Whitepapers

Wi-Fi & LoRaWAN® Deployment Synergies

Issue link: https://read.uberflip.com/i/1423232

Contents of this Issue

Navigation

Page 43 of 62

Report Title: Wi-Fi & LoRaWAN ® deployment synergies Issue Date: September 2019 Version: 1.0. final version 40 LoRa Alliance & Wireless Broadband Alliance Confidential & Proprietary Copyright © 2019 Network Session key only known by the end device and the Network server. This key is only used for signature. The Frame signature (Message Integrity Code) is computed over the entire frame. Therefore, a frame cannot be modified between end device and network server without compromising the signature. Only components involved are end device and network server. Gateway and Gateway back- haul are fully transparent as regards to the LoRaWAN ® security model. It is nevertheless highly recommended to secure the backhaul link between Gateways and Network server. Network session keys are derived from the network key, only known by the end device and the Network Server and stored in a secured data base name Joined Server. Uplink authentications Upon reception of each frame, network server checks that the received frame signature matched the one computed using the network session key derived and stored by the Join Server. If two signatures match, the frame is really coming from legitimate device and the content has not been modified in any way. The encrypted payload can be routed to the Application server for final delivery to the application. Downlink authentications Same process applies for downlink. The network nerver signs each frame with a MIC computed over the entire transmitted packet, using the destination end device Network Session key. • Using MIC, the Network Server can differentiate a legitimate end device from one trying to steal the end device's identification (Dev Addr), in case of a cloning attack. • The end device can check that the commands coming from the Network Server are legitimate. • Additionally, each frame contains a frame counter (FCnT) forbidding "replay attacks". Only frames using a fresh Frame counter value are processed. Join Server and Join Procedure Join server derives and stores Application and Network keys. Join Server is tasked to derive Network Session keys and Application Session key and to provide them to Network Server and Application Server. The session keys (network and application) are computed when a device connects to the Network for the first time or reconnect to another Network in case of roaming: it is called the Join Procedure or Re-join in case of roaming. The join procedure can be processed over the Air (Over The Air Activation) or by pre-provisioning on the device production bench (Activation By personalization). 10 Interconnection processes Wi-Fi interconnection model Based on WBA Roaming white paper [29] Wi-Fi roaming is designed as follows: There are three primary stakeholders in the Wi-Fi Roaming ecosystem. Due to the communal nature of Wi-Fi, often a single company is involved in providing more than one element of the ecosystem. Home Service Provider (HSP) Subscriber Owner(s) –Companies who enable Wi-Fi access to their customers/subscriber provide preconfigured mechanisms to allow preconfigured access at trusted

Articles in this issue

view archives of Whitepapers - Wi-Fi & LoRaWAN® Deployment Synergies