Cybersecurity basics: Server and end device relationship to LoRaWAN

Providing end-to-end security is the ultimate security goal of every wireless network. Each reported successful cyber attack serves as a reminder that achieving security is easier said than done. Let’s first examine the process.

Most of us know about using strong passwords and encryption. The most vulnerable security component is key management during device activation and authentication. As with physical properties, if you hold the key to the front door, you can get in. The same concept applies to IoT applications. It’s vital to manage the keys to ensure no intruders have access to your key copying or rekeying it. A smart city may have 20,000 smart street lights (end devices) that need to be connected to the server (controller) for the first time. And connecting 20,000 end devices through a process called device activation and authentication is no trivial task.

Simply put, authentication is a process to ensure “You are who you say you are.” A device can easily present an ID that looks real to the server. But is it? If a fake ID is accepted, the whole network is compromised and hackers can steal data information without the knowledge of the end device owners.

cybersecurity — Figure 1: The LoRaWAN block diagram shows how end devices (left) connect to the network servers (right) via gateway hosts (middle). (Image courtesy of LoRa Alliance)

How LoRaWAN network provides end-to-end security

A long-range wide area network, commonly known as LoRaWAN, is an open, standards-based and fast-growing network platform. In just a few years, it has grown from a few network providers to 100 worldwide. Like most long-range networks such as Sigfox and NB-IoT, LoRaWAN connects devices and gateways to servers. It is capable of bi-directional communication with end-to-end security, while some applications or networks only offer unidirectional communication. Typically, these low-power networks (LPWA) including Sigfox, NB-IoT, LoRaWAN, and others support devices with 5-10 years of battery life, making LPWA solutions very attractive to developers. The broad-based applications include smart homes, smart grids, infrastructure, smart farming, industrial IoT, smart cities and smart manufacturing (also known as Industry 4.0).

As shown in Figure 1, the blocks on the left represent end devices, which can be sensors or edge devices. In the middle are blocks representing a gateway and on the right, the blocks represent customer owned application servers or network servers owned by network providers. These servers may be located remotely. Other terms used by LoRaWAN include an application server, network server, and joint server.

An application server hosts the application software, which controls or communicates with the end devices.
A network server is owned and used by a network provider to forward data traffic between the application server and the end devices.
A joint server is an independent server owned by a third party other than the network provider. (Sometimes, the join server can be an independent server owned by the same network service provider.) This is used to keep the root key. Some users prefer this method to increase network security. With the key kept by the joint server, even though the network provider’s platform is hacked, the user’s information is secure because the hacker does not have access to the key kept outside the network provider’s domain.

In part 2 of the series, we will go over how authentication works to achieve end-to-end network security between the end devices and the application servers.