What is LoRa and LoRaWAN
LoRaWAN® specification is a Low Power, Wide Area (LPWA) networking protocol designed to wirelessly connect battery operated ‘things’ to the internet in regional, national or global networks, and targets key Internet of Things (IoT) requirements such as bi-directional communication, end-to-end security, mobility and localization services. LoRaWAN® network architecture is deployed in a star-of-stars topology in which gateways relay messages between end-devices and a central network server. The gateways are connected to the network server via standard IP connections and act as a transparent bridge, simply converting RF packets to IP packets and vice versa. The wireless communication takes advantage of the Long Range characteristics of the LoRaÒ physical layer, allowing a single-hop link between the end-device and one or many gateways. All modes are capable of bi-directional communication, and there is support for multicast addressing groups to make efficient use of spectrum during tasks such as Firmware Over-The-Air (FOTA) upgrades or other mass distribution messages. The specification defines the device-to-infrastructure (LoRa®) physical layer parameters & (LoRaWAN®) protocol and so provides seamless interoperability between manufacturers, as demonstrated via the device certification program.
While the specification defines the technical implementation, it does not define any commercial model or type of deployment (public, shared, private, enterprise) and so offers the industry the freedom to innovate and differentiate how it is used.
The LoRaWAN® specification is developed and maintained by the LoRa Alliance®: an open association of collaborating members.
Source of this text: https://lora-alliance.org/about-lorawan
The network architecture of LoRa, the physical layer and LoRaWAN, the software layer, are depicted in the following graphic.
The LoRa Alliance® is the fastest growing technology alliance. A non-profit association of more than 500 member companies, committed to enabling large scale deployment of Low Power Wide Area Networks (LPWAN) IoT through the development and promotion of the LoRaWAN® open standard. Members benefit from a vibrant ecosystem of active contributors offering solutions, products & services, which create new and sustainable business opportunities.
Through standardisation and the accredited certification scheme the LoRa Alliance® delivers the interoperability needed for LPWA networks to scale, making LoRaWAN® the premier solution for global LPWAN deployments.
With an extensive global footprint of public networks and real world deployments.
At the 23th of August 2020, LoRaWAN is available in 161 countries and featured by a total of 143 network providers, as can be seen from the graphic below.
Source of this text: https://lora-alliance.org/about-lorawan
The following paragraph has been adapted from lora-alliance.org, please see https://lora-alliance.org/resource-hub/lorawanr-secure-implementation-matters for more information.
Securing an Internet of Things (IoT) deployment and keeping it safe and secure is not only a matter of choosing the right protocol, it relies on the implementation process as well as embracing best practices and industry standards.
LoRaWAN is by design very secure—authentication and encryption are, in fact, mandatory—but networks and devices can be compromised if security keys are not kept safe, not randomized across devices or if cryptographic numbers used once (nonces) are reused, as is shown by numerous blog posts. That’s why it is critical to look for LoRaWAN CertifiedCM devices to ensure the device has been tested against the standard and works as expected.
The LoRa Alliance has always kept security front and center in its development of the LoRaWAN specification and has been highly transparent about the protocol’s security features (see figure below, source: www.lora-alliance.org).
LoRaWAN Frequently Asked Questions (FAQ) about security
The following FAQ was adapted from lora-alliance.org, please see https://lora-alliance.org/sites/default/files/2020-02/la_faq_security_0220_v1.2_0.pdf
- Where are the LoRaWAN® security mechanisms specified?
All security mechanisms are defined in the LoRa Alliance® specifications, which can be downloaded by the public from https://lora-alliance.org/resource-hub. This FAQ is based on the LoRaWAN L2 1.0.3 specification.
- How do the LoRa Alliance specifications ensure secure operation of LoRaWAN networks?
LoRaWAN supports mutual end-point authentication, data origin authentication, integrity and replay protection. It also enables end-to-end encryption of the application payload between the end-device and its counter-part on the network side, the Application Server. LoRaWAN supports a mode of operation that allows encryption of the MAC commands.All of these procedures rely on the Advanced Encryption Standard (AES) and use 128-bit cryptographic keys and algorithms
- Are there any differences between the Activationby-Personalization (ABP) and Over-the-Air-Activation (OTAA) methods in terms of security?
