LoRaWAN

Nur Hayati
The Specification of IoT communications
• Low cost à device + spectrum
• Low power à power for computation + transmission *LPWAN white paper
• Long battery duration à small amount of data
• High number of connections à connect to “everything”
• Low bitrate,
• Short &/ Long range,
• Low processing capacity,
• Low storage capacity,
• Small size devices,
• Simple network architecture and protocols.

ITU Conference “IoT Standards: IoT Technology and Architecture & 3GPP Standards”
 IoT Reference
Model

A Comprehensive Study of Security of Internet-of-Things”

 IoT Medium : Short vs Long Range
• Long Range • Short Range
• Non 3GPP Standards (LPWAN) • RFID
• LoRaWAN • Bluetooth
• Sigfox • Zigbee
• Weightless • WiFi
• Ingenu RPMA
• Zwave
• EnOcean
• 3GPP Standards
• LTE-M
• NB-IOT
• EC-GSM
• 5G and IoT
 LPWAN
Frequency
• Non 3GPP
• Unlicensed spectrum.
• Providers develop their
own low cost base
stations

• 3GPP
• Licensed Frequencies
(Cellular)
LPWAN Frequency
• Unlicensed side.
• This will be the Industrial, Scientific Medical (ISM) spectrum, 900 MHZ,
2.4 GHz, and 5 GHz.
• The key players are focusing on lower frequencies to get distance at
the expense of throughput, which they don’t need for their market
segments.

• Licensed Frequencies (Cellular)

• 3GPP is the consortium of companies that builds and defines the
standards for mobile transmission.
• In two of their latest releases (12 and 13) 3GPP introduced three new
standards: LTE-M, NB-IoT, and EC-GSM-IoT.

https://www.linkedin.com/pulse/5g-iot-lpwan-what-relationship-mark-rewers
LoRaWAN
• LoRaWAN™ is a Low Power Wide Area
Network (LPWAN) protocol that supports
low-cost, mobile, and secure bi-directional
communication for Internet of Things (IoT),
machine-to-machine (M2M), smart city,
and industrial applications. [1]

• LoRaWAN is a media access control

(MAC) protocol for wide area networks. [2]

• LoRaWAN is a protocol developed by the

LoRa Alliance TM for use by Mobile
Network Operators who want to use
unlicensed spectrum to communicate with
IoT devices in their network. [3]

[1] https://lora-alliance.org/
[2] https://www.thethingsnetwork.org/docs/lorawan/
[3] https://www.link-labs.com/
 LoRa vs LoRaWAN
• LoRa
• is a method for transmitting radio
signals that uses a chirped, multi-
symbol format to encode information.
• It’s a proprietary system made by
chip manufacturer Semtech;
• Essentially, these chips are standard
ISM band radio chips that can use
LoRa (or other modulation types like
FSK) to convert radio frequency to
bits, without any need to write code
to implement the radio system.
• LoRa is a lower-level physical layer
technology that can be used in all
sorts of applications outside of wide
area.
• LoRaWAN
• is a point-to-multipoint networking
protocol that uses Semtech’s LoRa
modulation scheme.
• It’s not just about the radio waves;
it’s about how the radio waves
communicate with LoRaWAN
gateways to do things like
encryption and identification.
• It also includes a cloud component,
which multiple gateways connect to.
• LoRaWAN is rarely used for
industrial (private network)
applications due to its limitations.
https://www.link-labs.com/blog/what-is-lorawan
 LoRa – Physical Layer Technology
• Sub GHz ISM (Unlicensed ISM Band)
• 868 MHz Europa
• 915 MHz Nort America
• 433 MHz Asia
• Khusus frekuensi tak berizin, uji coba dalam waktu dekat untuk penggunaan spektrum frekuensi 919 MHz
hingga 925 MHz. Jika ternyata terdapat gangguan, maka pihaknya harus mengubah menjadi 919 MHz
hingga 924 MHz atau 919 MHz hingga 923 MHz. - https://www.indotelko.com/kanal?c=id&it=kominfo-
ijinkan-iot
• Kominfo ijinkan trial IoT di frekuensi tak berlisensi
• 08:54:06 | 29 Aug 2018

