Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach

Ramon Sanchez-Iborra, Jesús Sánchez-Gómez, Salvador Pérez, Pedro Fernández, José Santa, José Hernández-Ramos, Antonio Skarmeta
2018 Sensors  
Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider
more » ... rity, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa) and its layer-two supporter LoRa Wide Area Network (LoRaWAN), which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie-Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN. being adopted as an extensively-used radio access technology in the near future. These characteristics are related to the long range of more than 10 km attained in rural areas and the very low power consumption that allows end-device battery lifetimes of more than five years [1]. In particular, in this work, we focus on one of the most relevant LP-WAN solutions, called Long Range Wide Area Network (LoRaWAN). This radio technology provides high grades of adaptability to user needs by tuning its Physical (PHY) layer parameters. By this characterization, LoRaWAN can be employed in many scenarios and under several propagation conditions [2] . In addition, LoRaWAN makes use of license-free frequency bands, so its adoption might be widely generalized soon. This will become a real issue related to the spectrum saturation if hundreds or thousands of nodes need to share wireless media at the same time. This situation is aggravated considering the low data-rate of the transmissions (from 250 bps-50 Kbps in LoRaWAN), which lead to a very high Time-on-Air (ToA) of the transmitted packets. Thus, the longer the packet length, the greater the transmission duration, so the probability of collisions or interference-related issues clearly grows. As the use of robust security mechanisms usually implies the addition of extra headers and long payloads, LP-WAN platforms tend to reduce the overhead introduced when securing the communication. Besides, end-nodes are usually highly constrained in terms of computation capabilities and power consumption, so they are not able to perform complex operations that are usually required by strong security schemes.
doi:10.3390/s18061833 pmid:29874839 pmcid:PMC6021899 fatcat:4qlqqszelvbyrbzh7mld4ekqs4