SlideShare a Scribd company logo

LoRaWAN Security Webinar

Download as PPTX, PDF
Actility
Actility

The document discusses security in LoRaWAN networks. It describes how LoRaWAN uses cryptographic techniques like AES encryption with keys, and message authentication codes to provide security features like mutual authentication, integrity protection, and encryption. It explains the join procedure where devices are provisioned with session keys to communicate securely. Improvements in LoRaWAN 1.1 like additional replay protection and separation of security realms are also summarized. The document recommends best practices for provisioning devices securely and maintaining security across the entire IoT system.

Technology
1 of 24
Copyright ©Actility LoRaWAN Security Alper Yegin Director of Standards and Advanced Technology Development, Actility Technical Committee Co-chair and Vice-Chair, LoRa Alliance
Copyright ©Actility Is LoRaWAN secure?
Copyright ©Actility How are the LoRaWAN protocol/networks secured?
Copyright ©Actility General Wireless Security 4 Device/terminal Network Threats Remedies (tools) Unauthorized access Mutual end-point authentication Spoofing Data origin authentication Replay protection Modification Integrity protection Eavesdropping Encryption … using cryptographic algorithms with strong keys
Copyright ©Actility Mutual End-point Authentication 5 Using Advanced Encryption Standard (AES) with 128-bit symmetric keys and algorithms AppKey is random and per-device root key (cryptographic isolation) DevEUI: Device Extended Unique Identifier JoinEUI: Join server Extended Unique identifier (replaces AppEUI in earlier specs) Note -- Depicting LoRaWAN 1.0.x for brevity Device Network Gateway Join Server Application Application Server DevEUI JoinEUI AppKey DevEUI JoinEUI AppKey Network Server
Copyright ©Actility Mutual End-point Authentication 6 Network NS JS Application AS LoRaWAN Join/Activation Procedure AS: Application Server JS: Join Server NS: Network Server GW: Gateway GW Using Advanced Encryption Standard (AES) with 128-bit symmetric keys and algorithms AppKey is random and per-device root key (cryptographic isolation) Device
Copyright ©Actility Session Key Generation and Delivery 7 Device Network NS JS Application AS LoRaWAN Join/Activation Procedure NwkSKey AppSKey DevEUI DevAddr DevAddr,DevEUI AES-128 symmetric session keys GW
Copyright ©Actility Data Origin Authentication, Integrity and Replay Protection 8 Device Network NS JS Application AS Uplink/downlink frame transmission NwkSKey DevAddr, FCnt, etc. Payload MIC MIC: Message Integrity Code AES-CMAC: AES Cipher-based Message Authentication Code (tools.ietf.org/html/rfc4493) AES-CMAC NwkSKey LoRaWAN Frame GW
Copyright ©Actility Payload Encryption + Data Origin Auth, Integrity/Replay Protection 9 Device Network NS JS Application AS Uplink/downlink frame transmission NwkSKey DevAddr, FCnt, etc. Encrypted Payload MIC Clear-text Payload AES-CCM*AppSKey AppSKey AES-CMAC NwkSKey GW MIC: Message Integrity Code AES-CCM*: AES Counter with Cipher Block Chaining Message Authentication Code, * is for encryption-only variation defined in Zigbee standard
Copyright ©Actility LoRaWAN End-to-end (Transport) Security 10 Device NS AS GW NwkSKey AppSKey LoRaWAN security Backend security (IPsec, TLS, firewall, etc.) LoRaWAN Encryption LoRaWAN Integrity protection Backend integrity protection + encryption Backend integrity protection + encryption Note1 – “Integrity protection” represents “data origin authentication, integrity & replay protection” Note2 – Supports encryption of MAC commands between the device and the NS Note3 – Application-layer e2e integrity protection is left to the apps as an option
Copyright ©Actility LoRaWAN End-to-end (Transport) Security 11 Device NS AS GW NwkSKey AppSKey LoRaWAN security Backend security (IPsec, TLS, firewall, etc.) LoRaWAN Encryption LoRaWAN Integrity protection Backend integrity protection + encryption Backend integrity protection + encryption Communication protocol design.
Copyright ©Actility Overall/Complete Security 12 Device NS AS GW NwkSKey AppSKey LoRaWAN security Backend security (IPsec, TLS, firewall, etc.) LoRaWAN Encryption LoRaWAN Integrity protection Backend integrity protection + encryption Backend integrity protection + encryption Communication protocol design, implementation, deployment. Application security, Device HW/SW platform security, Infra platform security.