LoRaWAN uses static root keys and dynamically-generated session keys.Root keys are only provisioned in OTAA end-devices. They are used to derive session keys when the OTAA end-device executes a Join Procedure with the network. An OTAA end-device, when installed in the field, will be able to connect to any network that has an interface to the key server, the Join Server, to which the end-device is associated. Session keys are used by the end-devices to protect the over-the-air traffic.ABP end-devices are not provisioned with the root keys. Instead, they are provisioned with a set of session keys for a pre-selected network. The session keys remain the same throughout the lifetime of an ABP end-device.OTAA should be preferred over ABP for end-devices in need of higher levels of security.
- What kind of identifiers are used in LoRaWAN?
Each end-device is identified by a 64-bit globally unique identifier, DevEUI, that is assigned either by the manufacturer or the owner of the end-device. Allocation of DevEUI identifiers require the assignor to have an Organizationally Unique Identifier (OUI) from the IEEE Registration Authority.Each Join Server, which is used for authenticating the end-devices, is also identified by a 64-bit globally unique identifier, AppEUI/JoinEUI, that is assigned by either the owner or the operator of that server.Open LoRaWAN networks and private LoRaWAN networks that are collaborating (roaming) with the open networks are identified by a 24-bit globally unique identifier, NetID, assigned by the LoRa Alliance.When an end-device successfully joins a network, it gets a 32-bit ephemeral device address, DevAddr, assigned by the serving network.
- Can I randomly assign any identifier to my device or my network?
No. Please see question #4 about the assignment authority for each identifier. Not following these guidelines would cause identifier collision and unpredictable behavior in your network deployment (similar to what happens when using the same Ethernet MAC address on multiple devices attached to the same LAN).
- Are all end-devices equipped with the same “default” cryptographic key when leaving the manufacturer?
No. There is no concept of a “default key” or a “default password” in LoRaWAN. All end-devices are required to be equipped with unique keys when they leave the manufacturer. As a consequence, any compromise of a key from one end-device will not have an impact on other end-devices.
- What kind of cryptographic keys are used?
An OTAA end-device is provisioned with a root key called the Application Root Key (AppKey). On the network side, AppKey is provisioned on the Join Server, which may or may not be co-located with the Network Server. An ABP end-device is provisioned with two session keys (called the Application Session Key, AppSKey and the Network Session Key, NwkSKey). On the network side, the NwkSkey is provisioned on the Network Server and the AppSKey is provisioned on the Application Server.The procedures used for provisioning the aforementioned keys on the required elements (end-device, Join Server, Network Server, Application Server) are outside the scope of the LoRaWAN specification.
- What kind of cryptographic algorithms are used?
The AES-CMAC mode of operation as defined in RFC4493 is used for origin authentication and integrity protection. AES-CCM* mode of operation as defined in IEEE 802.15.4-2011 is used for encryption.
- How does LoRaWAN prevent eavesdropping?
The MAC payload is encrypted between the end-device and the network as it is transmitted over the air. Additionally, the application payload is encrypted between the end-device and the Application Server (i.e., end-to-end). This ensures only the authorized entities that hold the decryption keys can access the plain-text content.
- How does LoRaWAN prevent spoofing?
The MAC payload is origin authenticated and integrity protected with the help of a Message Integrity Code (MIC) field between the end-device and the network. This ensures only the authorized entities that hold the integrity keys (i.e., the end-device and the Network Server) can generate valid frames.
- How does LoRaWAN prevent replay attacks?
Integrity protection of the MAC payload utilizes frame counters to ensure the receiver does not accept an already received (i.e., potentially replayed) frame.
- Does LoRaWAN support security for application payloads?
LoRaWAN enables end-to-end encryption of the application payload between the end-device and the Application Server. Integrity protection is provided in a hop-by-hop nature: one hop over the air through the integrity protection provided by LoRaWAN L2 and the other hop between the Network Server and the Application Server by using secure transport solutions such as HTTPS and VPNs. Applications in need of end-to-end integrity protection are encouraged to do so within their application payloads.
- How are the backend interfaces secured?
