2019 2nd International Conference on Communication Engineering and Technology
Potential Development of AES 128-bit Key Generation for LoRaWAN Security
Nur Hayati
Department of Electrical Engineering
Universitas Indonesia
Depok, Indonesia
e-mail: nur.hayati81@ui.ac.id
Kalamullah Ramli
Department of Electrical Engineering
Universitas Indonesia
Depok, Indonesia
e-mail: kalamullah.ramli@ui.ac.id
Abstract—This research aims to simulate and analyze a
potential parameter of developing the key generation used for
encryption in LoRaWAN. Key generation or key scheduling is
an important part of the encryption process because in modern
security, encryption algorithm will be shared widely so that it
can be developed according to standards, and its strength
tested, but the cipher key will remain hidden. In the
LoRaWAN network, key generation is part of Advanced
Encryption Standard (AES) encryption embedded in the
NwkSKey and the AppSKey. Our research provides baseline
information that has the potential to develop the key-
generation algorithm used in LoRaWAN. We conduct
simulations for gathering field data and then discuss three
parameters related to the technical development of key
generation: processing time, randomness level and key length.
Meanwhile for LoRaWAN, there are two additional
parameters that need to be considered: computation resources
and battery durability.
Keywords-key generation; symmetric encryption; AES; IoT
security; LoRaWAN
I. INTRODUCTION
LoRaWAN is a leading IoT technology and is
implemented globally. Many experiments have been
conducted using LoRaWAN technology, including
implementation in smart parking [1], smart farming to
monitor livestock in fields [2], smart home automation
systems [3], smart health to monitor patients with mental
disorders [4] and others. According to Ericsson, in 2022, the
number of IoT devices connected will be 1.5 billion [5] and
the quantity of IoT implementation continues to grow.
Although LoRaWAN has attracted many stakeholders to its
IoT implementation, but researchers [6] [7] [8] have concern
related to its security issues. While other [9] state that not
only security but also privacy, two important issues in the
development of IoT technology that includes LoRaWAN.
Specifically, IoT security has three categories: security
regarding hardware, management, and data [10].
978-1-7281-1439-2/19/$31.00 ©2019 IEEE
Muhammad Suryanegara*
Department of Electrical Engineering
Universitas Indonesia
Depok, Indonesia
e-mail: suryanegara@gmail.com
Yohan Suryanto
Department of Electrical Engineering
Universitas Indonesia
Depok, Indonesia
e-mail: yohan.suryanto@ui.ac.id
Furthermore, about data security, besides preserving data
confidentiality, integrity, and availability, another important
aspect of data security is providing a bottom-up encryption
algorithm [11]. Under usual conditions, outsiders can wiretap
into communication lines by radio jamming or
eavesdropping to obtain confidential data [10]. However,
leaks of classified data can be prevented through the
encryption process.
This paper aims to provide baseline information about
the parameters of key generation in LoRaWAN encryption.
This information can be used as a basic reference for further
research in the field. We conduct experiments by simulating
existing key generation using an AES 128-bit encryption
algorithm.
This paper consists of five chapters. Chapter I introduces
the study. Chapter II discusses its underlying theories.
Chapter III presents the methodology. Chapter IV discusses
potential parameters to develop key generation in
LoRaWAN encryption. Chapter V provides conclusions
regarding the study‘s results.
II. AES ALGORITHM AND LORAWAN SECURITY
Security algorithms used on IoT devices must meet the
requirements for lightweight encryption. Lightweight
encryption differs from legacy encryption. Legacy
encryption tends to have complex algorithms and requires
large amounts of energy. In contrast, lightweight encryption
tends to use less-complex algorithms that require little
energy, have limited data size, and simple processing [12].
Yet, lightweight encryption still must be able to secure data
when they are compiled into a cipher. The parameters of
lightweight encryption are more commonly manifested in
symmetric encryption. Symmetric encryption uses identical
key to encrypt and decrypt data. Symmetric encryption has
short processing time; its keys and security algorithm can be
executed faster because symmetric algorithms usually run
basic mathematical calculations of a sequence of bits. The
security level depends on the key‘s length: the greater the
57
number, or length, of the key, the more difficult it is to
breach [13].
Advanced Encryption Standard is a type of symmetric
encryption that has been standardized by the United States
government agency, the National Institute of Standards and
Technology (NIST). AES has various key lengths: 128 bits,
192 bits, and 256 bits. These key lengths determine the
numbers of rounds in the encryption process: AES 128-bit,
192-bit, and 256-bit have 10, 12, and 14 rounds, respectively
[14]. Similar to other types of encryption, AES algorithm has
two inputs: plaintext (data to be encrypted) and cipher key.
Plaintext is processed with cipher key through a series of
AES encryption algorithms so that it becomes ciphertext.
Cipher key is generated from key generation process. In
LoRaWAN, the AES algorithm is used to encrypt
communication between end devices with its network and its
application server. The encryption is done at the Network
Session Key (NwkSKey) and the Application Session Key
(AppSKey).
III. METHODOLOGY
In this research, we simulate key generation of a 128-bit
AES algorithm by referring to research conducted by [15].
The simulation is conducted using a mathematical
programming language running on computer hardware that
has a 2.3-GHz Intel Core i5 processor, 8 GB of memory, and
the Mac OS Mojave operating system. The simulation
consists of defining the input data, processing the algorithm,
and analyzing the output. The AES key-generation algorithm
has three input values: initial keys, Static Box (S-Box), and
Round Constant (RCon). All three are processed within the
key scheduler algorithm for ten rounds. Figure 1 shows both Figure 2. Potential enhancement of key-generation algorithm in LoRaWAN.
the input and the processes.