Copyright ©Actility Device Provisioning 13 Device NSGW JS DevEUI JoinEUI AppKey DevEUI JoinEUI AppKey Device manufacturer
Copyright ©Actility Network-agnostic Provisioning 14 Device JS DevEUI JoinEUI AppKey DevEUI JoinEUI AppKey Device manufacturer Network1 GWs Network2 Network3 NSs
Copyright ©Actility Deployment Flexibility 15 Device Network NS JS1 Application AS JS4 JS2 3rd party Device manufacturer JS3 Various options for where the JS of a Device can be hosted JS
Copyright ©Actility Hardware Security 16 Device NSGW JS Device manufacturer SE (Secure Element) HSM (Hardware Security Module)
Copyright ©Actility OTAA vs ABP 17 Device Network NS JS Application AS LoRaWAN Join/Activation Procedure NwkSKey AppSKey DevAddr DevAddr OTAA (Over-the-Air Activation) dynamically generates session keys from root keys. ABP (Activation by Personalization) devices are provisioned with session keys for ”a” pre-selected network. Prefer OTAA because: - ABP device can only work with a single network in its whole life - ABP device cannot rekey sessions X X X
Copyright ©Actility LoRaWAN 1.1 Improvements 18 • Additional replay protection • Separation of security realms • Enhanced key management 32bit FCnt, disallow ABP FCnt reset, no DL retransmit, UL MIC bound to TxDr/TxCh, counter-based Join nonce values, Ack frame MIC uses Acked FCnt Distinct root keys and FCntDown for App and Nwk, UL MIC check in "stateful" visited network Richer key hierarchy with purpose-built session keys, re-keying w/o resetting data session
Copyright ©Actility LoRaWAN 1.1 Improvements 19 • Additional replay protection • Separation of security realms • Enhanced key management 32bit FCnt, disallow ABP FCnt reset, no DL retransmit, UL MIC bound to TxDr/TxCh, counter- based Join nonce values, Ack frame MIC uses Acked FCnt Distinct root keys and FCntDown for App and Nwk, UL MIC check in "stateful" visited network Richer key hierarchy with purpose-built session keys, re-keying w/o resetting data session Applied to LoRaWAN 1.0.x: “Technical Recommendations for Preventing State Synchronization Issues around LoRaWAN™ 1.0.x Join Procedure” lora-alliance.org/resource-hub/technical-recommendations-preventing-state-synchronization-issues-around-lorawantm-10x
Copyright ©Actility Firmware Update over the Air (FUOTA) 20 Security for FUOTA FUOTA for Security Signed firmware Integrity-protected multicast delivery (using group key) Integrity-protected unicast commands (using device key) Update device with software/firmware (security) patches in the field
Copyright ©Actility DOs and DONTs 21 • Pick secret keys randomly and per-device, deliver and store securely • Don’t use arbitrary DevEUIs (respect IEEE OUIs) • Don’t use arbitrary DevAddrs (respect LoRa Alliance NetID/NwkID allocations) • Don’t use arbitrary JoinEUI/AppEUI (must point to a real JS with legitimate IEEE OUI) • Use trusted OS/ HW security for sensitive apps • Ensure end-to-end, whole-stack system security • Contribute to Technical Committee • Finding issues & proposing solutions • On-going work • QR code for facilitating device provisioning • Over-the-air device personalization DevEUI JoinEUI Mfr/Model etc… OUI: Organizationally Unique Identifier
Copyright ©Actility 22 IoT network business enabler Data analytics and control framework IoT connectivity platform Geolocation and tracking of IoT devices B2B e-commerce hub for IoT IoT ecosystem digital services IoT market enablers Developer support and go-to-market accelerator Smart grid, flexibility market & energy efficiency Core network management solution For public IoT networks & service providers Powering IoT connectivity solutions dedicated to enterprise applications • Leading LoRaWAN system vendor • Over half of national public networks globally powered by ThingPark platform • Most comprehensive product/service portfolio • LoRa Alliance leadership • Founding member, Alliance Vice-chair, Board Member, Technical Committee Co-chair, Developer Community WG Chair, and active across all groups • Developer network • 1000+ registered members • B2B marketplace • 150+ sellers
Copyright ©Actility ThingPark and Security 23 Public Service Provider Networks Large Manufacturers Vertical players Enterprise networks DX Decoders </> DX Connectors DX Engines AEPDevice Manufacturers SE Partners ThingPark Activation webinar: www.youtube.com/watch?v=mZgTr5VZiuI Roaming/ThingPark Exchange webinar: www.youtube.com/watch?v=tWP6VV1CKEg HSM Partners
Copyright ©Actility Questions? www.actility.com

