Secure LoRaWAN Root Key Update Scheme for IoT Environment

The Internet of Things (IoT) is an essential infrastructure in many fields, such as industry and agriculture. Sensor design, communication scheme, data security, and data analysis are four important topics in the IoT research field. LoRaWAN, one of unlicensed-band based long range wide area network specifications, is very suitable for an IoT system due to the feature of low-power and long-range communication. To enhance the communication security, LoRaWAN encrypts transmitted data with different session keys which are derived from two root keys. However, these root keys stored in the end-device is easily stolen by attackers, thus threatening communication security. In this paper, a root key update scheme is proposed to periodically renew the root keys so that the security level of LoRaWAN can be enhanced. The simulation results by using the Scyther, a security analysis tool, demonstrate that the procedure of the proposed scheme is secure. Besides, the security discussion also shows that the proposed scheme provides the features of mutual authentication, confidentiality and message integrity, and can also resist replay and eavesdropping attacks.