Issue link: https://read.uberflip.com/i/1539840
Developing LoRaWAN Devices Technical Recommendation TR007-1.1 ©2021-2025 LoRa Alliance ® Page 25 of 28 The authors reserve the right to change documents without notice. 5 General Product Security 793 The primary purpose of this document is to provide recommendations that pertain to the 794 LoRaWAN-specific parts of the LoRaWAN-enabled product, however there may be 795 considerations for overall product security that ultimately depend on the application 796 functionality the LoRaWAN-enabled product provides to the overall system. For example, a 797 simple LoRaWAN-enabled environmental monitoring device used in grape growing, that is 798 one of a thousand spread across the whole vineyard, may not need the same security 799 considerations as a LoRaWAN-enabled door lock. 800 Because of this diversity of applications, it is difficult to be overly prescriptive regarding security 801 features that apply generally to all LoRaWAN-enabled products. This section highlights certain 802 security features that may need to be considered when designing a LoRaWAN-enabled 803 product. 804 5.1 External Schemes 805 There are a number of external schemes run by various organizations that can assist with 806 improving overall product security. These range from guidelines to strict certification, and 807 certain products targeted at a specific type of deployment may have additional requirements 808 for specific security certification. This is often the case in, for example, critical applications, 809 however certification is becoming increasingly essential for all IoT products (which includes 810 LoRaWAN-enabled products). Therefore, it is RECOMMENDED that product developers 811 consider external security certification for their products. 812 5.2 Interfaces 813 A LoRaWAN-enabled product may have many interfaces that allow data in and out of the 814 device. 815 • Debug interfaces (e.g., JTAG, SWI), that are used for development purposes, SHALL 816 be disabled in production devices. 817 • Interfaces used for testing purposes in production SHOULD be disabled for deployed 818 devices. 819 • Application interfaces SHALL NOT provide any means to modify any LoRaWAN 820 operations attributes other than configuration attributes. 821 • Application interfaces SHALL NOT provide any means to read any confidential 822 LoRaWAN attributes, for example root or session keys. 823 5.3 Device Integrity 824 A LoRaWAN-enabled product MAY require additional measures to ensure device integrity. 825 These measures may include: 826 • Secure boot 827 • Firmware update 828 A LoRaWAN-enabled product SHOULD implement the LoRaWAN Firmware Management 829 Protocol Specification [TS006] to allow firmware updates over-the-air (FUOTA). 830