Issue link: https://read.uberflip.com/i/1428365
LoRaWAN 1.1 Specification ©2017 LoRa Alliance™ Page 51 of 101 The authors reserve the right to change specifications without notice. The NwkSEncKey SHOULD be stored in a way that prevents extraction and re-use by 1430 malicious actors. 1431 6.1.2.5 Application session key (AppSKey) 1432 The AppSKey is an application session key specific for the end-device. It is used by both 1433 the application server and the end-device to encrypt and decrypt the payload field of 1434 application-specific data messages. Application payloads are end-to-end encrypted between 1435 the end-device and the application server, but they are integrity protected only in a hop-by- 1436 hop fashion: one hop between the end-device and the Network Server, and the other hop 1437 between the Network Server and the application server. That means, a malicious Network 1438 Server may be able to alter the content of the data messages in transit, which may even 1439 help the Network Server to infer some information about the data by observing the reaction 1440 of the application end-points to the altered data. Network Servers are considered as trusted, 1441 but applications wishing to implement end-to-end confidentiality and integrity protection MAY 1442 use additional end-to-end security solutions, which are beyond the scope of this 1443 specification. 1444 The AppSKey SHOULD be stored in a way that prevents extraction and re-use by malicious 1445 actors. 1446 1447 6.1.2.6 Session Context 1448 Session Context contains Network Session and Application Session. 1449 1450 The Network Session consists of the following state: 1451 1452 F/SNwkSIntKey 1453 NwkSEncKey 1454 FCntUp 1455 FCntDwn (LW 1.0) or NFCntDwn (LW 1.1) 1456 DevAddr 1457 1458 The Application Session consists of the following state: 1459 1460 AppSKey 1461 FCntUp 1462 FCntDown (LW 1.0) or AFCntDwn (LW 1.1) 1463 1464 Network Session state is maintained by the NS and the end-device. Application Session 1465 state is maintained by the AS and the end-device. 1466 1467 Upon completion of either the OTAA or ABP procedure, a new security session context has 1468 been established between the NS/AS and the end-device. Keys and the end-device address 1469 are fixed for the duration of a session (FNwkSIntKey, SNwkSIntKey, AppSKey, DevAddr). 1470 Frame counters increment as frame traffic is exchanged during the session (FCntUp, 1471 FCntDwn, NFCntDwn, AFCntDwn). 1472 1473