Worldwide Connectivity for the Internet of Things Through LoRaWAN
Abstract
:1. Introduction
- the low-power wide-area networks (LPWANs), which will serve the needs of the massive IoT for smart metering, remote monitoring and tracking, etc. [1]. Renowned examples of LPWANs are LoRaWAN™ and SigFox™ on unlicensed spectrum, and NB-IoT on licensed spectrum;
- the ultra-reliable low-latency communications (URLLC), serving the needs of mission-critical IoT for, e.g., smart manufacturing and autonomous driving. URLLC is mostly implemented in the context of the fifth-generation (5G) cellular network [2].
- As NB-IoT works on licensed frequencies, is based on subscriber identification module (SIM) and run by traditional cellular operators, it should benefit from the traditional roaming features of the mobile networks.
- Sigfox™ is based on a single worldwide network, thus the roaming concept does not apply. Looking more in depth, however, one may notice that the roaming is effectively applied as a “feature” of the business model SigFox™ is using. As a matter of fact, such a business model resembles quite closely the one of franchising, where—for example—in Italy the company NetTrotter, which is part of the EITowers group, is the franchisee of SigFox France. NetTrotter is deploying the SigFox™ network in Italy, but Italian customers see only the SigFox logo and services, and all the back-end systems are run by SigFox France. In this way, they are creating a global unique network for the customer, and the roaming issue becomes purely a matter of sharing the revenues between the different local companies and the mother company in France.
2. A Preliminary Overview of the LoRaWAN™ System
- The radio access network part, composed of terminals (which are called end devices in the context of LoRaWAN™ networks) and gateways (GW);
- The back-end part, that is, the “core network” of LoRaWAN™ networks, composed of the network server (NS). Actually, the back-end is much more complicated than a simple entity as the NS, and will be further examined in the next sections.
- packets are exchanged in both directions (uplink and downlink);
- the GWs are transparent devices. This means that they receive/transmit the packets over the radio interface and they receive/forward these packets from the NS without any intervention on the packets themselves.
3. The Back-End of the LoRaWAN™ System
Three Different Types of Network Servers
- the home NS. It is the NS of the network operator the end device belongs to;
- the serving NS. It is the NS of an operator whose network is taking care of end nodes which are out of coverage of their own home network. It performs all of the functions of the home NS, as far as the MAC protocol is concerned, handling the so-called “active roaming” of the end device. We observe that the term “serving NS” is often used in a more general sense in the LoRaWAN™ specification. In particular, when the end node is under the control of the home NS, the home NS takes the role of serving NS as well. Thus, in this case the distinction between home NS and serving NS is purely logical, without any actual consequence on the procedures and protocols;
- the forwarding NS. It is the NS of an operator whose network may have, for example, a radio coverage overlapping with the home network of some end devices. It is transparent, and forwards/receives the traffic to/from the end devices through the GWs attached to it. It handles the so-called “passive roaming”.
4. How an End Device Joins a LoRaWAN™ Network
- security without SIM card;
- separate security and confidentiality between control/network-data and user-data. Indeed, the user data are encrypted with keys which are not known to the network operator, while the control commands (e.g., the MAC commands) are encrypted with keys which have nothing to do with the keys used to encrypt user data.
- activation by personalization (ABP);
- over the air activation (OTAA).
4.1. Keys in an End Device before Joining the Network
- The JoinEUI. It is a global application identifier (ID) in the IEEE EUI64 address space (standard for layer-2 port identification released by IEEE. The address space utilizes 64 bit. For more information, see https://standards.ieee.org/products-services/regauth/index.html) that uniquely identifies the join server that assists the end device in the processing of the join procedure and the session keys derivation;
- The DevEUI. It is another global ID in the IEEE EUI64 address space that is used to uniquely identify the end device;
- The NwkKey. It is a AES-128 root key [9] specific to the end device, which is assigned to the end device during fabrication;
- The AppKey. It is another AES-128 root key [9] specific to the end device that is assigned to the end device during fabrication.
