In the world of the Internet and the Internet of Things, security has always been one of the most concerned issues. LoRaWAN, a relatively mature LPWAN field, has special considerations and settings in terms of security. The following are some questions and answers about security.
1. How is the LoRaWAN security mechanism explained?
All security mechanisms are specified in the LoRa protocol. Currently, LoRaWAN Standard Protocols 1.0 and 1.0.2 have been released through official channels and can be downloaded. 1.1 is still under revision.
2. How does LoRa's security mechanism ensure the secure operation of the LoRaWAN network?
LoRaWAN supports source authentication, integrity, and MAC architecture retransmission protection. LoRaWAN also supports end-to-end encryption of application payloads between end devices and application servers. LoRaWAN supports the operation of MAC instruction encryption. All of these processes rely on the Advanced Encryption Standard (AES) and the 128-bit key algorithm.
3. What is the difference in security between the two access methods ABP (AcTIvaTIon-by-PersonalizaTIon) and OTAA (Over-the-Air-AcTIvation)?
LoRaWAN uses a static root key and a dynamically generated session key.
The root key exists only on the OTAA terminal device. When OTAA terminal devices perform the connection process in the network, they are used to generate session keys. Once the OTAA terminal device is installed, it will be able to connect to any network that interfaces with the key server (referred to as the connection server JoinServer in the 1.1 version of the protocol), and the final device is associated with it. The terminal device utilizes the session key to protect the air traffic.
The ABP terminal device is not equipped with a root key. Instead, they provide a set of session keys for the pre-selected network. Moreover, the session key remains unchanged throughout the life of the ABP terminal device.
Therefore, the constantly updated session key makes the OTAA device more suitable for applications that require a higher level of security.
4. What kind of identification code is used in LoRaWAN?
Each terminal device is identified by a 64-bit globally uniquely identified EUI identifier, which is assigned by the device manufacturer. The assignor of the EUI identifier needs to obtain the authority from the IEEE-related registration authority.
The Join Server responsible for managing terminal authentication is also identified by a globally uniquely identified 64-bit EUI identifier, which is assigned by the owner of the server.
A private LoRaWAN network roaming in an open network is identified by a 24-bit globally unique identifier assigned by the LoRa Alliance. When a terminal device successfully enters the network, it obtains a 32-bit temporary device address from the network server.
5. Can I assign an identifier to my device or network at random?
The assignment of the logo should follow the provisions of the fourth point, and if it is randomly distributed, it will cause unnecessary confusion.
6. Are all terminal devices assigned the same default key at the factory?
of course not. There is no such thing as a default key or a default password in LoRaWAN. All terminal devices are assigned a default unique identifier when they are shipped from the factory. So the key extracted from one device does not affect other devices.
7. What type of key is used?
An OTAA terminal device is equipped with a root key called AppKey. From a network perspective, the APPKey is provided by the Join Server, and the Join Server and the web server can be separated or separated. An ABP terminal is equipped with two session keys (application session key APPSKey and network session key NwkSKey), where NwkSkey is provided by the web server and AppSkey is provided by the application server.
8. What encryption algorithm is used?
The AES-CMAC algorithm defined in RFC4493 is used for raw identity authentication and integrity protection. AES-CCM* defined by IEEE 802.15.4-2011 is used for encryption.
9. How does LoRaWAN prevent eavesdropping?
The MAC payload is encrypted as it travels between the terminal and the network. In addition, the application payload between the terminal device and the application server is also encrypted. This ensures that only entities that hold the key and are authorized can access plain text content.
10. How does LoRaWAN prevent fraud?
The original payload authentication and integrity protection of the MAC payload can be achieved by a message integrity code (MIC) between the terminal device and the network. This ensures that only authorized entities (terminals, web servers) with full keys can generate valid frames.
11. How does LoRaWAN avoid retransmission?
The integrity protection of the MAC payload utilizes a frame counter to ensure that the recipient does not receive an already received frame again.
12. How to ensure the security of the backend interface?
The backend interface includes control and data signals between the web server, the Join Server, and the application server. HTTPS and VPN technologies are applied in the security confirmation of communication between these parts, and are used in much the same way as in other communication systems. The backend interface is not within the LoRaWAN protocol.
13. Does LoRaWAN support hardware security?
The hardware security of the terminal device and server platform is not directly related to the communication protocol including LoRaWAN.
14. What should I do if I face a security threat?
In general, a security threat comes from the protocol itself (such as the lack of retransmission protection), the implementation process (such as the extraction of device keys), the deployment process (such as the lack of a firewall), or a combination of the three. So when faced with a security threat, you must first find its source. The implementation process involves the manufacturer and the deployment process involves the operator.
Light Stand,Portable Backdrop Stands,Backdrop Stand Kit,Tripod Light Stand
Shaoxing Shangyu Kenuo Photographic Equipment Factory , https://www.kernelphoto.com