IV. POTENTIAL DEVELOPMENT OF KEY GENERATION

Initial CipherKey
S_Box • Rotation Word
• Sub-Bytes CipherKey
• XOR
RCon
Figure 1. AES key-generation box.
The AES algorithm consists of four processes: Sub-bytes,
Shiftrows, MixColumn, and AddRoundKey. During the first
to the ninth rounds, each plaintext goes through the Subbytes,
Shiftrows, MixColumn, and AddRoundKey processes. In the
tenth round, the plaintext goes through only the Subbytes,
Shiftrows, and AddRoundKey processes. A cipher key is a
part of the AES encryption algorithm that is used to scramble
data in the AddRoundKey process. Data that have passed the
previous stage are added using a cipher key until the data are
processed by the algorithm in each round. Cipher keys are
formed through a series of processes and thus can be used as
scrambler keys. From the simulation results, we analyze the
potential parameters used to enhance key generation in
LoRaWAN based on the flowchart in Figure 2.
FOR SECURING LORAWAN
Technically, encryption strength is determined by key
management and algorithms. In this study, we simulate and
analyze key management in terms of key generation. We
find that three categories parameters potentially affect the
development of key generation for LoRaWAN security.
Each is discussed below.
A. Key Generation Time
The simulation begins by examining the processing time
of the input components, continues with the sub-processing
algorithm, and then is followed by the entire AES key
generation process. To date, LoRaWAN has not issued a
standard related to the time used to generate a chipper key.
Therefore, based on our simulation, we conclude that there
are many types of time involved in generating a cipher key.
The first is the time needed to load the initial cipher key.
As Figure 3 shows, based on the simulation results from
ten iterations, the time used to load the initial cipher key so
that it is ready to be executed at the next stage ranges from
0.108—0.624 ms. This time is very small, being less than
one millisecond.

58
 Time for Loading Initial Cipher Key needed to create an RCon is 8.7991 ms. The next simulation
1 is ten rounds processing of algorithm for each row matrix.
As the graph shows in Figure 6, due to their different
0,8
0,624 0,615
processes, each iteration of the first-row key generation takes
0,516 longer, about 0.886081 s. For the second to fourth rows, the
Time (ms)

0,6 0,457
average time needed is 0.0386 ms, or about 4.36e-05 times
0,4 0,304 0,325
smaller than used for the process at the beginning of each
0,179
0,2
0,15
0,108 0,119 iteration, and this process repeated for ten rounds.
0
1 2 3 4 5 6 7 8 9 10 Total Round Processing Time : Rotword, Sub-Bytes and
XOR
Iteration Number of Experiment 1
Figure 3. Simulation result: Time to load 128-bit initial cipher key. 0,9
0,8
0,7
S-Box Generation Time
0,6

