Securing the IoT World: How Semtech Simplifies LoRaWAN™ Cybersecurity®

08 May 2024 / by Dr. Richard Fuller, Shahar Feldman

In the interconnected era of the Internet of Things (IoT), the stakes for cybersecurity have never been higher. As devices proliferate across homes, businesses and critical infrastructure, the potential for exploitation grows. Also, as IoT devices multiply year over year, the importance of reducing complexity has never been higher - and this is a call Semtech answers with conviction.

A Simplified Approach to Complex Security Challenges

At Semtech, we believe that securing IoT devices should be straightforward and effective. Our commitment to simplifying IoT in general, and cybersecurity specifically, is evident in our solutions, which are designed for easy integration and deployment. This approach not only enhances security, but also reduces the burden on our customers, allowing them to focus on their core operations without the hassle.

Empowering Customers with Knowledge and Tools

The recent US Executive Order on improving the nation's cybersecurity underscores the importance of informed consumer choices and robust security standards. Semtech stands firmly behind this initiative, offering transparency and support to our customers through our Secure Development Lifecycle Programs and Vulnerability Management Program. For example, our partnership with HackerOne and our status as a CVE-Numbering Authority (CNA) are but two examples demonstrating our dedication to proactive security measures. As part of our secure product development process, we implement static code analysis through tools such as Synopsis Coverity.

Securing LoRaWAN® Systems: A Multilayered Strategy

• LoRaWAN has defined strong end-to-end security that is compatible with the smallest and most power-efficient devices in IoT today

• Encryption is employed both for network messages as well as for application security

• The LoRa Alliance® security working group continues to advance security specifications to ensure threats are handled automatically by LoRaWAN networks

• Semtech utilizes a Hardware Security Module (HSM) for secure device key provisioning at the production site

• Semtech offers open source LoRaWAN Stack(LoRa Basics™ Modem)which meets the LoRa Alliance latest security specification including implementation of Firmware Update Over the Air (FUOTA) examples to support security patches and firmware updates for devices that are already deployed in the field

• LoRa ICs security leverages the well-tested and standardized AES cryptographic algorithms

• Specification releases are managed by the LoRa Alliance, a consortium of companies dedicated to a healthy and secure LoRaWAN ecosystem

LoRaWAN® is designed with low-cost, low-power scalability at its core. This is true for end-device operation and provisioning. During network authentication, end-device session keys are created for both network and application traffic flow. The mutual authentication is performed with prior secret key sharing between the server and end-device which enables a highly efficient power and network activation process. Once activated, a 32-bit frame counter is used to protect against replay attacks. Once messages are authenticated at the Network Server, the message is sent to an Application Server through a secured IP connection. The Application Server provides the end-device owner an independent way of encrypting the end-device data without additional payload overhead.The Application Server can decrypt the application payload independent from the Network Server thus ensuring end-to-end security from the end-device to a secure network component. From the Application Server, the decrypted data can be sent to the target application via a secure IP method for storage, display or additional processing. To support future versions of the LoRaWAN protocol, the LoRa Alliance has provided a FUOTA framework to enable end-devices to receive updates to both application and LoRaWAN stack to ensure robustness as the security protection evolves.

A major area of enhanced security protection for LoRaWAN devices over the past few years has been the utilization of advanced security protection such as Hardware Security Module (HSM) in the cloud and Secure Elements/Cryptographic compute modules on end-devices. Utilization of these technologies avoids the necessity of ever sharing the symmetric key information "in the clear". The key data can be held in hardware without the ability of unauthorized entities to gain access to the values. The diagram below illustrates a secure key provisioning and activationas performed in Semtech's 3rdGeneration LoRa Connect™Transceivers and the Location-aware LoRa Edge™platform.

Conclusion: Navigating the Path to a Secure IoT Ecosystem

The journey toward a secure IoT ecosystem is ongoing, but with Semtech, businesses and consumers alike can navigate this landscape with confidence. By prioritizing simplicity, effectiveness, and continuous improvement, we are not just securing devices; we are securing futures. Join us as we continue to lead the way in making IoT cybersecurity easy and accessible for all.

References:

1. LoRaWAN Security | River Publishers Journals & Magazine | IEEE Xplore
2. LoRaWAN Security FAQ | LoRa Alliance Website
3. Academy for LoRaWAN®: Security Aspects of LoRaWAN (semtech.com)
4. Secure key provisioning and activation - Introduction to Join Server

Public link

Please use the above public link if you want to share this noodl on another website.