Provisioning Devices: Overview

There are two methods for provisioning end devices that are used on a LoRaWAN network: Activation-By-Personalization (ABP) and Over-the-Air-Activation (OTAA). Each has its own requirements and operational use. Essentially, an ABP device has all the information it needs to talk to the network before it connects to the network. Additionally, it has a device EUI (DevEUI), device address (DevAddr), and one-time, shared, secret session keys. 

In contrast, an OTAA device is provisioned with a DevEUI, join EUI (JoinEUI), and one or more root keys that are then used during the Join procedure.

All end devices are identified through the DevEUI and are provisioned with one or more shared secrets, which are used to authenticate and encrypt frames to and from the network.

An Extended-Unique-Identifier (EUI) is used to globally and uniquely identify a device and other network elements. These are 64-bit identifiers allocated from a pool of EUIs owned by the organization developing the device. EUIs are constructed from an Organizationally-Unique-Identifier (OUI), for which the most significant bits have been purchased from the IEEE Registration Authority.

The DevAddr is a 32-bit identification of an end device. It is allocated by the Network Operator and consists of a Network-ID (NetID) and a Host-ID. The NetID is allocated by the LoRa Alliance. The NetIDs 0 and 1 can be used in private networks, where the operator does not have a NetID allocated by the LoRa Alliance.

Security keys consist of 128-bits. The use of root keys is limited to deriving session keys in the JoinRequest and JoinAccept messages.  Session keys are used to form Message Integrity Codes (MICs) and to encrypt and decrypt all messages other than the JoinRequest and JoinAccept messages. (This may be subject to change in future revisions of the LoRaWAN specification.)




Last modified: Tuesday, August 30, 2022, 12:10 AM