4.2. Keys in an End Device after Joining the Network
- the NwkSEncKey. It is used to encrypt the signaling traffic;
- the AppSKey. It is used to encrypt the end device user traffic;
- the SNwkSIntKey and FNwkSIntKey. They are used to calculated the message integrity code (MIC) for the signaling traffic;
- the JSIntKey. It is used to calculate the MIC for rejoin-request type 1 messages and join-accept answers;
- the JSEncKey. It is used to encrypt the join-accept triggered by a rejoin-request;
- the end device DevAddr. It consists of 32 bits and identifies the end device within the current network. The DevAddr is allocated by the NS of the end device.
4.3. Flow Chart of the Join Procedure in the Non-Roaming Case
- (1)
- The end device sends via LoRa radio link(s), i.e., through GW(s), a join-request message over the air and, being under the coverage of the home network, the message will reach the Home NS.
- (2)
- (3)
- The home NS passes the request as a JoinReq to the join server previously identified, including the DevEUI and other relevant parameters.
- (4)
- The join server, having all the necessary keys, derives the session keys for the control data and provide the NS with them.
- (5)
- The NS replies to the end device with a join-accept (via the radio interface, i.e., via the GWs) and sets all of the radio parameters.
- (6)
- A user data packet is sent (via the radio interface, i.e., via the GWs) to the NS as a JoinAns.
- (7)
- The network server, being the received packet made of user data, forwards it to the application server.
- (8)
- The application server gets the session keys for user data from the join server and decrypts the message making it available to the application layer.
4.4. Flow Chart of the Join Procedure in Case of Roaming
- (1)
- The end device sends via LoRa radio link(s), i.e., through GW(s), a join-request message over the air and, not being under the coverage of the home network, the message will reach a visiting NS.
- (2)
- (3)
- The visiting NS asks the join server the address of the home NS for the specific end device.
- (4)
- The join server provides the address of the home NS for the specific end device to the visiting NS.
- (5)
- The visiting NS asks all the information available to the home NS about the specific end device to be forwarded to it.
- (6)
- The visiting NS gets all the information available to the home NS about the specific end device.
- (7)
- The visiting NS asks the home NS of the specific end device to take control of the end device itself and possibly to host the end device in its network.
- (8)
- The home NS passes the request as a JoinReq to the join server previously identified, including the DevEUI and other relevant parameters.
- (9)
- The join server, having all the necessary keys, derives the session keys for the control data and provide the home NS with them as a JoinAns.
- (10)
- The home NS forward the session keys to the visiting NS.
- (11)
- The visiting NS replies to the end device with a join-accept (via the radio interface, i.e., via the GWs) and set all of the radio parameters.
- (12)
- A user data packet is sent (via the radio interface, i.e., via the GWs) to the visiting NS.
- (13)
- The visiting NS, being the received packet made of user data, forwards it to the application server.
- (14)
- The application server gets the session keys for user data from the join server and decrypts the message making it available to the application layer.
5. The Rationale of LoRaWAN™ Architecture for a Global Roaming of Things
“How do the servers get to know the keys?”
- having a trusted third-party repository (i.e., the join server) for the original keys of an end device which can be reached by any LoRaWAN™ network;
- having the home NS that knows the details of the subscription for an end device;
- having an application server to which the data generated by the end device are delivered, and to which the user data intended to be delivered to the end device must be provided.
- the DevEUI;
- the AppKey;
- the NwkKey;
- the home NS identifier;
- the application server identifier.
- The join server is the owner of the secret keys of each end device. It is not part of any LoRaWAN™ network operator, and since it is a crucial part of the architecture it is supposed to be run by a trusted third party (different from the operator). The join server releases the session keys to the application server and the home NS (and then to the visiting NS in case of roaming, see Figure 4), so that the original secret keys never get compromised. That is the motivation of recommending to renew the session keys, just in case an attacker could get hold of the session keys.
- The network server of the home network or a visiting (serving) network can get its session keys once again from the join server. We want to remark that the DevEUI is sent in clear text to the home NS (via the GWs) or the visiting NS (in case of roaming), which then can interrogate the join server and ask for the specific session keys.
- The home or visiting NS is finally able to direct and receive the user information to the right application server, since the home or visiting NS can get to know the identifier of the application server, as said above. Furthermore, the application server can get the session key to decrypt/encrypt the traffic from/to end device from the join server.