Time (s)
1,02
0,5
1 0,4
0,3
0,98
0,2
0,1
Time (s)

0,96
0
0,94 1 5 9 13 17 21 25 29 33 37

0,92 Number of Processing

Figure 6. Simulation result: total round processing time.
0,9

0,88
1 21 41 61 81 101 121 141 161 181 201 221 241 The last simulation is conducted to identify the total time
Process Number used to perform key scheduling processes. This computation
Figure 4. Simulation result: S-Box generation time. includes the time needed to load the initial key, generate the
S-Box and the RCon, and conduct ten rounds of algorithm
The second input parameter used in AES key generation mechanism. We simulate ten iterations and calculate that the
is the S-Box matrix. We analyze the time needed to create an average time used to execute each algorithm is 7.220 s.
S-Box matrix. The S-Box is revoked once during one-time
AES encryption, but it is used in many sub-processes. S-Box The Time of Key Generation AES 128 bit
creation involves 256 characters (a 16 × 16 hexadecimal 10
matrix). The time needed to create an S-Box increases after
8
the first iteration, beginning at 0.923 s and ending with the
highest time: 1.003 s. Figure 4 depicts total S-Box generation
Time (s)

6
time. The time used to create an S-Box is divided into the 4
time to call the function and the looping process.
2

Average time to create RCON 0

12 1 2 3 4 5 6 7 8 9 10

10 Iteration Number of Experiment

8 Figure 7. Simulation result: time to generate AES 128-bit cipher key.
Time (ms)

6
4
In addition, we consider the time needed to execute the
entire algorithm, thus we conduct simulation with result is
2
displayed in Figure 7. LoRaWAN does not communicate in
0
1 2 3 4 5 6 7 8 9 10
real time, which means that it is able to transmit data only
every few minutes [16]. The simulation results show that
Iteration Number of Experiment
several parameters require a slightly longer processing time
Figure 5. Simulation result: average time to construct RCon. than the others. For example, the time used to generate the S-
Box is greater than the time used to generate the initial load
The last input used in AES key generation is the RCon. cipher key and the RCON. However, overall, the execution
The RCon is a zero matrix with a size of 10 × 4 except for in time of the key-generation algorithm is relatively short for
the first column. The RCon‘s first column contains a applications that are not real time.
conversion of the bytes using the data power of 2. Figure 5 The simulations suggest that further research is warranted
shows the simulation results obtained regarding RCon to develop a cipher key that can be used to improve
generation. Computed using ten iterations, the average time LoRaWAN security. Future research should consider the

59
processing time involved in constructing the key, including
the time calculations at determination the number of input
parameters, the round processing, and the complexity of the
key generation algorithm. Based on this experiment, we
conclude that the time needed for key generation can be
reduced while still maintaining a level of key security (short
and safe).
B. Randomness Level and Key Length
Two aspects affect cipher key strength: the level of
randomness and the length of the key. Managing its
randomness level is very important part in generating cipher
key. The more random the key, the more difficult it will be to
predict, making it difficult for opponents to carry out attacks
[17]. This parameter must be considered by researchers who
are designing key-generation algorithms. If the cipher key is
easy to dismantle, the security of the data encryption process
is decreased.
The value of key changes every round
250
Key 1
Key 2
Key 3
200
Key 4
Decimal number
minimum key length for AES for top secret encryption
should be 256 bits. In 2015, the NIST prohibited keys shorter
than 112 bits [19].
LoRaWAN uses 128-bit key lengths, which fulfills the
NIST requirements but not the NSA standards. Therefore, to
improve LoRaWAN security, researchers are advised to
develop keys with lengths of more than 256 bits. This will
accommodate the emergence of quantum computers, which
can be misused to breach cipher keys.
C. Computation Resources and Battery Durability
LoRaWAN is a protocol realized in the form of a small,
embedded system that uses little power and has long battery
life. It has small memory capacity and limited processing
capability [20]. These characteristics limit the size of the data
that can be processed and transmitted. This data limitation
can present a challenge to developing security features. In
IoT security, additional features increase data overhead,
processor tasks, and memory space needed to accommodate
data expansion. Increased data computation and memory
buffer use also increases the time consumed by processing
and transmission. Therefore, security features require a
tradeoff between security level and resource efficiency. The