• Modulation CSS (Chirp Spread Spectrum)*

• Support for long connectivity
• Military used secure Communication
• Low power consumption
• Robustness against channel degradation challenges : interference & multipath fading
• Offer range of data rates for different frequencies à define 6 chirp rates called Spreading Factor
A comparative Study of LPWAN
*Exploring The Security Vulnerabilities of LoRa
 LoRa – Physical Layer Technology
• Used 6 Spreading Factor (SF7 to SF12) à ”tradeoff” between data rate and range
• Higher SF allow longer range but lower data rate à increase energy consumption of end devices
• Lower SF allow shorter range but higher data rate
• Data rate between 300 bps and 50 Kbps à depend on SF and Channel BW
• Maximum payload length for each message : 243 bytes

Data rate* Spreading Factor* BW (KHz)* Radio bit rate (Bytes/Sec)* Range / Energy Consumption*
0 SF 12 125 31 Longest / Highest
1 SF 11 125 55 Longer / Higher
2 SF 10 125 122 Long / High
3 SF 9 125 220 Short / Small
4 SF 8 125 390 Shorter / Smaller
5 SF 7 125 683 Shortest / Smallest

A comparative Study of LPWAN | *Exploring The Security Vulnerabilities of LoRa

 LoRaWAN – Link Layer Protocol*
• Long Range Communciation / distance à up to 15 to 20 km
• Low Cost à unlicensed bandwidth + low cost base station*
• Low Power à extend battery lifetime
• Specific BW à 250 KHz dan 125KHz
• Has 3 differerent Class : A, B, C [3]
• Bidirectional Communication & Half-Duplex [2][3]
• Deployment mode [2]
• Local network deployment
• Hybrid deployment (Industrial Field)à Combination local and public LoRa Network
• Has flexibility Ecosystem
• Implement Security à AES Encryption
• Highly secure
• Low Power AES- 128 based secure Low Power Communication for LoRAWAN IoT Environtment
[2] A Comparative study of LPWAN [3] Location-Enabled LoRa™ IoT Network: “Geo-LoRa-ting” your assets
*LPWA Tech Security A white Paper
LoRaWAN device classes

Location-Enabled LoRa™ IoT Network: “Geo-LoRa-ting” your assets

LoRa™:
Bidirectional
communications
 LoRaWAN Architecture LoRaWAN Component
• End devices
• Sensor
• Monitor
• Controller
• Machine
• Gateway / concentrator
• Network Server
• Application Server

Additional info*
• All end devices have 64bit unique identifier
called Device Identifier (DevEUI) à set by
vendor
• And AppEUi à application unique Identity
• Communication use 32 bit device address

AES- 128 based secure Low Power Communication for LoRAWAN IoT Environtment
https://www.thethingsnetwork.org/docs/lorawan/ *Exploring the security vulnerabilities of LoRa
Industrial Network Design Using Low-Power Wide-Area Network
Keysight Technologies Low Power Wide Area Network (LPWAN) Technologies – Benefits and Test Challenges
LoRaWAN Security Design
• low power consumption,
• low implementation complexity,
• low cost and
• high scalability.

LoRaWAN Security - A WHITE PAPER

LoRaWAN Security Protection
v Mutual authentication – Bi directional authentication
v Used for Join Procedure
v Integrity protection – Integrity checking
v Network integrity check à compute MIC
v Confidentiality – Encryption
v Network and Application

LoRaWAN Security - A WHITE PAPER

 Mutual authentication
• Mutual authentication is established between a LoRaWAN end-device
and the LoRaWAN network as part of the network join procedure.
• This ensures that only genuine and authorized devices will be joined to
genuine and authentic networks.
• The Over-the-Air Activation (a.k.a. Join Procedure) proves that both the
end device and the network have the knowledge of the AppKey.
• Two session keys are then derived (from AppKey),
• one for providing integrity protection and encryption of the LoRaWAN MAC
commands and application payload (the NwkSKey),
• one for end-to-end encryption of application payload (the AppSKey).

