Low Power Wide Area Networks security
Sophia-Antipolis, December 9, 2015 Pierre Girard, Security Solution Expert
Introduction LPWAN technologies are booming Main drivers Low cost Low power consumption
High trust level needs to be maintained
2
LPWAM security - P. Girard
09/12/2015
Why trust in IoT ? Management of sensitive devices Valve, pump, door, engine, …
Management of sensitive transactions Energy: (not) producing, (not) consuming, storing … X as a Service: cleaning, manufacturing, flying …
Management of sensitive data Location / presence, behavior / consumption patterns, …
3
LPWAM security - P. Girard
09/12/2015
IoT will redefine your business model …
… and you want to protect it ! 4
LPWAM security - P. Girard
09/12/2015
Main security requirements Device / network mutual authentication End-to-end applicative level security
5
LPWAM security - P. Girard
09/12/2015
Business as usual ?
Requirements Mutual auth.
WAN
LPWAN
+ AKA
E2E sec.
6
LPWAM security - P. Girard
+ TLS
09/12/2015
Too costly Too much power Too costly Too much power
The LoRaWAN security example
7
LPWAM security - P. Girard
09/12/2015
LoRaWAN device (class A) communication
8
LPWAM security - P. Girard
09/12/2015
LoRa architecture
Devices 9
LPWAM security - P. Girard
Gateways 09/12/2015
LoRa network server
Application servers
LoRa security Each device is provisioned with a unique AES 128 key : AppKey
Devices 10 LPWAM security - P. Girard
Gateways 09/12/2015
LoRa network server
Application servers
LoRa security: network connection A cryptogram (MIC) is computed with AppKey
Joint request (DevNonce,…, MIC)
Devices 11 LPWAM security - P. Girard
Gateways 09/12/2015
LoRa network server
Application servers
LoRa security: network connection A cryptogram (MIC) is also computed with AppKey
Joint accept (…, MIC)
Devices 12 LPWAM security - P. Girard
Gateways 09/12/2015
LoRa network server
Application servers
Not a classic challenge / response scheme Saves a round trip But nonce is generated by the device to be authenticated Server-side has to check for replays
13 LPWAM security - P. Girard
09/12/2015
LoRa security: network connection Two session keys are derived : AppSKey and NwkSKey
AppSKey NwkSKey
Devices 14 LPWAM security - P. Girard
Gateways 09/12/2015
LoRa network server
Application servers
LoRa security: network connection NwkSkey is used for network layer security
Devices 15 LPWAM security - P. Girard
Gateways 09/12/2015
LoRa network server
Application servers
LoRa security: network connection AppSkey is used for application layer end to end security
Devices 16 LPWAM security - P. Girard
Gateways 09/12/2015
LoRa network server
Application servers
LoRaWAN frame content for payloads
DevAddr
FCnt
Payload
MIC
Encrypted with
Compute MIC with
17 LPWAM security - P. Girard
09/12/2015
18 LPWAM security - P. Girard
09/12/2015
Problem statement for secure key provisioning How to provision the devices / servers without Secure Elements ? As the same key (AppKey) is used to derive both the network key (NwkSKey) and the applicative key (AppSkey), the network operator and its customers have a conflict of interest: if the network operator knows the device key AppKey, it will be able to compute the AppSkey and thus intercept the applicative data; if the application provider knows the device key AppKey, it will be able to compute the NwkSKey and thus clone devices.
A Trusted Third party is needed !
19 LPWAM security - P. Girard
09/12/2015
Introduction of a Trusted Third Party
Trusted Third Party
Device manufacturers 20 LPWAM security - P. Girard
09/12/2015
Device provisioning AppKey generation
Trusted Third Party
Device manufacturers 21 LPWAM security - P. Girard
09/12/2015
Device claiming Claim device DevEUI
Trusted Third Party
Device manufacturers 22 LPWAM security - P. Girard
09/12/2015
Network connection
Trusted Third Party
Joint request (…, MIC)
Device manufacturers 23 LPWAM security - P. Girard
09/12/2015
Network connection Joint request (…, MIC)
Trusted Third Party
Device manufacturers 24 LPWAM security - P. Girard
09/12/2015
Network connection Joint accept (…, MIC) Trusted Third Party
Device manufacturers 25 LPWAM security - P. Girard
09/12/2015
Network connection
Trusted Third Party
Joint accept (…, MIC)
Device manufacturers 26 LPWAM security - P. Girard
09/12/2015
Key derivation
Trusted Third Party
Device manufacturers 27 LPWAM security - P. Girard
09/12/2015
Key distribution
Trusted Third Party
Device manufacturers 28 LPWAM security - P. Girard
09/12/2015
Secure communication with TLS PKI
29 LPWAM security - P. Girard
09/12/2015
Conclusion LPWAN drivers are low cost and low power Trust is needed, more than ever ! A new trust infrastructure is required
30 LPWAM security - P. Girard
09/12/2015
Thanks for your attention
31 LPWAM security - P. Girard
09/12/2015