Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach

Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or 6LoWPAN already include security features to guarantee authentication, confidentiality, and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider security but they present initial approaches that can be further improved. An example of this can be found in LoRa and its layer-two supporter LoRaWAN, which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie-Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility for the update of session keys, its low computational impact, and the limited message exchanges needed. A comparative analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

SANCHEZ-IBORRA Ramon;  SANCHEZ-GOMEZ Jesus;  PEREZ Salvador;  FERNANDEZ Pedro J.;  SANTA Jose;  HERNANDEZ RAMOS Jose Luis;  SKARMETA Antonio; 

2018-06-07

MDPI AG

JRC111557

1424-8220,   

http://www.mdpi.com/1424-8220/18/6/1833,    https://publications.jrc.ec.europa.eu/repository/handle/JRC111557,   

10.3390/s18061833,