Low Power Wide Area Networks security

Sophia-Antipolis, December 9, 2015 Pierre Girard, Security Solution Expert

Introduction LPWAN technologies are booming Main drivers Low cost Low power consumption

High trust level needs to be maintained

2

LPWAM security - P. Girard

09/12/2015

Why trust in IoT ? Management of sensitive devices Valve, pump, door, engine, …

Management of sensitive transactions Energy: (not) producing, (not) consuming, storing … X as a Service: cleaning, manufacturing, flying …

Management of sensitive data Location / presence, behavior / consumption patterns, …

3

LPWAM security - P. Girard

09/12/2015

IoT will redefine your business model …

… and you want to protect it ! 4

LPWAM security - P. Girard

09/12/2015

Main security requirements Device / network mutual authentication End-to-end applicative level security

5

LPWAM security - P. Girard

09/12/2015

Business as usual ?

Requirements Mutual auth.

WAN

LPWAN

+ AKA

E2E sec.

6

LPWAM security - P. Girard

+ TLS

09/12/2015

Too costly Too much power Too costly Too much power

The LoRaWAN security example

7

LPWAM security - P. Girard

09/12/2015

LoRaWAN device (class A) communication

8

LPWAM security - P. Girard

09/12/2015

LoRa architecture

Devices 9

LPWAM security - P. Girard

Gateways 09/12/2015

LoRa network server

Application servers

LoRa security Each device is provisioned with a unique AES 128 key : AppKey

Devices 10 LPWAM security - P. Girard

Gateways 09/12/2015

LoRa network server

Application servers

LoRa security: network connection A cryptogram (MIC) is computed with AppKey

Joint request (DevNonce,…, MIC)

Devices 11 LPWAM security - P. Girard

Gateways 09/12/2015

LoRa network server

Application servers

LoRa security: network connection A cryptogram (MIC) is also computed with AppKey

Joint accept (…, MIC)

Devices 12 LPWAM security - P. Girard

Gateways 09/12/2015

LoRa network server

Application servers

Not a classic challenge / response scheme Saves a round trip But nonce is generated by the device to be authenticated Server-side has to check for replays

13 LPWAM security - P. Girard

09/12/2015

LoRa security: network connection Two session keys are derived : AppSKey and NwkSKey

AppSKey NwkSKey

Devices 14 LPWAM security - P. Girard

Gateways 09/12/2015

LoRa network server

Application servers

LoRa security: network connection NwkSkey is used for network layer security

Devices 15 LPWAM security - P. Girard

Gateways 09/12/2015

LoRa network server

Application servers

LoRa security: network connection AppSkey is used for application layer end to end security

Devices 16 LPWAM security - P. Girard

Gateways 09/12/2015

LoRa network server

Application servers

LoRaWAN frame content for payloads

DevAddr

FCnt

Payload

MIC

Encrypted with

Compute MIC with

17 LPWAM security - P. Girard

09/12/2015

18 LPWAM security - P. Girard

09/12/2015

Problem statement for secure key provisioning How to provision the devices / servers without Secure Elements ? As the same key (AppKey) is used to derive both the network key (NwkSKey) and the applicative key (AppSkey), the network operator and its customers have a conflict of interest: if the network operator knows the device key AppKey, it will be able to compute the AppSkey and thus intercept the applicative data; if the application provider knows the device key AppKey, it will be able to compute the NwkSKey and thus clone devices.

A Trusted Third party is needed !

19 LPWAM security - P. Girard

09/12/2015

Introduction of a Trusted Third Party

Trusted Third Party

Device manufacturers 20 LPWAM security - P. Girard

09/12/2015

Device provisioning AppKey generation

Trusted Third Party

Device manufacturers 21 LPWAM security - P. Girard

09/12/2015

Device claiming Claim device DevEUI

Trusted Third Party

Device manufacturers 22 LPWAM security - P. Girard

09/12/2015

Network connection

Trusted Third Party

Joint request (…, MIC)

Device manufacturers 23 LPWAM security - P. Girard

09/12/2015

Network connection Joint request (…, MIC)

Trusted Third Party

Device manufacturers 24 LPWAM security - P. Girard

09/12/2015

Network connection Joint accept (…, MIC) Trusted Third Party

Device manufacturers 25 LPWAM security - P. Girard

09/12/2015

Network connection

Trusted Third Party

Joint accept (…, MIC)

Device manufacturers 26 LPWAM security - P. Girard

09/12/2015

Key derivation

Trusted Third Party

Device manufacturers 27 LPWAM security - P. Girard

09/12/2015

Key distribution

Trusted Third Party

Device manufacturers 28 LPWAM security - P. Girard

09/12/2015

Secure communication with TLS PKI

29 LPWAM security - P. Girard

09/12/2015

Conclusion LPWAN drivers are low cost and low power Trust is needed, more than ever ! A new trust infrastructure is required

30 LPWAM security - P. Girard

09/12/2015

Thanks for your attention

31 LPWAM security - P. Girard

09/12/2015