1. LoRaWAN Technology
According to the LoRa Alliance technology group, which is supported by over 500 members being operational since the end of March 2015
[1], a considerable number of devices anticipated for the Internet of Things are expected to be supported by Low-Power, Wide-Area Networks (LPWAN) (IoT)
[2].
Among these alliance members, technology leaders such as IBM, Cisco, HP, Fox-conn, Semtech, and Sagemcom, as well as companies such as Schneider, Bosch, Diehl, and Mueller, and many small and medium-sized enterprises (SMEs) and startup companies cooperate to consolidate on the LoRaWAN
® standard for optimizing LPWANs battery life, capacity, range, and cost. A Low Power Wide Area (LPWA) networking protocol named LoRaWAN is used to wirelessly link battery-powered “things” to the internet in local, national, or global networks. The LoRaWAN
[3] protocol criteria that focus on the IoT are bi-directional communication, mobility, end-to-end security, and localization services. LoRaWAN is an open and standardized low-power wireless network (LPWAN).
Table 1 shows a performance comparison between the most popular LPWAN technologies
[4][5].
The underlying physical layer or the wireless modulation utilized to create the long-range communication link is LoRa
[2][6], or Frequency Shift Keying (FSK), a chirp spread spectrum-based proprietary modulation scheme (CSS). FSK modulation is frequently used in wireless systems because it is a very effective modulation for low-power achievement. Chirp spread spectrum modulation, the foundation of LoRa, keeps the low-power properties of FSK modulation while greatly extending the communication range. Because of the great reached communication distances and robustness to interference, the chirp spread spectrum has been used in military and space communication for decades; nonetheless, LoRa is the first low-cost implementation for commercial use that offers the benefit of long-range capability. Entire cities or even areas covering hundreds of square kilometers may be covered by merely one gateway or base station offering a high link budget, although the range highly depends on the environment or obstructions in a given location. The link budget, typically given in decibels (dB), is the primary factor in determining the range in a given environment. Scalable bandwidth, constant envelope, low power, a quite robust scheme, multipath, fading resistance, Doppler resistance, long-range capability, enhanced network capacity, and geolocation capabilities are some of the key properties of this modulation.
Cycleo created the LoRa modulation technology, which Semtech eventually purchased. According to Semtech, the main characteristics of this technology are the suppressed cost of end devices, operating expenses, and infrastructure investments. Furthermore, standardization, low power consumption that allows a usable battery life of up to 20 years, and long-range penetration even in dense urban or even indoor applications and rural areas are eminently outstanding characteristics while providing low power GNSS-free geolocation, security (end-to-end AES Advanced Encryption Standard,) and high capacity (support of many devices per LoRaWAN gateway according to the RF emission restrictions applied from legislation).
LoRaWAN employs a star topology
[3][6] in which devices are linked directly to gateways which are then linked to a network server via a backhaul (e.g., Ethernet). LoRaWAN, unlike other IoT technologies, does not employ a mesh network architecture, although mesh networking may be useful for increasing communication range due to an impact on device battery life owing to message forwarding.
LoRaWAN enables bidirectional communications between end devices, though they are asymmetric because uplink transmissions (from end devices to gateways) are strongly favored. LoRa technology transmits in ISM free-use frequency bands shared with other wireless technologies. Therefore, it must comply with defined usage rules, particularly concerning the duty cycle, transmission power, and bandwidth. The most common use cases of LPWAN networks are isolated data measurements, industry applications, and Smart Cities
[7][8].
Security Options
Regarding terms of security in LoRa Wide Area Networks, LoRaWAN employs a cryptographic mechanism based on AES-128
[9] that operates in counter mode (CTR) while based on a pre-shared key from which two additional keys for session security are derived. End devices must be activated before the initialization of the derivation process to connect to a specific LoRaWAN network otherwise; the network server silently discards the transmitted frames. To be considered activated, an end device must have a valid copy of the following data:
-
application session key—AppSKey,
-
end-device address—DevAddr, and
-
network session key—NwkSKey.
The LoRaWAN specification 1.0 provides two methods for establishing keys
[10] leading to two types of joining schemes used, depending on data being either stored manually in the device or acquired via the radio link, i.e.,:
In the case of Personalization Activation (PA), the device includes hard-coded authentication data before initializing communication with the network so requiring no join procedure, while binding the end device to a specific LoRaWAN network because they include the device’s LoRaWAN network identifier (NwkId), network address (NwkAddr), and cryptographic session keys.
As a result, the end device is permitted to communicate with specific LoRaWAN networks while keeping these values constant. The preshared AppKey within the end device is used to generate the AppSKey and NwkSKey keys. While utilizing the activation strategy referred to as ABP, all parameters such as the network session key (NwkSKey), the device address (DevAddr), and the application session key (AppSKey) are configured at production time. The AppKey is an AES-128 key that is used in the subsequent session key derivation process. As a first step, the end device sends a join-request message containing the AppEUI, DevEUI, and DevNonce. Replay attacks are prevented by using a DevNonce value, although the join-request message is not encrypted. Finally, following a successful procedure, the network server sends a join-accept message to conclude the transaction and confirm the end-to-device authentication, keeping in mind that AppKey has already been used to encrypt the message.
