Missing Puzzle Pieces of LoRaWAN Security

TheThings Network

The Things Network Global Team

Posted on 03-10-2018

Johan Stokking, Tech Lead of The Things Network and CTO of The Things Industries talks about LoRaWAN Security.

Do you encounter any of the below points? Hoist the red flag and double check the credibility of the partner or service you are working with.

LoRaWAN Security Red Flags

  1. Use of ABP. Not secure, keys cannot be changed, must be shared with network operator
  2. Keys printed on paper or sent by email. Keys should not be visible (use Hareware Secure Modules/HSM), paper trail is impossible to clear
  3. Unable to choose a Join Server or operate your own. Platform lock-in, potentially unsafe storage of end device root keys
  4. Unable to choose an Application Server or operate your own. Application data may get compromised
  5. Same keys for multiple end devices. End devices need unique keys
  6. Hardcoded keys in end device. End devices should use a HSM

Learn more by viewing the full webinar, Johan will share some tips to discover security flaws and to boost the secure your deployment.

Links:
Webinar

Forum discussion

LoRa Alliance Security White Paper

file