Security Best Practices for the Join Procedure
When joining a device to a LoRaWAN network, consider the following best practices:
Use Over-the-Air Activation rather than Activation by Personalization
Over-the-Air Activation (OTAA) enables end devices to join and rejoin a LoRaWAN network. When using OTAA, session keys are generated when an end device joins the network. A good practice is to have a device rejoin the network occasionally so that new session keys are created. This reduces the chance of someone getting access to the application payload indefinitely when the session keys are impersonated. When using LoRaWAN, ensure that the join server runs in a secure domain that you host or that is hosted by a trusted third party, because this server stores the root keys for the cloud side of the LoRaWAN network. To prevent vendor lock-ins, check to see whether the join server is network-provider agnostic and whether it allows end devices to join a different LoRaWAN network operator over time.
In contrast, to activate a device using Activation-By-Personalization (ABP), session keys must be hard-coded into the device. These keys cannot be changed once the device is deployed in the field. Thus, ABP does not allow devices to join different LoRaWAN networks or application servers.
Use a Secure Hardware Module
The session keys are derived from the root keys: the Application Key (AppKey) and the Network Key (NwkKey). The root key(s) are stored on the device. We recommend that you store the root key(s) in a hardware secure module to make it much more difficult to access the key(s) using a brute force attack.
Secure Key Provisioning
It is vital that you always know who has access to the session keys for your end devices. Prevent your keys from being exposed to anyone who cannot be fully trusted.
Out-of-band key provisioning can be a good way to make sure that the people who insert the keys don’t have access to the keys of the devices themselves. It is possible, however, to create an application that uses BLE or NFC to inject the keys directly into the device.
Security Configurations
To mitigate against replay attacks, enable 32-bit frame counters for uplink and downlink messages. Also, use a fixed payload length to mask event-driven activities and help prevent hackers from deriving event-specific information from the payload.