Recommended

What is LoRaWaN
What is LoRaWaNWhat is LoRaWaN
What is LoRaWaNTom Zamir
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 
Introduction to LoRa for developers
Introduction to LoRa for developersIntroduction to LoRa for developers
Introduction to LoRa for developersRobin Harris
 
Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
Introduction To LoRaWan
Introduction To LoRaWanIntroduction To LoRaWan
Introduction To LoRaWanAhmet Ensar Köprülü
 

Recommended

What is LoRaWaN
What is LoRaWaNWhat is LoRaWaN
What is LoRaWaNTom Zamir
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 
Introduction to LoRa for developers
Introduction to LoRa for developersIntroduction to LoRa for developers
Introduction to LoRa for developersRobin Harris
 
Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
Introduction To LoRaWan
Introduction To LoRaWanIntroduction To LoRaWan
Introduction To LoRaWanAhmet Ensar Köprülü
 
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALAGSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALASaikiran Panjala
 
IoT and LoRaWAN
IoT and LoRaWANIoT and LoRaWAN
IoT and LoRaWANChris Herbert
 
LoRaWAN in Depth
LoRaWAN in DepthLoRaWAN in Depth
LoRaWAN in DepthAPNIC
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortDisha Bedi
 
IoT security
IoT securityIoT security
IoT securityYashKesharwani2
 
Sigfox presentation [Sep 2016]
Sigfox presentation [Sep 2016]Sigfox presentation [Sep 2016]
Sigfox presentation [Sep 2016]Nicolas Lesconnec
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
Zigbee Presentation
Zigbee PresentationZigbee Presentation
Zigbee PresentationMaathu Michael
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
Computer and network security
Computer and network securityComputer and network security
Computer and network securityKarwan Mustafa Kareem
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected accessLopamudra Das
 
Firewall log and network security management - Mumbai Seminar
Firewall log and network security management - Mumbai SeminarFirewall log and network security management - Mumbai Seminar
Firewall log and network security management - Mumbai SeminarManageEngine, Zoho Corporation
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Securityyousef emami
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and FirewallShafeeqaFarsana
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)Sanjay Kumar (Seeking options outside India)
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of ThingsBlack Duck by Synopsys
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 

More Related Content

What's hot

GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALAGSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALASaikiran Panjala
 
LoRaWAN in Depth
LoRaWAN in DepthLoRaWAN in Depth
LoRaWAN in DepthAPNIC
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortDisha Bedi
 
Sigfox presentation [Sep 2016]
Sigfox presentation [Sep 2016]Sigfox presentation [Sep 2016]
Sigfox presentation [Sep 2016]Nicolas Lesconnec
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected accessLopamudra Das
 
Firewall log and network security management - Mumbai Seminar
Firewall log and network security management - Mumbai SeminarFirewall log and network security management - Mumbai Seminar
Firewall log and network security management - Mumbai SeminarManageEngine, Zoho Corporation
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and FirewallShafeeqaFarsana
 