On the other hand, by using the Activation Over-the-Air strategy, each end device performs a join procedure explicitly defined to securely connect to a specific network after obtaining all necessary cryptographic material. The joining procedure is initiated by the end device whilst providing the following information:
The DevEUI identifies an end device, whereas the AppEUI identifies an entity capable of processing the end-join request of the devices.
The OTAA scheme is considered to be more secure than ABP
[10], a fact that led researchers to opt for the LoRaWAN implementation.
2. WAN and Software-Defined Wide Area Networks Technologies
Due to the constant development of technology and the need for a better quality of service both in data transfer and real-time communication, researchers need to increase the development of new technologies while upgrading existing ones. With the current known WAN technology, companies have managed over time to obtain reliable communication between the central points and their branches without any problems
[11]. As computer and telecommunication networks size up devices such as routers and switches through interconnections, many organizations, and businesses are turning to Software-Defined Wide Area Networks (SD-WANs) as a solution
[12].
WAN technology was a widely distributed technology approximately 30 years ago. The term “Data Centers” was an unknown concept, and network administrators had to manipulate servers manually, wherever they were, as these devices needed to be configured on-site one by one
[13]. WAN networks had two disadvantages, as they were expensive and rigid. At the first point, WAN network equipment was costly because of the specialization scope that had to be completed. Secondly, these devices had the necessary information for the local system’s network and were not responsible for the global network. Overall, due to their low flexibility, any new deployments for adding new WAN extensions and capabilities were not easy to perform
[14].
Table 2 depicts a performance comparison of the most common WAN technologies
[4][5].
Table 2. WAN Comparison Performance.
Feature |
GSM |
LTE-M |
5G (Targets) |
Coverage Area |
<15 km (164 dB) |
<10 km (156 dB) |
<12 km (160 dB) |
Frequency |
Licensed 800, 900 MHz shared |
Licensed 700, 900, 1.4 MHz shared |
Licensed 700, 900 MHz shared |
Data Rate |
10 kbps |
<1 Mbps |
<1 Mbps |
Network Reforming |
Moderate (LTE reuse) |
Small |
Requires 5G NWs |
SDN technology was the most recognized subject in the previous decade in the network world because of the solution that promised to provide for large scaled networks. Centralized monitor control using software plans can increase network speed and provide a better quality of service, both in voice and data transmission
[15][16]. Compared to classic networks, SDN can provide improved network architecture of three layers under the same infrastructure. The “application” layer is responsible for monitoring and load balancing, the “control” layer regards network topology, and the “data plane” layer is responsible for the network equipment’s physical connections
[17].
2.1. Software-Defined Wide Area Network Technology Definition
SD-WAN is a new technological deployment that works as an alternative to today’s WAN communication technology. An SD-WAN network provides suitable automotive procedures for better data tracing from point to point (p2p). These automated actions can evolve SD-WAN into a productive, stable, and reliable solution for an organization
[18]. The term SD-WAN comes from the words Software, Defined, Wide Area, and Network, and is part of a new era of implemented SDN that drives rooting packets between data centers and headquarters to a WAN with higher speeds. Before this implementation, companies and organizations were obliged to use specific network equipment and discrete leased circuits at any monetary cost. SD-WAN can provide balanced loaded data traffic by using multiple WANs and increased bandwidth
[12]. Using the SDN benefits the private network as it separates into two layers, the “control” layer and the “data” layer. The “control” layer is managed over the cloud, or by using on-premises infrastructure. A software management implementation is responsible for managing how “data” will be transferred over the network, as they can be driven by separated paths depending on the network traffic and the pre-planned plan
[19].
2.2. Software-Defined Wide Area Network Architecture and Security Options
SD-WAN was developed to replace the classic WAN. The core job of SD-WAN is to simplify all the functions of a WAN to provide flexibility and scalability over the traditional WAN. The architectural structure of SD-WAN includes three layers
[20]. The “data” layer consists of hardware and software devices with similar functionalities close to IP networks which can virtualize bandwidth by forwarding data, i.e., to 4G/LTE mobile networks. Sometimes routers are also considered virtual cloud services, such as Iaas. The “control” layer is responsible for network improvement, energy traffic monitoring, and providing a better quality of service for all the transmitted data. It can also perform many managed implementations for debugging, collecting information about the network topology and its status, and managing the number of real-time connected devices. The “application” layer allows network administrators and application developers to configure the requirements for an efficient network with a low energy cost and high availability
[12][13][20][21].
The SD-WAN provides secure connections from edge to edge, allowing users to create a new complicated network infrastructure between MPLS and LTE to increase their critical connection experience. The SD-WAN can be traffic manageable by providing priority to specific nodes. Many hardware devices are no longer needed due to the virtualizing of services, and therefore lower costs and better performance, either to bandwidth or to the network, are achieved. Available scalability and agility are flexible services to add any new sites. The QoS for data transition is higher due to load balancing because the network is centralized and controlled
[12][22]. It also provides end-to-end encrypted traffic within the network over the internet. All components are fully certified and safe, and the “certified keys” exchanging procedure gives SD-WAN the possibility of seamless communication between headquarters and data centers, as this communication is always safely controlled since it is encrypted
[23].