1 00:00:06,470 --> 00:00:08,880 - [Man] LoRA or LoRA WAN networks operate 2 00:00:08,880 --> 00:00:13,880 in the 868 megahertz and 900 megahertz ISM bands. 3 00:00:14,100 --> 00:00:17,820 The data rates can be from 0.3 kilobits per second 4 00:00:17,820 --> 00:00:20,000 to 50 kilobits per second 5 00:00:20,000 --> 00:00:22,280 over several kilometers. 6 00:00:22,280 --> 00:00:24,440 And that's one of the main differences 7 00:00:24,440 --> 00:00:27,560 between LoRA and the all the other technologies 8 00:00:27,560 --> 00:00:30,513 that we cover related to IoT communications. 9 00:00:31,360 --> 00:00:33,690 Now LoRA supports several device types 10 00:00:33,690 --> 00:00:37,890 including low power sensors that collect data in the field. 11 00:00:37,890 --> 00:00:40,750 LoRA devices communicate with a LoRA gateway 12 00:00:40,750 --> 00:00:44,780 and that gateway sends data to a network server. 13 00:00:44,780 --> 00:00:46,720 And on to application, you know 14 00:00:46,720 --> 00:00:50,853 servers accessible by the administrators of LoRA devices. 15 00:00:52,450 --> 00:00:55,520 Let's go over the LoRA one security model. 16 00:00:55,520 --> 00:01:00,520 LoRA specifies two types of symmetric session keys. 17 00:01:00,540 --> 00:01:03,700 These are unique to each LoRA device. 18 00:01:03,700 --> 00:01:05,590 The Network Session Key 19 00:01:05,590 --> 00:01:09,400 for networks layer messaging manages integrity 20 00:01:09,400 --> 00:01:11,950 from you know, basically the LoRA device 21 00:01:11,950 --> 00:01:14,130 to the LoRA network server. 22 00:01:14,130 --> 00:01:17,610 And also the App Session Key is, you know 23 00:01:17,610 --> 00:01:18,930 the other key that is actually used 24 00:01:18,930 --> 00:01:22,340 for application layer end to end encryption 25 00:01:22,340 --> 00:01:25,883 from the LoRA device to the application server. 26 00:01:27,100 --> 00:01:30,190 Now, there are two ways that devices 27 00:01:30,190 --> 00:01:32,830 can join the network, right? 28 00:01:32,830 --> 00:01:37,030 The first is over the air activation or OTAA 29 00:01:37,030 --> 00:01:40,440 and the basically the LoRA device and the network server 30 00:01:40,440 --> 00:01:44,513 our first provision with 128 bit AppKey. 31 00:01:45,360 --> 00:01:48,220 And then when the LoRA device is first powered on, 32 00:01:48,220 --> 00:01:52,590 it will send a joint request to the LoRA network server. 33 00:01:52,590 --> 00:01:56,310 The AppKey is used to create a Message Integrity Code 34 00:01:56,310 --> 00:01:59,110 or a MIC along with information including 35 00:01:59,110 --> 00:02:01,813 the device ID and the device nonce. 36 00:02:02,790 --> 00:02:05,960 The server checks the MIC with the AppKey. 37 00:02:05,960 --> 00:02:07,940 And then after validation, 38 00:02:07,940 --> 00:02:12,940 the network server generates two new 128 bit key 39 00:02:13,180 --> 00:02:16,170 you know, device keys, the App Session Key 40 00:02:16,170 --> 00:02:20,210 or the App S Key and the Network Session Key 41 00:02:20,210 --> 00:02:24,820 which is also called the NWKS key, right? 42 00:02:24,820 --> 00:02:28,060 Now, the keys are sent back to the LoRA device 43 00:02:28,060 --> 00:02:32,630 using the AppKey as the encryption key itself, right? 44 00:02:32,630 --> 00:02:36,273 Then the LoRA device decrypt and install the session keys. 45 00:02:37,270 --> 00:02:39,180 The other method is the activation 46 00:02:39,180 --> 00:02:41,750 by personalization or ABP. 47 00:02:41,750 --> 00:02:46,147 Basically the LoRA device is provisioned with session keys 48 00:02:46,147 --> 00:02:49,110 you know, the Network Session Key and the App Session Key 49 00:02:49,110 --> 00:02:52,610 and this can be done at manufacturing time. 50 00:02:52,610 --> 00:02:54,790 Now this LoRA devices can be in communicating 51 00:02:54,790 --> 00:02:57,693 with the LoRA network server using those keys. 52 00:02:58,570 --> 00:03:00,820 Now, one to highlight is that man in the middle of attacks 53 00:03:00,820 --> 00:03:04,180 are pretty unlikely because of the uniqueness 54 00:03:04,180 --> 00:03:05,960 of these session keys. 55 00:03:05,960 --> 00:03:08,960 This is somewhat stronger than the other IT protocols 56 00:03:08,960 --> 00:03:11,623 that we cover earlier in the course. 