What's hot (20)

GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALAGSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
 
IoT and LoRaWAN
IoT and LoRaWANIoT and LoRaWAN
IoT and LoRaWAN
 
LoRaWAN in Depth
LoRaWAN in DepthLoRaWAN in Depth
LoRaWAN in Depth
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
 
IoT security
IoT securityIoT security
IoT security
 
Sigfox presentation [Sep 2016]
Sigfox presentation [Sep 2016]Sigfox presentation [Sep 2016]
Sigfox presentation [Sep 2016]
 
Iot Security
Iot SecurityIot Security
Iot Security
 
Zigbee Presentation
Zigbee PresentationZigbee Presentation
Zigbee Presentation
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
 
Firewall log and network security management - Mumbai Seminar
Firewall log and network security management - Mumbai SeminarFirewall log and network security management - Mumbai Seminar
Firewall log and network security management - Mumbai Seminar
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 

Similar to LoRaWAN Security Webinar

Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of ThingsBlack Duck by Synopsys
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
HP Protects Massive, Global Network with StealthWatch
HP Protects Massive, Global Network with StealthWatchHP Protects Massive, Global Network with StealthWatch
HP Protects Massive, Global Network with StealthWatchLancope, Inc.
 
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control DesignIoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control DesignPriyanka Aash
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecuritySkycure
 
OSMC 2010 | Insides SUSE Linux by Joachim Werner
OSMC 2010 | Insides SUSE Linux by Joachim WernerOSMC 2010 | Insides SUSE Linux by Joachim Werner
OSMC 2010 | Insides SUSE Linux by Joachim WernerNETWAYS
 
Application Whitelisting and DPI in ICS (English)
Application Whitelisting and DPI in ICS (English)Application Whitelisting and DPI in ICS (English)
Application Whitelisting and DPI in ICS (English)Digital Bond
 
HiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentationHiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentationVEDLIoT Project
 
iPhone and iPad Security
iPhone and iPad SecurityiPhone and iPad Security
iPhone and iPad SecuritySimon Guest
 
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...AAnt87
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...
Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...
Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...mfrancis
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
Mainframe Customer Education Webcast: Syncsort Gets Zen
Mainframe Customer Education Webcast: Syncsort Gets ZenMainframe Customer Education Webcast: Syncsort Gets Zen
Mainframe Customer Education Webcast: Syncsort Gets ZenPrecisely
 
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...The Linux Foundation
 
Resin.io contribution to the AGILE-IoT project
Resin.io contribution to the AGILE-IoT projectResin.io contribution to the AGILE-IoT project
Resin.io contribution to the AGILE-IoT projectAGILE IoT
 

Similar to LoRaWAN Security Webinar (20)

Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
HP Protects Massive, Global Network with StealthWatch
HP Protects Massive, Global Network with StealthWatchHP Protects Massive, Global Network with StealthWatch
HP Protects Massive, Global Network with StealthWatch
 
VPN
VPNVPN
VPN
 
Vp ns
Vp nsVp ns
Vp ns
 
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control DesignIoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control Design
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile Security
 
OSMC 2010 | Insides SUSE Linux by Joachim Werner
OSMC 2010 | Insides SUSE Linux by Joachim WernerOSMC 2010 | Insides SUSE Linux by Joachim Werner
OSMC 2010 | Insides SUSE Linux by Joachim Werner
 
Application Whitelisting and DPI in ICS (English)
Application Whitelisting and DPI in ICS (English)Application Whitelisting and DPI in ICS (English)
Application Whitelisting and DPI in ICS (English)
 
HiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentationHiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentation
 
WHONIX OS
WHONIX OSWHONIX OS
WHONIX OS
 
iPhone and iPad Security
iPhone and iPad SecurityiPhone and iPad Security
iPhone and iPad Security
 
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
 
Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...
Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...
Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
 
Mainframe Customer Education Webcast: Syncsort Gets Zen
Mainframe Customer Education Webcast: Syncsort Gets ZenMainframe Customer Education Webcast: Syncsort Gets Zen
Mainframe Customer Education Webcast: Syncsort Gets Zen
 
