Secure Session Key Generation Method for LoRaWAN Servers

Kun-Lin Tsai; Fang-Yie Leu; Li-Ling Hung; Chia-Yin Ko

doi:10.1109/ACCESS.2020.2978100

IEEE Access (Jan 2020)

Secure Session Key Generation Method for LoRaWAN Servers

Kun-Lin Tsai,
Fang-Yie Leu,
Li-Ling Hung,
Chia-Yin Ko

Affiliations

Kun-Lin Tsai: ORCiD; Department of Electrical Engineering, Tunghai University, Taichung, Taiwan
Fang-Yie Leu: Department of Computer Science, Tunghai University, Taichung, Taiwan
Li-Ling Hung: ORCiD; Department of Computer Science and Information Engineering, Aletheia University, New Taipei, Taiwan
Chia-Yin Ko: Department of Computer Science, Tunghai University, Taichung, Taiwan

DOI: https://doi.org/10.1109/ACCESS.2020.2978100
Journal volume & issue: Vol. 8
pp. 54631 – 54640

Abstract

Read online

In recent years, Internet of Things (IoT) as an essential infrastructure for industrial development, environmental protection and human life enhancement has attracted researchers' attention. Currently, there are four hot research topics in IoT fields, including sensor design, communication scheme, secure transmission, and data mining. The LoRaWAN, an unlicensed band based long range wide area network specification, is very suitable for the activities or operations in an IoT environment due to its low power and long range communication. In the LoRaWAN, star-of-stars topology, asynchronous communication, and three communication modes are used to reduce its power consumption. In order to enhance the security of network communication, the LoRaWAN adopts the 128-bit Advanced Encryption Standard (AES-128) and utilizes two session keys: network session key and application session key, for encrypting/decrypting data between end devices and network/application servers. However, according to the LoRaWAN Backend Interfaces 1.0 Specification announced by LoRa Alliance in 2017, the application layer communication securities between two arbitrary servers (including network servers, join server, and application servers) are out of the specification's scope. That is to say that the important data transmitted from one server to another may be attacked, falsified, or stolen easily. In this paper, a session key generation method is proposed to generate session keys with which two servers can securely communicate with each other, especially enhancing the application layer communication securities undefined in the LoRaWAN Specification. By integrating elliptic curve cryptography and AES-128, the session keys for different pairs of servers are created. The security discussion shows that the proposed method provides the features of mutual authentication, confidentiality and message integrity. Besides, it can also help to resist replay and eavesdropping attacks.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords