跳转至主要内容

Semtech’s Corporate Blog

Securing the IoT World: How Semtech Simplifies LoRaWAN Cybersecurity

Internet of Things, LoRaWAN

Dr. Richard Fuller, Shahar Feldman

Dr. Richard Fuller, Shahar Feldman

在物联网 (IoT) 互联时代,网络安全的风险从未如此之高。随着家庭、企业和关键基础设施中设备数量的激增,它们被不法利用的可能性也在增加。此外,随着物联网设备逐年增加,降低复杂性的重要性从未如此之高。Semtech 坚定地回应了这一需求。

 

A Simplified Approach to Complex Security Challenges 

At Semtech, we believe that securing IoT devices should be straightforward and effective. Our commitment to simplifying IoT in general, and cybersecurity specifically, is evident in our solutions, which are designed for easy integration and deployment. This approach not only enhances security, but also reduces the burden on our customers, allowing them to focus on their core operations without the hassle. 

 

Empowering Customers with Knowledge and Tools 

The recent US Executive Order on improving the nation’s cybersecurity underscores the importance of informed consumer choices and robust security standards. Semtech stands firmly behind this initiative, offering transparency and support to our customers through our Secure Development Lifecycle Programs and Vulnerability Management Program. For example, our partnership with HackerOne and our status as a CVE-Numbering Authority (CNA) are but two examples demonstrating our dedication to proactive security measures. As part of our secure product development process, we implement static code analysis through tools such as Synopsis Coverity.  

 

Securing LoRaWAN® Systems: A Multilayered Strategy  

  • LoRaWAN has defined strong end-to-end security that is compatible with the smallest and most power-efficient devices in IoT today 

  • Encryption is employed both for network messages as well as for application security 

  • The LoRa Alliance® security working group continues to advance security specifications to ensure threats are handled automatically by LoRaWAN networks  

  • Semtech utilizes a Hardware Security Module (HSM) for secure device key provisioning at the production site 

  • Semtech offers open source LoRaWAN Stack (LoRa Basics™ Modem) which meets the LoRa Alliance latest security specification including implementation of Firmware Update Over the Air (FUOTA) examples to support security patches and firmware updates for devices that are already deployed in the field 

  • LoRa ICs security leverages the well-tested and standardized AES cryptographic algorithms  

  • Specification releases are managed by the LoRa Alliance, a consortium of companies dedicated to a healthy and secure LoRaWAN ecosystem 

 

LoRaWAN® is designed with low-cost, low-power scalability at its core. This is true for end-device operation and provisioning. During network authentication, end-device session keys are created for both network and application traffic flow. The mutual authentication is performed with prior secret key sharing between the server and end-device which enables a highly efficient power and network activation process. Once activated, a 32-bit frame counter is used to protect against replay attacks. Once messages are authenticated at the Network Server, the message is sent to an Application Server through a secured IP connection. The Application Server provides the end-device owner an independent way of encrypting the end-device data without additional payload overhead. The Application Server can decrypt the application payload independent from the Network Server thus ensuring end-to-end security from the end-device to a secure network component. From the Application Server, the decrypted data can be sent to the target application via a secure IP method for storage, display or additional processing. To support future versions of the LoRaWAN protocol, the LoRa Alliance has provided a FUOTA framework to enable end-devices to receive updates to both application and LoRaWAN stack to ensure robustness as the security protection evolves.  

Blog-LoRa-CyberSecurity-diagram (2)

 

A major area of enhanced security protection for LoRaWAN devices over the past few years has been the utilization of advanced security protection such as Hardware Security Module (HSM) in the cloud and Secure Elements/Cryptographic compute modules on end-devices. Utilization of these technologies avoids the necessity of ever sharing the symmetric key information “in the clear”. The key data can be held in hardware without the ability of unauthorized entities to gain access to the values.  The diagram below illustrates a secure key provisioning and activation as performed in Semtech’s 3rd Generation LoRa Connect™ Transceivers and the Location-aware LoRa Edge™ platform. 

 

 

Conclusion: Navigating the Path to a Secure IoT Ecosystem

The journey toward a secure IoT ecosystem is ongoing, but with Semtech, businesses and consumers alike can navigate this landscape with confidence. By prioritizing simplicity, effectiveness, and continuous improvement, we are not just securing devices; we are securing futures. Join us as we continue to lead the way in making IoT cybersecurity easy and accessible for all. 

 

References: 
  1. LoRaWAN Security | River Publishers Journals & Magazine | IEEE Xplore 
  2. LoRaWAN Security FAQ | LoRa Alliance Website 
  3. Academy for LoRaWAN®: Security Aspects of LoRaWAN (semtech.com) 
  4. Secure key provisioning and activation – Introduction to Join Server 

 

Related Blogs:

近期文章

文章作者

See all