used by network servers to contact the right Join server during the Join phase of the end node.
AppKey: The AppKey is secret and is linked to the end node. It is also provided to the Join Server so that it can derive the NwkSKey and the AppSKey during the Join phase of the end node.
Sensing Labs devices allows the modification of AppEUI and also the customization of security AppKey.
FLEXIBLE CHOICE OF NETWORK
- At installation.
- At migration during the life of device with new AppEUI and AppKey.