Published On Jul 13, 2023
LPWAN playlist. Watch these video to understand more on LPWAN.
• LPWAN Part 1. Understand the Criteria...
Demystify Low Power Wide Area Network (LPWAN)
End Device Joins LoRaWAN Network:
Over-the-Air Activation (OTAA) or
Activation By Personalization (ABP)
Part 4
Before an end-device can communicate on the LoRaWAN, the following information (in red) are required.
Device Address (DevAddr)
Network Session Key (NwkSKey)
Application Session Key (AppSKey)
Two activation methods are available to join the LoRa network
Over-the-Air Activation (OTAA)
Activation By Personalization (ABP)
The first is 1) OTAA, Over-the-Air-Activation. The device and the network exchange a 128-bit AppKey. When the device send the join request, the AppKey is used to create a Message Integrity Code (MIC), the server then check the MIC with the AppKey. If the check is valid, the server creates two new 128-bit keys, the App Session key (AppSkey) and the Network Session Key (NwkSkey). These keys are sent back to the device using the AppKey as an encryption key. When the keys are received the device decrypts and installs the two session keys.
The second method for the network join is 2) ABP, Activation by Personalization. In this case the device session keys are inserted by the user, thus is possible to have security issues.
Device Address (DevAddr)
32-bit identifier
Unique within the network
Present in each data frame
Shared between End-device, Network Server, and Application Server
Differentiates nodes within the network, allowing the network to use the correct encryption keys and properly interpret the data
Network Session Key (NwkSKey)
128-bit AES encryption key
Unique per end-device
Shared between end-device and Network Server
Provides message integrity for the communication
Provides security for end-device to Network Server communication
Application Session Key (AppSKey)
128-bit AES encryption key
Unique per end-device
Shared between end-device and Application Server
Used to encrypt or decrypt application data messages
Provides security for application payload