Analysis of LoRaWAN 1.0 and 1.1 Protocols Security Mechanisms

Abstract

LoRaWAN is a low power wide area network (LPWAN) technology protocol introduced by the LoRa Alliance in 2015. It was designed for its namesake features: long range, low power, low data rate, and wide area networks. Over the years, several proposals on protocol specifications have addressed various challenges in LoRaWAN, focusing on its architecture and security issues. All of these specifications must coexist, giving rise to the compatibility issues impacting the sustainability of this technology. This paper studies the compatibility issues in LoRaWAN protocols. First, we detail the different protocol specifications already disclosed by the LoRa Alliance in two major versions, v1.0 and v1.1. This is done through presenting two scenarios where we discuss the communication and security mechanisms. In the first scenario, we describe how an end node (ED) and network server (NS) implementing LoRaWAN v1.0 generate session security keys and exchange messages for v1.0. In the second scenario, we describe how an ED v1.1 and an NS v1.1 communicate after generating security session keys. Next, we highlight the compatibility issues between the components implementing the two different LoRaWAN Specifications (mainly v1.0 and v1.1). Next, we present two new scenarios (scenarios 3 and 4) interchanging the ED and NS versions. In scenario three, we detail how an ED implementing LoRaWAN v1.1 communicates with an NS v1.0. Conversely, in scenario four, we explain how an ED v1.0 and an NS v1.1 communicate. In all these four scenarios, we highlight the concerns with security mechanism: show security session keys are generated and how integrity and confidentiality are guaranteed in LoRaWAN. At the end, we present a comparative table of these four compatibility scenarios.