The Internet of Things (IoT) is one of the fastest emerging technologies in the industry. It includes diverse applications with different requirements to provide services to users. Secure, low-powered, and long-range transmissions are some of the most vital requirements in developing IoT applications. IoT uses several communication technologies to fulfill transmission requirements. However, Low Powered Wide Area Networks (LPWAN) transmission standards have been gaining attention because of their exceptional low-powered and long-distance transmission capabilities. The features of LPWAN transmission standards make them a perfect candidate for IoT applications. However, the current LPWAN standards lack state-of-the-art security mechanisms because of the limitations of the IoT devices in energy and computational capacity. Most of the LPWAN standards, such as Sigfox, NB-IoT, and Weightless, use static keys for node authentication and encryption. LoRaWAN is the only LPWAN technology providing session key mechanisms for better security. However, the session key mechanism is vulnerable to replay attacks.
1. Introduction
With the evolution of wireless communication technologies and mobile computing, numerous novel use cases of network-based applications are evolving. One of the paradigms recently gaining attention is the Internet of Things (IoT). IoT can be described as a network of smart devices at a global scale that provides the facilities to automate the real world through monitoring, data collection, and data analysis
[1]. The requirements of IoT applications can vary depending on their requirements. However, two of the most important requirements of IoT applications are energy efficiency and long-range transmission from IoT devices. Low Powered Wide Area Networks (LPWAN) fit perfectly into the energy-efficient long transmission requirement of IoT networks.
LPWAN communication standards are long-range communication technologies using low frequencies for transmissions. These technologies can provide low data rate communication up to a distance of 45 km in rural and 5 km in urban zones using a star topology
[2]. LPWAN standards are gaining the attention of the industry as well as academia because of their potential in diverse applications for IoT.
As the popularity of LPWAN technologies grew, multiple vendors joined the competition for providing IoT services with LPWAN communications. Currently, LPWAN standards are available in both licensed and unlicensed frequency bands. Some of the leading LPWAN technologies are Sigfox
[3], LoRaWAN
[4], NBIoT
[5], and Weightless
[6].
LPWAN has multiple transmission standards under its umbrella, and all of them are promoted by different vendors. Hence, all LPWAN standards have different transmission and security mechanisms. However, because of the limitation of resources in network nodes, they rely on basic security techniques. LPWAN standards do not implement public-key cryptography or session key mechanisms as nodes cannot carry out any computationally intensive operations at their ends. This limitation of using basic security mechanisms in the network creates security vulnerabilities in the network
[7].
Most of the LPWAN communication technologies use a shared secret key for node authentication and data confidentiality
[8]. The secret keys are securely stored in the devices before the deployment of the nodes and the same secret key is used for authentication and confidentiality throughout the node lifetime. Using the same key for a long period of time creates a possibility for the attackers to collect enough information for cryptanalysis
[9]. Hence, it is recommended to update secret keys or use session keys for enhanced security of the network
[10]. However, the implementation of session key mechanisms can cause additional transmissions from end nodes, causing additional overhead on nodes, resulting in a shorter node lifetime
[11]. Another option is to use public-key cryptography, where two different keys are used for encryption and decryption of the data. However, public-key cryptography requires extensive computations and is not considered suitable for resource-constrained devices
[11].
Amongst all the communication technologies, LoRaWAN is the only LPWAN technology that offers over-the-air session key generation
[7]. LoRaWAN provides two-node activation mechanisms, Activation by Personalisation (ABP) and Over-The-Air-Activation (OTAA)
[4]. The session key mechanism is only provided by OTAA in the joining procedure of the end node. When the node joins the network, it initializes a join request. Following the join-request, the network server responds with a join-accept message. The node uses the data in the join-accept message to generate application and network session keys. The LoRaWAN session key mechanism is initiated by the end node whenever the node is reset or the frame counter of the node is reset (reaches its maximum value)
[4]. It uses random nonce with the join-request message to avoid replay attacks. However, the join-request accepts messages sent from the network server that does not have any replay attack prevention mechanism, creating a possibility of a replay attack on the network
[12].
As discussed above in this section, LPWAN is one of the most popular communication technologies for low data rate IoT applications. However, there are several limitations and security vulnerabilities in existing LPWAN technologies. Considering the vulnerabilities of current security mechanisms and the resource limitations of end nodes in the network, a lightweight and secure session key mechanism is required to enhance the LPWAN security without placing an additional burden on end nodes
[11,13,14][11][13][14].
2. RLPWAN Kelated Worky Exchange: A Centralised Lightweight Approach
The unavailability of session key mechanisms in resource-constrained devices causes security vulnerabilities in the networks. These devices can be exposed to attacks because of these vulnerabilities when deployed in the IoT networks. As these devices are always connected to the Internet, there can be security breaches causing serious damage to confidentiality, integrity, authenticity, and privacy in the network. The IoT devices can be used as a gateway to launch attacks as they cannot use computationally extensive security mechanisms. To avoid attacks using IoT nodes, there have been numerous attempts involving session keys and key update mechanisms for constrained networks such as LPWAN.
In
[15], security vulnerabilities of LoRaWAN are discussed along with possible attacks. It is highlighted that LoRaWAN provides a session key with every new join-request by the devices in the network. However, the keys used to generate the session keys are static and not updated in LoRaWAN. A key update mechanism is proposed to change the static key used for session key generation periodically. A two-step Key Generation Function (KGF) is proposed where both steps use Pseudo-Random Number generation on a Rabbit stream cipher to obtain a key stream. However, it is not explained how this mechanism will scale and how the synchronization of the network server and end nodes will be achieved for key update requests, as end nodes are not always listening for incoming transmissions.
In
[16], LoRaWAN key management mechanisms are studied and an alternative technique for session key updates is proposed. The use of Ephemeral Diffie–Hellman Over Concise Binary Object Representation (CBOR) Object Signing and Encryption (COSE) (EDHOC) for session key update is recommended because of its lightweight computations and its limited transmission requirements. A detailed comparison between Internet Key Exchange v2 (IKEv2)
[17], Datagram Transport Layer Security (DTLS)
[18], and EDHOC based on their key derivation mechanism is made. It is highlighted that DTLS and IKEv2 are not suitable for session key generation in LoRaWAN as they are not designed to work in a highly constrained environment. Hence, the authors have suggested using EDHOC and found it better suited for LoRaWAN devices for enhanced security.
In
[11], the authors have discussed the inapplicability of asymmetric key cryptography in constrained devices for key exchange. Considering the device limitations, a seven-step key generation process is proposed for regular key refreshments in LoRaWAN networks. The key agreement involves various operations for each step of the key generation that is performed on the physical layer parameters of LoRaWAN between the gateway and the end device. The authors have performed extensive experiments to demonstrate the accuracy of the proposed key generation method. However, there is no analysis of the energy consumption of the proposed algorithm in the LoRaWAN network. As the proposed mechanism in the paper uses several steps that require the nodes to perform a number of calculations, there is a possibility of node lifetime being shortened.
A physical layer message authentication algorithm is proposed in
[19] for node authentication in LPWAN networks. The proposed scheme relies on physical layer parameters and a pre-shared secret key used between devices to generate an authentication code. To collect the physical layer information, the nodes extract channel parameters such as the Channel State Information (CSI) and the Received Signal Strength Indicators (RSSI). The extracted channel information and the pre-shared secret are used to authenticate the nodes in the network. However, the use of channel information for authentication can be limited to static networks. With the mobility in the network nodes, the RSSI will vary, causing challenges in authenticating the nodes.
A mutual device-to-device authentication mechanism with forwarding secrecy is proposed for ZigBee devices
[20]. The protocol uses symmetric key encryptions and enables devices to have a key agreement for a session key. The session key is changed frequently to provide forward secrecy. Pre-deployment, every node has a unique ID and a key generated by using devices’ inner circuit chips. This key is considered the secret key for the device. All the devices register themselves to a controller. Access control for all the devices is also configured during device registration. For the device-to-device communications, the nodes use a controller as a middleman to authenticate each other and then come to a session key agreement.
A dual key activation scheme for LoRaWAN is proposed in
[21]. This
pape
rntry discussed loopholes in LoRaWAN node activation mechanisms, such as the use of static keys for session key generation. To address this issue in the node activation mechanism, a six-step activation mechanism for node activation is proposed. The newly introduced approach focuses on using two different keys for generations of network and application session keys rather than using a single key for the generation of all session keys. Once the session keys are generated on both server and node ends, the pre-stored keys used to generate the session keys are discarded and the generated keys are used for all further transactions. However, as nodes stores two keys in the initial key setup for the application and network servers, it can create a requirement for a third-party key management entity as the network scales.
As authentication of nodes became challenging when attackers used the prestored keys to breach the network authentications, Physical Unclonable Functions (PUF)
[22] were introduced for node authentication of nodes based on hardware manufacturing irregularities in the nodes. In PUF-based authentications, a challenge is given to the PUF, which is an electronic circuit and based on the response, the node is authenticated. As the manufacturing irregularities of every circuit are said to be unique, the response to challenges is also unique as they are passed through an electronic circuit. However, the use of PUFs can introduce a requirement for additional hardware with the node.
As discussed in the literature, there have been a number of attempts to facilitate stronger security mechanisms for LPWAN-based IoT networks. Different approaches are adopted by researchers to achieve better security for constrained networks like LPWAN. Some approaches use physical layer parameters to identify nodes. However, this introduces additional hardware requirements with the nodes in the network. On the other hand, some of the researchers aim to achieve a session key mechanism introducing additional transmission overhead, which is one of the most energy-demanding operations for end nodes
[23].