To ensure that the network is protected and your data is kept secure, LoRaWAN has multiple security layers. Firstly, the network layer includes security features such as device authentication, network and session keys, and frame counters. Next, the application layer security ensures data is kept secure by utilising payload encryption and full decryption. Finally, end-to-end security is achieved with message integrity checks and sophisticated device activation mechanisms.

In short, by implementing security measures at multiple layers, LoRaWAN ensures the entire data transmission process is secure as it travels from the device to the application server.

The LoRaWAN specification has built-in security features to protect against the latest forms of cyber attacks. These features include session keys, frame counters, and MIC (Message Integrity Code) codes.

Session keys are generated during the Join procedure. These ensure secure communication between the device and the network server. Frame counters guarantee the freshness and authenticity of each message – crucial to prevent replay attacks. Finally, MIC codes are added to each message to detect tampering with the message content during transmission. By working together, these security features ensure the integrity, authenticity, and confidentiality of LoRaWAN communication, providing a robust security framework for IoT applications.

LoRaWAN security works to protect communication between LoRaWAN devices and the network server. Device authentication and authorisation with the network server are achieved in one of two ways: Over-The-Air-Activation (OTAA) and Activation-By-Personalisation (ABP). OTAA is by far the most secure method; however, LoRAWAN retains the second method, ABP, for when it is necessary to prioritize speed over security.

With OTAA, the device and network server perform a secure handshake by generating a unique set of keys for the device. These are then sent to the network server for verification, after which the server sends the device a set of session keys to encrypt and decrypt messages between them. This process guarantees that only authorised devices can communicate with the network server.

With ABP, a device is pre-programmed with a set of keys, which are used to authenticate and authorise the device to communicate with the network server. The session keys are also pre-programmed, meaning the device does not perform a handshake process with the network server. This method is faster and more efficient than OTAA; yet, because the keys are preprogrammed, they are less secure and can potentially be exposed.

OTAA’s unique keys and secure handshake process give greater security. ABP can be more appropriate for prioritising speed over security. With both methods utilised for LoRaWAN communication, engineers are free to choose which best suits their specific use case.

It’s important to remember that while LoRaWAN does offer built-in security features, more than these alone may be needed to fully protect against all possible attacks. By implementing additional best practices, such as using strong passwords, secure device provisioning, and regular firmware updates, organisations can further enhance the security of their LoRaWAN networks and devices.

These measures can minimise the risk of unauthorised access, data breaches, and other security incidents, ultimately helping to ensure the integrity and confidentiality of sensitive data transmitted over LoRaWAN networks.

The LoRa Alliance ® periodically updates the LoRaWAN specification to address any known security vulnerabilities and to improve overall security. For example, in 2020, the LoRa Alliance released a new version of the LoRaWAN specification, which included several security enhancements such as the introduction of new types of cryptographic algorithms for improved security, stronger security for multicast communication, and updates to the process for joining a network to reduce the risk of attacks.

These updates demonstrate the LoRa Alliance’s commitment to continually improving the security of the LoRaWAN protocol, ensuring its users can operate with confidence in the security of their IoT deployments.

IMI TWTG is our specialist product brand for industrial IoT, offering sensor technologies that support automation across complex environments. Integrated with IMI Process Automation, these solutions are scalable and low-power, helping customers digitise assets and improve operational efficiency.