Doing More, Better: Security in LoRa Technology

By Marc Pegulu, Vice President Wireless LoRa and IoT, Wireless and Sensing Products Group

This week, more than 40,000 people arrived in the San Francisco Bay Area RSA 2019. As one of the most well-known, well-attended and most influential security conferences globally, RSA is prime to have today’s current pulse on all things security. In years past, cyber security has been a key topic of interest — and with the recent GDPR regulation — increasingly we’re witnessing organizations adopt new practices. This year’s show theme was Better. As mentioned on the conference website: “Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone can get on with making the real world a better place.”

It’s this topic that plays well into the Semtech conversation. Semtech is committed to making the world a better place, using technology to achieve that, and helping people deliver better services, deployments or offerings to their customers globally. When looking at connectivity for smart applications — such as lighting, gas metering, water metering or building management — having the correct, secure wireless protocol is king.

In collaboration with the LoRa Alliance™, Semtech’s expansive roster of customers deliver LoRa-based highly secure sensors for these smart home applications leveraging the LoRaWAN, low-power wide area network (LPWAN) network. As you may be familiar, the LoRaWAN™ open protocol is a standardized system, ensuring streamlined implementation that is easily interoperable with companies such as telecommunication operators, IoT solution providers and applications. In fact, chances are there is a LoRa-enabled sensor in your home and you’re running the application data to / from the LoRaWAN network.

Let’s talk more about its security.

Security doesn’t have to be a concern for our customers because LoRaWAN is a network technology that was designed from the outset to take security into account. While some may immediately think LPWAN is an easy target — offering low-cost, reliable connectivity over large distances — it’s not. To join a LoRaWAN-based network, each device must provide credentials that satisfy a network server that it is a legitimate user. Furthermore, the device must identify that it’s connected to the correct system. This ensures that only authorized and secure devices will be connected to authentic and secure networks.

Perhaps most important is that during the manufacturing process, each LoRaWAN-based device is personalized with a unique 128bit AES key, known in the protocol as the AppKey. The device also includes a globally unique identifier, DevEUI, that is based on the IEEE EUI64 address space. Each network has its own identifier that is based on a 24bit address range and managed by the LoRa Alliance.

What top trends and themes did you witness at RSA? How are these vendors doing better? How can we still be doing more, to be better?