The backend interfaces involve control and data signaling among Network Servers, Join Servers and Application Servers. HTTPS and VPN technologies are recommended for securing the communication among these critical infrastructure elements, in much the same way as is done in any other telecom systems.
- Does LoRaWAN support hardware security?
Enhanced security of the end-devices and server platforms by means of using hardware security (e.g., Secure Elements and Hardware Security Modules) are implementation matters and not related to protocol interoperability aimed by telecommunication specifications, including LoRaWAN. Nevertheless, use of such techniques are compatible with the LoRaWAN specifications and should be implemented by the developer as required by the application.
- What should I do if I identify a security threat?
Generally speaking, a given security threat may arise from the interoperability specification (e.g., lack of replay protection), the implementation (e.g., key extraction on the device), the deployment (e.g., lack of firewalls protecting the servers) or a combination of these three.The LoRa Alliance ensures its interoperability specifications are secure while recognizing the overall security of the solution also depends on the implementation and deployment security. In the face of a security threat the first action is to identify the source of the threat. If it is related to the LoRaWAN specifications, the LoRa Alliance is the right place to address it (email@example.com).On the other hand, implementation security issues need to be taken up by the relevant manufacturers and deployment issues need to be taken up with the relevant network operator(s). These two types of threats are not specific to the LoRaWAN technology and are usually equally applicable to any radio technology which may be implemented on the same devices/networks.
LoRaWAN specifications for developers
The LoRaWAN1.0.3 now fully supports unicast & multicast classB devices.
The classA and classC sections are unchanged compared to LoRaWAN1.0.2 with the exception of a new MAC command “DeviceTimeRequest” used to synchronize the real time clock of a device.
For devices operating in classA or classC, there is no need to upgrade to LoRaWAN1.0.3
However, If you plan to use classB in your devices then you should use LW1.0.3
The LoRaWAN1.0.3 ClassB section is forward compatible with the LoRaWAN1.1 classB.
The PDF can be downloaded here: https://lora-alliance.org/sites/default/files/2018-07/lorawan1.0.3.pdf
LoRaWAN use cases
There are numerous use cases for LoRaWAN already, which include smart agriculture, smart buildings, smart cities, smart utilities etc. Look below for a schematic summary of the different fields and more details.
The following examples have been adapted from www.lora-alliance.org, or more information see https://lora-alliance.org/lorawan-vertical-markets/agriculture.
By now, most of us are quite familiar with reports on population growth, global warming, consumer demands, etc., and the pressure on our planet’s supply of food, water and land. It is worth noting that farmers have long leveraged technological breakthroughs to adapt agricultural practices to changing times and this era is no exception, particularly with the emergence of Smart Agriculture.
- Cattle Monitoring
Farmers can better monitor animal conditions, such as body temperature, estrus, disease, productivity, location as well as better prevent the loss or theft of livestock.
- Environment Monitoring
Farmers can accurately record rainfall and other weather conditions, set flood risk alarms and other alerts in changes of water quality or overuse of phytosanitary products.
- Farm Asset Management
Farmers can now oversee storage conditions, receive alerts on gates and equipment and better track and quality control the entire supply chain.
- Irrigation Control
Farmers can now schedule and apply the right amount of water to crops, reducing waste and costs.
- Soil Health
Farmers can monitor soil quality from surface to roots, compare areas, modulate fertilizing, analyze historical patterns and better manage crops long-term.
The following examples have been adapted from https://lora-alliance.org/lorawan-vertical-markets/buildings
LoRaWAN-based solutions secure properties by detecting intruders, providing safety and disaster response measures, keeping track of facility equipment location, restricting access to private areas, etc.
- Failure Prediction
Sensors can dramatically reduce maintenance costs by using ‘predictive analytics’ and ‘on demand’ services. Water can be monitored and detected to identify water leaks before costly damages occur. Elevator motors and equipment can be monitored to detect early signs of potential failure.
Smart thermostats can now monitor indoor/outdoor air temperature, humidity and the presence of people in a room. This data can then be used to intelligently control the HVAC, heater and ventilation systems inside buildings so that they cool or heat rooms only when necessary.
- Space Optimization
Real-time occupancy, geolocation and foot traffic data can be used to identify spatial usage patterns, allowing space efficiency optimization and reconfiguring offices and retail location layout.