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
 
Airheads dallas 2011 wireless security
Airheads dallas 2011 wireless securityAirheads dallas 2011 wireless security
Airheads dallas 2011 wireless security
 
Resin.io contribution to the AGILE-IoT project
Resin.io contribution to the AGILE-IoT projectResin.io contribution to the AGILE-IoT project
Resin.io contribution to the AGILE-IoT project
 

More from Actility

Using lo rawan and vibration monitoring for predictive maintenance v2
Using lo rawan and vibration monitoring for predictive maintenance v2Using lo rawan and vibration monitoring for predictive maintenance v2
Using lo rawan and vibration monitoring for predictive maintenance v2Actility
 
Actility usine nouvelle
Actility usine nouvelleActility usine nouvelle
Actility usine nouvelleActility
 
Actility and Solvera Lynx webinar: LoRaWAN for smart cities
Actility and Solvera Lynx webinar: LoRaWAN for smart citiesActility and Solvera Lynx webinar: LoRaWAN for smart cities
Actility and Solvera Lynx webinar: LoRaWAN for smart citiesActility
 
Designing LoRaWAN networks for dense IoT deployments
Designing LoRaWAN networks for dense IoT deploymentsDesigning LoRaWAN networks for dense IoT deployments
Designing LoRaWAN networks for dense IoT deploymentsActility
 
Designing LoRaWAN for dense IoT deployments webinar
Designing LoRaWAN for dense IoT deployments webinarDesigning LoRaWAN for dense IoT deployments webinar
Designing LoRaWAN for dense IoT deployments webinarActility
 
Actility and Factory Systemes explain how IoT is transforming industry.
Actility and Factory Systemes explain how IoT is transforming industry.Actility and Factory Systemes explain how IoT is transforming industry.
Actility and Factory Systemes explain how IoT is transforming industry.Actility
 
Multi technology geolocation webinar
Multi technology geolocation webinar Multi technology geolocation webinar
Multi technology geolocation webinar Actility
 
LoRaWAN roaming
LoRaWAN roamingLoRaWAN roaming
LoRaWAN roamingActility
 
Webinar HORIZON 2020 - STORY How microgrids help optimize local energy storage
Webinar HORIZON 2020 - STORY How microgrids help optimize local energy storageWebinar HORIZON 2020 - STORY How microgrids help optimize local energy storage
Webinar HORIZON 2020 - STORY How microgrids help optimize local energy storageActility
 
Whitepaper - How to build a mutil-technology scalable IoT Connectivity Platform?
Whitepaper - How to build a mutil-technology scalable IoT Connectivity Platform?Whitepaper - How to build a mutil-technology scalable IoT Connectivity Platform?
Whitepaper - How to build a mutil-technology scalable IoT Connectivity Platform?Actility
 
Whitepaper - LoraWAN and Cellular IoT (NB-IoT, LTE-M): How do they complement...
Whitepaper - LoraWAN and Cellular IoT (NB-IoT, LTE-M): How do they complement...Whitepaper - LoraWAN and Cellular IoT (NB-IoT, LTE-M): How do they complement...
Whitepaper - LoraWAN and Cellular IoT (NB-IoT, LTE-M): How do they complement...Actility
 
LoRaWAN and 3GPP technologies cover all Industrial IoT use cases
LoRaWAN and 3GPP technologies cover all Industrial IoT use casesLoRaWAN and 3GPP technologies cover all Industrial IoT use cases
LoRaWAN and 3GPP technologies cover all Industrial IoT use casesActility
 

More from Actility (12)

Using lo rawan and vibration monitoring for predictive maintenance v2
Using lo rawan and vibration monitoring for predictive maintenance v2Using lo rawan and vibration monitoring for predictive maintenance v2
Using lo rawan and vibration monitoring for predictive maintenance v2
 
Actility usine nouvelle
Actility usine nouvelleActility usine nouvelle
Actility usine nouvelle
 