- not give the secret keys to the network operators and applications servers, but deliver them to a trusted third party, enabling the roaming between different network operators;
- decoupling the security of the control information (e.g., MAC commands, for which the end point is the NS) and the user information (for which the end point is the application server).
6. Conclusions
Author Contributions
Funding
Conflicts of Interest
Abbreviations
ABP | Activation by personalization |
AS | Application server |
IEEE EUI64 | IEEE extended unique identifier—64-bit address space |
GW | Gateway |
ID | Identifier |
JS | Join server |
LPWAN | Low-power wide-area network |
MAC | Medium access control |
NB-IoT | Narrowband internet of things |
NS | Network server |
OTAA | Over-the-air activation |
URLLC | Ultra-reliable low-latency communications |
References
- Ayoub, W.; Samhat, A.E.; Nouvel, F.; Mroue, M.; Prévotet, J. Internet of Mobile Things: Overview of LoRaWAN, DASH7, and NB-IoT in LPWANs standards and Supported Mobility. IEEE Commun. Surv. Tutor. 2018. [Google Scholar] [CrossRef]
- Li, Z.; Uusitalo, M.A.; Shariatmadari, H.; Singh, B. 5G URLLC: Design Challenges and System Concepts. In Proceedings of the 2018 15th International Symposium on Wireless Communication Systems (ISWCS), Lisbon, Portugal, 28–31 August 2018; pp. 1–6. [Google Scholar]
- Samuel, S.S.I. A review of connectivity challenges in IoT-smart home. In Proceedings of the 2016 3rd MEC International Conference on Big Data and Smart City (ICBDSC), Muscat, Oman, 15–16 March 2016; pp. 1–4. [Google Scholar]
- Rzepecki, W.; Iwanecki, Ł.; Ryba, P. IEEE 802.15.4 Thread Mesh Network—Data Transmission in Harsh Environment. In Proceedings of the International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), Barcelona, Spain, 6–8 August 2018; pp. 42–47. [Google Scholar]
- Benvenuto, N.; Zorzi, M. Principles of Communications Networks and Systems; John Wiley and Sons Ltd.: Chichester, UK, 2011. [Google Scholar]
- Vangelista, L. Frequency Shift Chirp Modulation: The LoRa Modulation. IEEE Signal Process. Lett. 2017, 24, 818–821. [Google Scholar] [CrossRef]
- Centenaro, M.; Vangelista, L.; Zanella, A.; Zorzi, M. Long-range communications in unlicensed bands: The rising stars in the IoT and smart city scenarios. IEEE Wirel. Commun. 2016, 23, 60–67. [Google Scholar] [CrossRef]
- LoRaWAN™ Specification v1.1. Available online: https://lora-alliance.org/resource-hub/lorawantm-specification-v11 (accessed on 16 December 2018).
- Daemen, J.; Rijmen, V. The Design of Rijndael AES—The Advanced Encryption Standard; Springer: Berlin/Heidelberg, Germany, 2002. [Google Scholar]
- LoRaWAN™ Back-End Interfaces v.1.0. Available online: https://lora-alliance.org/resource-hub/lorawantm-back-end-interfaces-v10 (accessed on 16 December 2018).
- LoRaWAN™ Regional Parameters v.1.1. Available online: https://lora-alliance.org/resource-hub/lorawantm-specification-v11 (accessed on 16 December 2018).
© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Vangelista, L.; Centenaro, M. Worldwide Connectivity for the Internet of Things Through LoRaWAN. Future Internet 2019, 11, 57. https://doi.org/10.3390/fi11030057
Vangelista L, Centenaro M. Worldwide Connectivity for the Internet of Things Through LoRaWAN. Future Internet. 2019; 11(3):57. https://doi.org/10.3390/fi11030057
Chicago/Turabian StyleVangelista, Lorenzo, and Marco Centenaro. 2019. "Worldwide Connectivity for the Internet of Things Through LoRaWAN" Future Internet 11, no. 3: 57. https://doi.org/10.3390/fi11030057
APA StyleVangelista, L., & Centenaro, M. (2019). Worldwide Connectivity for the Internet of Things Through LoRaWAN. Future Internet, 11(3), 57. https://doi.org/10.3390/fi11030057