150
100
50
0
1 2 3 4 5 6 7 8 9 10
Round Number from 0 to 10
Figure 8. Simulation result: randomness values during the key-change
process.
The simulation results of 16 initial key pairs are input
during the process of making the cipher key, and it appears
that the key changes are very dynamic as shown in Figure 8.
All 16 pairs of keys, which are hexadecimal data, are
converted to decimal, with beginning values ranging from
0‒255. Each key pair is processed by the AES key-
generation algorithm, which is repeated for as many as 10
rounds. From this simulation, we conclude that when
developing new key-generation algorithms, researchers need
to focus on the level of randomness in the LoRaWAN
security platform. As the simulation results show, existing
key-generation algorithms in LoRaWAN show this
randomness.
The baseline of LoRaWAN randomization is very
accurate, so those developing key-generation algorithms can
refer to these results. We conclude that to increase key
strength, future development should provide more random
patterns that are hardly recognized. The level of randomness
indicates the difficulty of breaching the algorithm.
In addition, the length of the key is another means of
strengthening security. Usually, longer keys (which are
measured in bits) are needed to provide stronger encryption
[18]. Our simulations use 128-bit key lengths as the initial
encryption-key input. This length has moderate key strength.
The National Security Agency (NSA) recommends that the
Key 5
Key 6
results of this study suggest that developing lightweight
Key 7
Key 8
encryption, which has low computational overhead, is one
Key 9 solution to this problem.
Key 10
Key 11 Batteries are an important element that needs to be
Key 12
Key 13 considered in IoT development, especially as they regard
Key 14
Key 15
security. Research [21] shows that batteries can last a long
11
Key 16
time, depending on the speed of movement, where changes
in computational speed involved in it. Likewise, key-
generation computing will also decrease the battery life. The
more complicated the proposed key-generation algorithm,
the more processing it consumes. In future development of
key-generation algorithms, it is important to consider power
consumption in conjunction with key strength.
V. CONCLUSIONS AND FUTURE RESEARCH
This paper simulates and analyzes existing key-
generation using an AES 128-bit encryption algorithm
proposed for potential use as a platform for LoRaWAN
security. Several parameters must be considered when
developing the cipher key in encryption for LoRaWAN
security, especially key-generation time. In addition, other
important factors in the development of sub-encryption are
the level of randomness and key length, as they determine
security strength. Furthermore, researchers developing key
generation for IoT devices must consider computational
resources as they relate to battery needs. Future researchers
are advised to conduct simulations that compare several
lightweight key-generation algorithms that support security
on LoRaWAN.
ACKNOWLEDGMENT
This research publication is funded by PIT9 Universitas
Indonesia, in which Dr. Suryanegara is the corresponding
author. Ms Hayati is in PhD study supported by Beasiswa
Unggulan Dosen Indonesia Dalam Negeri (BUDI-DN),
Lembaga Pengelola Dana Pendidikan (LPDP), and a

