Security
LoRaWAN security is designed to fit the general LoRaWAN design criteria: low power consumption, low implementation complexity, low cost and high scalability. As devices are deployed in the field for long periods of time (years), security must be future-proof. The LoRaWAN security design adheres to state-of-the-art principles: use of standard, well-vetted algorithms, and end-to-end security.
LoRaWAN specification defines two layers of cryptography:
- Using a unique 128-bit network session key shared between the end-device and network server.
- Using a unique 128-bit application session key (AppSKey) shared end-to-end at the application level.
The LoRaWAN uses two levels of security, one for the network layer and one for the application layer. The network layer security ensures the authenticity of the device on the network. The application layer security ensures that the network operator has no access to the end user’s application data.
Data over LoRaWAN is encrypted twice:
1- Sensor data is encrypted by the node and then encrypted again by the LoRaWAN protocol; only then is it sent to the LoRa Gateway.
2- The Gateway sends data over normal IP network to the network server.
3- The Network server has the Network Session Keys & decrypts the LoRaWAN data. It then passes the data to the Application server which decrypts the sensor data, using the Application Session Key.