Actility and Solvera Lynx webinar: LoRaWAN for smart cities
Actility and Solvera Lynx webinar: LoRaWAN for smart citiesActility and Solvera Lynx webinar: LoRaWAN for smart cities
Actility and Solvera Lynx webinar: LoRaWAN for smart cities
 
Designing LoRaWAN networks for dense IoT deployments
Designing LoRaWAN networks for dense IoT deploymentsDesigning LoRaWAN networks for dense IoT deployments
Designing LoRaWAN networks for dense IoT deployments
 
Designing LoRaWAN for dense IoT deployments webinar
Designing LoRaWAN for dense IoT deployments webinarDesigning LoRaWAN for dense IoT deployments webinar
Designing LoRaWAN for dense IoT deployments webinar
 
Actility and Factory Systemes explain how IoT is transforming industry.
Actility and Factory Systemes explain how IoT is transforming industry.Actility and Factory Systemes explain how IoT is transforming industry.
Actility and Factory Systemes explain how IoT is transforming industry.
 
Multi technology geolocation webinar
Multi technology geolocation webinar Multi technology geolocation webinar
Multi technology geolocation webinar
 
LoRaWAN roaming
LoRaWAN roamingLoRaWAN roaming
LoRaWAN roaming
 
Webinar HORIZON 2020 - STORY How microgrids help optimize local energy storage
Webinar HORIZON 2020 - STORY How microgrids help optimize local energy storageWebinar HORIZON 2020 - STORY How microgrids help optimize local energy storage
Webinar HORIZON 2020 - STORY How microgrids help optimize local energy storage
 
Whitepaper - How to build a mutil-technology scalable IoT Connectivity Platform?
Whitepaper - How to build a mutil-technology scalable IoT Connectivity Platform?Whitepaper - How to build a mutil-technology scalable IoT Connectivity Platform?
Whitepaper - How to build a mutil-technology scalable IoT Connectivity Platform?
 
Whitepaper - LoraWAN and Cellular IoT (NB-IoT, LTE-M): How do they complement...
Whitepaper - LoraWAN and Cellular IoT (NB-IoT, LTE-M): How do they complement...Whitepaper - LoraWAN and Cellular IoT (NB-IoT, LTE-M): How do they complement...
Whitepaper - LoraWAN and Cellular IoT (NB-IoT, LTE-M): How do they complement...
 
LoRaWAN and 3GPP technologies cover all Industrial IoT use cases
LoRaWAN and 3GPP technologies cover all Industrial IoT use casesLoRaWAN and 3GPP technologies cover all Industrial IoT use cases
LoRaWAN and 3GPP technologies cover all Industrial IoT use cases
 

Recently uploaded

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Recently uploaded (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