60
cooperation of the Ministry of Research and Higher
Education and the Ministry of Finance of the Republic of
Indonesia.
REFERENCES
[1] S. A. A‘ssri, F. H. K. Zaman, and S. Mubdi, ―The efficient parking
bay allocation and management system using LoRaWAN,‖ in 2017
IEEE 8th Control and System Graduate Research Colloquium
(ICSGRC), SHAH ALAM, Malaysia, 2017, pp. 127–131.
[2] I. Andonovic, C. Michie, P. Cousin, A. Janati, C. Pham, and M. Diop,
―Precision Livestock Farming Technologies,‖ p. 6.
[3] Bababe, Adam & Jha, Ashish & Kumar, Rajiv. (2017). Lora Based
Intelligent Home Automation System. Intenational Journal of
Engineering and Advanced Technology(IJEAT). 6. 88-92..
[4] N. Hayati and M. Suryanegara, ―The IoT LoRa system design for
tracking and monitoring patient with mental disorder,‖ in 2017 IEEE
International Conference on Communication, Networks and Satellite
(Comnetsat), Semarang, Indonesia, 2017, pp. 135–139.
[5] Internet of Things forecast [Online].
―https://www.ericsson.com/en/mobility-report/internet-of-things-
forecast.‖ .
[6] X. Yang, E. Karampatzakis, C. Doerr, and F. Kuipers, ―Security
Vulnerabilities in LoRaWAN,‖ in 2018 IEEE/ACM Third
International Conference on Internet-of-Things Design and
Implementation (IoTDI), Orlando, FL, 2018, pp. 129–140.
[7] B. Oniga, V. Dadarlat, E. De Poorter, and A. Munteanu, ―A secure
LoRaWAN sensor network architecture,‖ in 2017 IEEE SENSORS,
Glasgow, 2017, pp. 1–3.
[8] R. Sanchez-Iborra et al., ―Internet Access for LoRaWAN Devices
Considering Security Issues,‖ in 2018 Global Internet of Things
Summit (GIoTS), Bilbao, 2018, pp. 1–6.
[9] M. Dabbagh and A. Rayes, ―Internet of Things Security and Privacy,‖
in Internet of Things From Hype to Reality, Cham: Springer
International Publishing, 2017, pp. 195–223.
[10] E. Aras, G. S. Ramachandran, P. Lawrence, and D. Hughes,
―Exploring the Security Vulnerabilities of LoRa,‖ in 2017 3rd IEEE
61
International Conference on Cybernetics (CYBCONF), Exeter,
United Kingdom, 2017, pp. 1–6.
[11] H. Ning and H. Liu, ―Cyber-Physical-Social Based Security
Architecture for Future Internet of Things,‖ Adv. Internet Things, vol.
02, no. 01, pp. 1–7, 2012.
[12] K.-L. Tsai, Y.-L. Huang, F.-Y. Leu, I. You, Y.-L. Huang, and C.-H.
Tsai, ―AES-128 Based Secure Low Power Communication for
LoRaWAN IoT Environments,‖ IEEE Access, vol. 6, pp. 45325–
45334, 2018.
[13] M. A. Habib, M. Ahmad, S. Jabbar, S. H. Ahmed, and J. J. P. C.
Rodrigues, ―Speeding Up the Internet of Things: LEAIoT: A
Lightweight Encryption Algorithm Toward Low-Latency
Communication for the Internet of Things,‖ IEEE Consum. Electron.
Mag., vol. 7, no. 6, pp. 31–37, Nov. 2018.
[14] Rijndael Algorithm (Advanced Encryption Standard) AES [Online].
―https://www.lri.fr/~fmartignon/documenti/systemesecurite/5-
AES.pdf.‖ .
[15] M. McLoone and J. . McCanny, ―High Performance Single-Chip
FPGA Rijndael Algorithm Implementations,‖ in Cryptographic
Hardware and Embedded Systems — CHES 2001, vol. 2162, Ç. K.
Koç, D. Naccache, and C. Paar, Eds. Berlin, Heidelberg: Springer
Berlin Heidelberg, 2001, pp. 65–76.
[16] Limitations of LoRaWAN [Online].
―https://www.thethingsnetwork.org/docs/lorawan/limitations.html.‖ .
[17] ―J. I. Schiller and S. Crocker, ‗Randomness requirements for
security,‘ 2005.‖ .
[18] Sun Directory Server Enterprise Edition 7.0 Reference [Online].
―https://docs.oracle.com/cd/E19424-01/820-4811/aakfw/index.html.‖
[19] Y. Suryanto, Suryadi, and K. Ramli, ―A new image encryption using
color scrambling based on chaotic permutation multiple circular
shrinking and expanding,‖ Multimed. Tools Appl., vol. 76, no. 15, pp.
16831–16854, Aug. 2017.
[20] ―Technical Overview of LoRa and LoRaWAN,‖ p. 20, 2015.
[21] A. T. Nugraha, R. Wibowo, M. Suryanegara, and N. Hayati, ―An IoT-
LoRa System for Tracking a Patient with a Mental Disorder:
Correlation between Battery Capacity and Speed of Movement,‖ in
2018 7th International Conference on Computer and Communication
Engineering (ICCCE), Kuala Lumpur, 2018, pp. 198–201.