The following examples have been adapted from https://lora-alliance.org/lorawan-vertical-markets/cities
- Environment Monitoring
LoRaWAN sensors monitor noise, air and water pollution and keep citizens informed of air quality, conditions and pollutants. Parks and gardens can be irrigated optimally by monitoring soil moisture thereby reducing waste and unscheduled maintenance and upkeep.
- Parking Management
Parking spaces are monitored and managed more efficiently, generating incremental revenue as well as aiding parking providers to adapt pricing to real-world patterns. The city can monitor “no parking” spots to ensure fire, police and ambulance services are always guaranteed access.
LoRaWAN trackers provide information on asset location, sensors detect open doors, windows or movement, people and processes notified when condition thresholds are exceeded and devices send alerts when smoke and fire is detected.
- Street Lighting
Cities are able to manage their energy footprint more effectively, detect outages, broken lights or supply outages. Intelligently managing lighting, Cities are able to promote security in urban areas as well as improve safety for pedestrians, riders and road users.
- Waste Management
Understanding the status of bins enables city service providers to react to real-time fill levels, avoids containers spilling over and littering, allows for more efficient refuse collection and reduces unnecessary pick-ups of half-empty bins thereby saving fuel and reducing pollution. Cities gain visibility of patterns and trends and can better cater to citizens needs.
The following examples have been adapted from https://lora-alliance.org/lorawan-vertical-markets/industry
Oil & Gas, Oilfields and offshore rigs
- Tank level monitoring
- Leak detection and Gas/pollution anomalies
Production/Manufacturing, Supply lines
- Hydraulic fluids
- Water and wastewater management
- Compressed air (pressure)
Utilities, Electrical, water, gas, etc.
- Connecting capacitor banks
- Substation monitoring
The following examples have been adapted from https://lora-alliance.org/lorawan-vertical-markets/logistics
- Asset Tracking
End-to-end tracking of goods through the supply chain. Low-cost location tracking and monitoring of conditions in transit.
- Fleet management
Tracking vehicles can help improve handling and storage conditions of goods in route as well as increase safety, protect against theft and litigation.
Sensors optimize the handling of goods and increase security as well as allow for automated reordering of inventory at warehouses, ports, docks, airports, etc.
- Monitoring Goods
Sensors providing real-time data and visibility of goods, especially perishable products greatly increase managers’ ability to prevent or solve problems before it’s too late.
The following examples have been adapted from https://lora-alliance.org/lorawan-vertical-markets/utilities
- Smart Electricity
Reduces network outages and quickens response through meter and grid monitoring and analytics. Integrates renewable energy management systems and storage from resources such as solar photovoltaic systems, fuel cells, and wind turbines.
- Smart Gas
Helps utilities in the LNG and LPG industry improve their billing accuracy and develop new service models for remote meter readings. Provides near real-time data for gas usage and alarms. Remotely measures gas flow rates and pressure in gas pipe networks. Remotely shuts off valves for subscription management and for risk control in case of alert.
- Smart Heating
Facilitates cost allocation and improves the overal distribution efficiency by measuring real consumption. Helps facilities and utilities improve their customer service through better energy consumption monitoring.
- Smart Water
Improves utility efficiency with AMI (Advanced Meter Infrastructure) based on LoRaWAN. Beyond automated reading, improves water network management and reduces the non-revenue water with leak detection. Reduces energy bill in cost of water with water flow and pressure monitoring and control of pumping systems for the water supply.
Use cases to fight Covid-19
More information is available under: https://pages.services/pages.lora-alliance.org/covid-19-lorawan-solutions/
As the COVID-19 pandemic continues to confront the world with unprecedented challenges, more governments and government institutions are sending calls for help to fight the Coronavirus. Several incredible members of the LoRa Alliance® ecosystem have stepped up to answer those calls by providing solutions, technology, tips and resources to help our communities during this challenging time. These solutions are viable, readily available, and in some cases already deployed to hard-hit areas of the globe.
Summary of the applications:
Academic references for LoRaWAN use cases
Patent publications related to LoRaWAN
Ecosoph and iob.watch have developed a couple of LoRaWAN-compliant products, please have a look at our product portfolio here.