**A future release of the LoRaWAN specification (1.1) defines two independent master
keys: one for the network (NwkKey) and one for the applications (AppKey).
LoRaWAN Security - A WHITE PAPER
Joint Procedure LoRaWAN : OTAA & ABP
• OTAA (Over The Air Activation)
• Most secure way to authentication à because network
session key is generated each time the device join the
network
• OTAA Procedure is initiated by end device through sending
“Join request message” (contain with AppEUI, AppKey -
Preshared with network server, DevEUI, Dev Nonce) to
Network Server è Network Server derivate : AppSKey,
NwkSKey
• OTAA prevent replay attack karena ada nonce (number once à
random value which is tracked by the network server (semacam token satu kali pakai)
à used for reject any join request with an invalid nonce value)

Exploring the security vulnerabilities of LoRa

Joint Procedure LoRaWAN : OTAA & ABP
• ABP (Activation by Personalization)
• Procedure which is directly connect end devices to the
specific network without initiating joint request and accept
procedure
• NwkSKey, AppSKey, DevAddr directly defined and stored in
the end devices
• Doesn’t need generation of any keys & can directly encrypt +
decrypt message use those key
• Kelemahan à jika kuncinya “compromised” maka semua
komunikasi antara end dev, GW dan Net server dapat di
dekripsi oleh third party selama perangkat masih hidup

Exploring the security vulnerabilities of LoRa

LoRaWAN : Data Integrity and Confidentiality Protection

• All LoRaWAN traffic is protected using the two session keys.

• A unique 128-bit Network Session Key shared between the end-device and
network server à NwkSKey
• A unique 128-bit Application Session Key (AppSKey) shared end-to-end at the
application level à AppSKey

• AES algorithms are used to provide

• authentication and integrity of packets to the network server and
• end-to-end encryption to the application server.

https://lora-alliance.org/about-lorawan
 LoRaWAN : Data Integrity and Confidentiality Protection

• The NwkSKey is distributed to the LoRaWAN network in order

to prove/verify the packets authenticity and integrity.
• The AppSKey is distributed to the application server in order to
encrypt/decrypt the application payload. AppKey and AppSKey
can be hidden from the network operator so that it is not able to
decrypt the application payloads.

LoRaWAN Security - A WHITE PAPER

LoRaWAN Security - A WHITE PAPER
 IoT Security
• Security merupakan kebutuhan utama dalam komunikasi di internet
• Security pada IoT merupakan “TradeOff” antara “tingkat keamanan”
dengan overhead komunikasi [1]
• Sehingga dalam pengembangan salah satu metode pengamanan
data --> menjaga kerahasiaan informasi à melalui enkripsi harus
dibuat “lightweight”
• Keuntungan dari penerapan enkrispi “lightweight”
• Efisiensi komunikasi end to end
• Sumberdaya komptasi yang lebih sedikit
• Sumberdaya memori yang lebih sedikit
• Delay enkripsi dan dekripsi yang rendah

[1] Speeding Up the internet of things

Perbedaan Enkripsi “legacy” dengan “lightweight”

• Legacy • Lightweight
• Pada umumnya memiliki • Energi yang dibutuhkan
algoritma yang lebih lebih sedikit
kompleks • Kapabilitas pemrosesan
• Membutuhkan energi yang dan penggunaan memori
besar lebih ringan

AES-128 Based Secure Low Power Communication for LoRaWAN IoT Environments
 Symmetric vs Asymmetric Encryption
• Keuntungan Simetrik Enkripsi
• Algoritma kunci lebih cepat
• Level keamanan bergantung pada
Panjang kunci
• Semakin besar jumlah (ukuran) kunci
yang tersediua maka akan semakin
sulit dipecahkan à karena algoritma
simetrik pada umumnya menjalankan
komputasi matematika dasar terhadap
satu urutan bit pada proses enkripsi
dan dekripsi
• Hanya membutuhkan daya sedikit
untuk proses komputasi
• Kekurangan Simetrik enkripsi
• Tidak ada satu mekanisme yang
aman dalam “handover” (serah
terima) secret key
• Protocol Simetrik enkripsi
menyediakan “confidentiality”
tetapi tidak menyediakan
“authentication” karena kunci
simetrik sifatnya “shared”
Speeding Up the internet of things
https://ico.org.uk/for-organisations/guide-to-data-protection/encryption/types-of-encryption/
 Symmetric vs Asymmetric Encryption
• Keuntungan Enkripsi Asimetrik
• Skema distribusi kuncinya
lebih baik
• Memiliki ”scalability” yang
lebih luas
• Protokol Asimetrik
menyediakan “Confidentiality”
dan “Authentication”
• Kekurangan Enkripsi Asimetrik
• Kinerja system kunci pada
simetrik lebih lambat
• Asimetrik enkripsi melibatkan
operasi matematis serta
komputasi yang intensif
Speeding Up the internet of things
A Study of Encryption Algorithms (RSA, DES, 3DES and AES) for Information Security
Terima Kasih