Activation of LoRaWAN end devices by using Public Key Cryptography

Abstract

The usage of Internet of Things (IoT) devices is growing every day, and Long Range Wide Area Network (LoRaWAN) is one specification that enables these devices to have access to the internet. The current specification uses a robust symmetric encryption scheme for secure communication. However, the root keys used for the encryption is static and delegated to the device before deployment. If the root keys are compromised, all past and future messages also become compromised. Since the root keys are static, physical access to the device is required to enforce a new key. This thesis aims to design and evaluate a new process to assign root keys to the devices in LoRaWAN using Public Key Cryptography (PKC) and evaluate the feasibility of the proposed process. The new process allows a device to get the root keys dynamically and for them to be replaced at will. However, PKC requires longer keys to get equivalent cryptographic strength to a symmetric encryption scheme. This increased key size in turn requires more processing power to use, thus increasing battery consumption. The feasibility of the new process is evaluated based on the increase in power usage since IoT devices are usually battery powered. The implemented process, called Public Key Over the Air Activation (PK-OTAA), is based on a PKC algorithm, specifically ECDH. PK-OTAA provides enhanced security at the cost of increasing battery consumption by 77% compared to the standard Over the Air Activation (OTAA) in LoRaWAN. Considering that PK-OTAA will only be executed a few times during the lifetime of the device, the increase in consumption is negligible. The report concludes that PK-OTAA is feasible to use when looking at power consumption. Although the security of the PK-OTAA procedure is yet to be proven, it can improve the regular OTAA procedure of LoRaWAN by allowing renewal of the root keys.