LoRaWAN™ uses two layers of security: one for the system and one for the application. The system security guarantees genuineness of the hub in the system while the application layer of security guarantees the system administrator does not approach the end client’s application information.
Accordingly, the LoRaWAN IoT specification defines two layers of cryptography:
- A unique 128-bit Network Session Key shared between the end-device and network server
- A unique 128-bit Application Session Key (AppSKey) shared end-to-end at the application level
Information over LoRaWAN is encrypted twice; sensor information is encoded by the hub, and afterward it is encoded again by the LoRaWAN IoT convention; at exactly that point is it sent to the LoRa Gateway. The Gateway sends information over typical IP system to the system server.
The Network server has the Network Session Keys (NwkSkey), and it is responsible to decrypt the LoRaWAN information. It at that point passes the information to the Application server which decodes the sensor information, utilizing the Application Session Key (AppSKey).
LoRaWAN™ gadgets have two different ways to join the system. The first is OTAA, Over-the-Air-Activation. The gadget and the system trade a 128-piece AppKey. At the point when the gadget send the join demand, the AppKey is utilized to make a Message Integrity Code (MIC), the server at that point check the MIC with the AppKey. In the event that the check is legitimate, the server makes two new 128-piece keys, the App Session key (AppSkey) and the Network Session Key (NwkSkey). These keys are sent back to the gadget utilizing the AppKey as an encryption key. At the point when the keys are gotten the gadget unscrambles and introduces the two session keys.
The NwkSkey is utilized to ensure the message honesty from the gadget to the LoRa Network Server. The AppSkey is utilized for the start to finish AES-128 encryption from the gadget to the Application Server.