LoRaWAN Security Webinar

  • 1. Copyright ©Actility LoRaWAN Security Alper Yegin Director of Standards and Advanced Technology Development, Actility Technical Committee Co-chair and Vice-Chair, LoRa Alliance
  • 3. Copyright ©Actility How are the LoRaWAN protocol/networks secured?
  • 4. Copyright ©Actility General Wireless Security 4 Device/terminal Network Threats Remedies (tools) Unauthorized access Mutual end-point authentication Spoofing Data origin authentication Replay protection Modification Integrity protection Eavesdropping Encryption … using cryptographic algorithms with strong keys
  • 5. Copyright ©Actility Mutual End-point Authentication 5 Using Advanced Encryption Standard (AES) with 128-bit symmetric keys and algorithms AppKey is random and per-device root key (cryptographic isolation) DevEUI: Device Extended Unique Identifier JoinEUI: Join server Extended Unique identifier (replaces AppEUI in earlier specs) Note -- Depicting LoRaWAN 1.0.x for brevity Device Network Gateway Join Server Application Application Server DevEUI JoinEUI AppKey DevEUI JoinEUI AppKey Network Server
  • 6. Copyright ©Actility Mutual End-point Authentication 6 Network NS JS Application AS LoRaWAN Join/Activation Procedure AS: Application Server JS: Join Server NS: Network Server GW: Gateway GW Using Advanced Encryption Standard (AES) with 128-bit symmetric keys and algorithms AppKey is random and per-device root key (cryptographic isolation) Device
  • 7. Copyright ©Actility Session Key Generation and Delivery 7 Device Network NS JS Application AS LoRaWAN Join/Activation Procedure NwkSKey AppSKey DevEUI DevAddr DevAddr,DevEUI AES-128 symmetric session keys GW
  • 8. Copyright ©Actility Data Origin Authentication, Integrity and Replay Protection 8 Device Network NS JS Application AS Uplink/downlink frame transmission NwkSKey DevAddr, FCnt, etc. Payload MIC MIC: Message Integrity Code AES-CMAC: AES Cipher-based Message Authentication Code (tools.ietf.org/html/rfc4493) AES-CMAC NwkSKey LoRaWAN Frame GW
  • 9. Copyright ©Actility Payload Encryption + Data Origin Auth, Integrity/Replay Protection 9 Device Network NS JS Application AS Uplink/downlink frame transmission NwkSKey DevAddr, FCnt, etc. Encrypted Payload MIC Clear-text Payload AES-CCM*AppSKey AppSKey AES-CMAC NwkSKey GW MIC: Message Integrity Code AES-CCM*: AES Counter with Cipher Block Chaining Message Authentication Code, * is for encryption-only variation defined in Zigbee standard
  • 10. Copyright ©Actility LoRaWAN End-to-end (Transport) Security 10 Device NS AS GW NwkSKey AppSKey LoRaWAN security Backend security (IPsec, TLS, firewall, etc.) LoRaWAN Encryption LoRaWAN Integrity protection Backend integrity protection + encryption Backend integrity protection + encryption Note1 – “Integrity protection” represents “data origin authentication, integrity & replay protection” Note2 – Supports encryption of MAC commands between the device and the NS Note3 – Application-layer e2e integrity protection is left to the apps as an option
  • 11. Copyright ©Actility LoRaWAN End-to-end (Transport) Security 11 Device NS AS GW NwkSKey AppSKey LoRaWAN security Backend security (IPsec, TLS, firewall, etc.) LoRaWAN Encryption LoRaWAN Integrity protection Backend integrity protection + encryption Backend integrity protection + encryption Communication protocol design.
  • 12. Copyright ©Actility Overall/Complete Security 12 Device NS AS GW NwkSKey AppSKey LoRaWAN security Backend security (IPsec, TLS, firewall, etc.) LoRaWAN Encryption LoRaWAN Integrity protection Backend integrity protection + encryption Backend integrity protection + encryption Communication protocol design, implementation, deployment. Application security, Device HW/SW platform security, Infra platform security.
  • 13. Copyright ©Actility Device Provisioning 13 Device NSGW JS DevEUI JoinEUI AppKey DevEUI JoinEUI AppKey Device manufacturer
  • 14. Copyright ©Actility Network-agnostic Provisioning 14 Device JS DevEUI JoinEUI AppKey DevEUI JoinEUI AppKey Device manufacturer Network1 GWs Network2 Network3 NSs
  • 15. Copyright ©Actility Deployment Flexibility 15 Device Network NS JS1 Application AS JS4 JS2 3rd party Device manufacturer JS3 Various options for where the JS of a Device can be hosted JS
  • 16. Copyright ©Actility Hardware Security 16 Device NSGW JS Device manufacturer SE (Secure Element) HSM (Hardware Security Module)
