Issue link: https://read.uberflip.com/i/1464684
LoRaWAN ® Remote Multicast Setup Specification TS005-2.0.0 ©2022 LoRa Alliance ® Page 10 of 21 The authors reserve the right to change specifications without notice. AES encrypt operation to decrypt the message. This way, an end-device only has to 286 implement AES encrypt, but not AES decrypt. 287 Note: Networks that overlap radio coverage: 1) may use the same 288 NetIDs (e.g., NetID 0/1); 2) are required to use different multicast 289 addresses per multicast group; 3) are not required to negotiate one-to- 290 many in order to select different multicast addresses. Therefore, the 291 solution must minimize the risk of two such networks using the same 292 McKey at the same time. The end-device first relies on the multicast 293 address received in the frame header to select receive packets and will 294 reject any multicast address-colliding reception based on the Message 295 Integrity Check (MIC) verification using the McNwkSKey. 296 This note is specifically addressed to network implementations 297 targeting multiple "small" instances of network + multicast servers 298 using pre-configured copies of the same system, where the risk to 299 deploy the same multicast predefined address is greatest. 300 The process used to generate McKey is required to minimize the risk 301 that two multicast groups will use the same McKey values. This can be 302 achieved by using either: 303 - A true cryptographic random generator (collision risk is down to 304 2 −128 ). 305 - A derivation scheme based on a root key diversified using the 306 multicast group address + Ethernet MAC address of the server 307 managing multicast groups + current time. 308 309 The McKey is encrypted with the McKEKey as follows: 310 McKey_encrypted = aes128_decrypt(McKEKey, McKey) 311 312 The McKey_encrypted key SHALL be decrypted using the following operation to give 313 the multicast group's McKey. 314 McKey = aes128_encrypt(McKEKey, McKey_encrypted) 315 316 The McKEKey is a lifetime, end-device-specific key used to encrypt multicast keys 317 transported over the air (it is a Key Encryption Key), and may be either: 318 • Derived from a new root key (GenAppKey) provisioned in the end-device at any 319 time before the deployment of the end-device in the field. LoRaWAN 1.0.x end- 320 devices SHALL use this scheme: 321 o McRootKey = aes128_encrypt(GenAppKey, 0x00 | pad 16 ) 322 o McKEKey = aes128_encrypt(McRootKey, 0x00 | pad 16 ) 323 • Derived from the AppKey. LoRaWAN 1.1+ end-devices SHALL use this scheme: 324 o McRootKey = aes128_encrypt(AppKey, 0x20 | pad 16 ) 325 o McKEKey = aes128_encrypt(McRootKey, 0x00 | pad 16 ) 326 This scheme applies for all types of end-device activation, Over-the-Air Activation (OTAA) 327 and Activation by Personalization (ABP). Even if LoRaWAN 1.1 ABP end-devices do not 328 require AppKey for activation, it is REQUIRED for McRootKey generation. 329