Issue link: https://read.uberflip.com/i/1510695
5177 Brandi n Court, Frem ont, CA94538 | Tel : +1 51 0 -4 9 2 -4044 | Fax : +1 510 -4 9 2 -4001 | www.l o ra -al l i anc e.org Security FAQ Security FAQ This FAQ is based on the LoRaWAN L2 1.0.4 specification. What makes LoRaWAN® secure? Unlike wired networks, which contain communication within wires or fibers, the fundamental challenge for wireless networks is that there is no enforceable physical perimeter around devices that communicate wirelessly. An attacker only needs to be in the vicinity of the wireless network to attempt eavesdropping, simple capture and replay, network traffic modification, spoofing and unauthorized network access. LoRaWAN provides a solid security foundation to defeat these attacks by using cryptography. This security foundation protects network traffic and uses secure device credentials, ensuring the confidentiality, integrity, and authenticity of network traffic between LoRaWAN end-devices and other LoRaWAN network elements. What are the main security features of LoRaWAN? The LoRaWAN security foundation protects network traffic through encryption and integrity protection. Encryption prevents eavesdropping, and integrity protection prevents simple capture and replay, and modification of network traffic. Secure device credentials, including a unique device identifier and secret key, enable device authentication and authorization, which prevent spoofing and unauthorized network access. LoRaWAN security is based on the Advanced Encryption Standard (AES), which is specified in NIST FIPS 197. How do I ensure my LoRaWAN network implementation is secure? There are three essential aspects to implementing a secure LoRaWAN network. Firstly, the solid security foundation already provided by LoRaWAN gives implementers confidence that their LoRaWAN network is fundamentally secure. LoRaWAN end-device manufacturers can ensure their products comply with LoRaWAN protocols by certifying them through the LoRa Alliance®. Secondly, there are a number of best practices that can be used to build upon the security foundation. Examples of these best practices are using properly assigned identifiers, regularly updating device firmware, implementing proper access controls, and monitoring network traffic for any unusual activities. Technical Recommendation 7 from the LoRa Alliance gives specific guidance for LoRaWAN end-device and stack developers. Lastly, if required, additional security strength measures can be designed into LoRaWAN end-devices and network elements. Examples of these measures are using secure boot processes and intrusion detection systems. LoRaWAN end-devices can also use Secure Elements that provide hardware level security equivalent to a SIM card, and servers in the backend infrastructure can use Hardware Security Modules (HSM). The choice of which measures to use will ultimately depend upon the requirements imposed by the application.