  • 17. Copyright ©Actility OTAA vs ABP 17 Device Network NS JS Application AS LoRaWAN Join/Activation Procedure NwkSKey AppSKey DevAddr DevAddr OTAA (Over-the-Air Activation) dynamically generates session keys from root keys. ABP (Activation by Personalization) devices are provisioned with session keys for ”a” pre-selected network. Prefer OTAA because: - ABP device can only work with a single network in its whole life - ABP device cannot rekey sessions X X X
  • 18. Copyright ©Actility LoRaWAN 1.1 Improvements 18 • Additional replay protection • Separation of security realms • Enhanced key management 32bit FCnt, disallow ABP FCnt reset, no DL retransmit, UL MIC bound to TxDr/TxCh, counter-based Join nonce values, Ack frame MIC uses Acked FCnt Distinct root keys and FCntDown for App and Nwk, UL MIC check in "stateful" visited network Richer key hierarchy with purpose-built session keys, re-keying w/o resetting data session
  • 19. Copyright ©Actility LoRaWAN 1.1 Improvements 19 • Additional replay protection • Separation of security realms • Enhanced key management 32bit FCnt, disallow ABP FCnt reset, no DL retransmit, UL MIC bound to TxDr/TxCh, counter- based Join nonce values, Ack frame MIC uses Acked FCnt Distinct root keys and FCntDown for App and Nwk, UL MIC check in "stateful" visited network Richer key hierarchy with purpose-built session keys, re-keying w/o resetting data session Applied to LoRaWAN 1.0.x: “Technical Recommendations for Preventing State Synchronization Issues around LoRaWAN™ 1.0.x Join Procedure” lora-alliance.org/resource-hub/technical-recommendations-preventing-state-synchronization-issues-around-lorawantm-10x
  • 20. Copyright ©Actility Firmware Update over the Air (FUOTA) 20 Security for FUOTA FUOTA for Security Signed firmware Integrity-protected multicast delivery (using group key) Integrity-protected unicast commands (using device key) Update device with software/firmware (security) patches in the field
  • 21. Copyright ©Actility DOs and DONTs 21 • Pick secret keys randomly and per-device, deliver and store securely • Don’t use arbitrary DevEUIs (respect IEEE OUIs) • Don’t use arbitrary DevAddrs (respect LoRa Alliance NetID/NwkID allocations) • Don’t use arbitrary JoinEUI/AppEUI (must point to a real JS with legitimate IEEE OUI) • Use trusted OS/ HW security for sensitive apps • Ensure end-to-end, whole-stack system security • Contribute to Technical Committee • Finding issues & proposing solutions • On-going work • QR code for facilitating device provisioning • Over-the-air device personalization DevEUI JoinEUI Mfr/Model etc… OUI: Organizationally Unique Identifier
  • 22. Copyright ©Actility 22 IoT network business enabler Data analytics and control framework IoT connectivity platform Geolocation and tracking of IoT devices B2B e-commerce hub for IoT IoT ecosystem digital services IoT market enablers Developer support and go-to-market accelerator Smart grid, flexibility market & energy efficiency Core network management solution For public IoT networks & service providers Powering IoT connectivity solutions dedicated to enterprise applications • Leading LoRaWAN system vendor • Over half of national public networks globally powered by ThingPark platform • Most comprehensive product/service portfolio • LoRa Alliance leadership • Founding member, Alliance Vice-chair, Board Member, Technical Committee Co-chair, Developer Community WG Chair, and active across all groups • Developer network • 1000+ registered members • B2B marketplace • 150+ sellers
  • 23. Copyright ©Actility ThingPark and Security 23 Public Service Provider Networks Large Manufacturers Vertical players Enterprise networks DX Decoders </> DX Connectors DX Engines AEPDevice Manufacturers SE Partners ThingPark Activation webinar: www.youtube.com/watch?v=mZgTr5VZiuI Roaming/ThingPark Exchange webinar: www.youtube.com/watch?v=tWP6VV1CKEg HSM Partners

Editor's Notes

  1. Actility is already a central piece for many Network Provider Actility is already powering many Operator NS, and will manage connectivity agreement from this central JS to all Actility-powered NS. Actility is contributing actively in interconnecting Network Providers together and to a central Activation service Active contributor at Alliance ThingPark Exchange helps with roaming in context where direct one2one agreements are complex to set in place Actility helping large enterprise players to deploy their own dedicated networks But leaving possibility to roam with major Network Providers And activate their devices everywhere Actility helping the device ecosystem Provides visibility through Marketplace Lead Alliance Dev community WG – interop engine Ease activation onboarding Actility exposes data through TPX Data transformation Connection to major AEPs