57 00:03:12,550 --> 00:03:16,870 There are other potential threats, although for example 58 00:03:16,870 --> 00:03:19,194 the ABP key provisioning. 59 00:03:19,194 --> 00:03:23,120 So the activation by personalization creates session keys 60 00:03:23,120 --> 00:03:26,770 for the LoRA device possibly at manufacturing, right? 61 00:03:26,770 --> 00:03:30,340 So these session keys have to be injected into the device 62 00:03:30,340 --> 00:03:33,920 and securely transported to the LoRA network server. 63 00:03:33,920 --> 00:03:36,850 So again, there's a of course the potential 64 00:03:36,850 --> 00:03:40,020 of supply chain attacks in that case, right? 65 00:03:40,020 --> 00:03:43,240 Now there's hardware security modules or HSMs 66 00:03:43,240 --> 00:03:45,050 at the manufacturing site that can actually 67 00:03:45,050 --> 00:03:48,720 be implemented to be the best way to do this. 68 00:03:48,720 --> 00:03:51,200 You know, these key management so that 69 00:03:51,200 --> 00:03:54,650 the keys are not exposed during the device programming. 70 00:03:54,650 --> 00:03:57,020 So the LoRA device programming. 71 00:03:57,020 --> 00:03:58,250 Now, another thing is that 72 00:03:58,250 --> 00:04:02,640 during the over the air activation or OTAA, 73 00:04:02,640 --> 00:04:06,860 that process actually uses a secure methodology 74 00:04:06,860 --> 00:04:08,660 for generating session keys. 75 00:04:08,660 --> 00:04:13,370 However, the app key must be provisioning a secure manner 76 00:04:13,370 --> 00:04:16,440 and securely transported to the network server. 77 00:04:16,440 --> 00:04:18,560 And this could be done over HTTPS 78 00:04:18,560 --> 00:04:21,610 in a secure web client server model. 79 00:04:21,610 --> 00:04:25,830 However, if the implementer or the vendor does not configure 80 00:04:25,830 --> 00:04:30,110 or does not enable HTTPS or TLS by default, 81 00:04:30,110 --> 00:04:31,650 there will definitely be an opportunity 82 00:04:31,650 --> 00:04:34,142 for you as an attacker to actually eavesdrop. 83 00:04:34,142 --> 00:04:36,460 But that's of course, very unlikely. 84 00:04:36,460 --> 00:04:41,153 You know, there's a lot of guidance by the LoRA community 85 00:04:41,990 --> 00:04:43,470 that actually highlights this 86 00:04:43,470 --> 00:04:45,960 you know, in many different type of documentation, right? 87 00:04:45,960 --> 00:04:50,640 So, but again, the possibility is still there. 88 00:04:50,640 --> 00:04:53,700 Now, LoRA device key storage is another consideration 89 00:04:53,700 --> 00:04:56,120 that you know, may also have to take care, you know, 90 00:04:56,120 --> 00:04:58,500 as an attacker you may actually have access 91 00:04:58,500 --> 00:05:01,490 to the device keys, the AppKey, the Networks Session Key 92 00:05:01,490 --> 00:05:05,000 and the App Session Key, and you can easily spoof 93 00:05:05,000 --> 00:05:07,970 and node if you actually have those in your possession. 94 00:05:07,970 --> 00:05:12,220 So therefore that's why these keys definitely 95 00:05:12,220 --> 00:05:15,560 should be stored securely not only within an environment 96 00:05:15,560 --> 00:05:17,880 but within those devices themselves. 97 00:05:17,880 --> 00:05:20,360 Right? So encryption at rest is actually one 98 00:05:20,360 --> 00:05:23,249 of the main things that, you know, implementers 99 00:05:23,249 --> 00:05:25,530 should pay attention to. 100 00:05:25,530 --> 00:05:27,900 Now, well known sided channel attacks 101 00:05:27,900 --> 00:05:30,030 can also be used to recover these keys 102 00:05:30,030 --> 00:05:32,590 from memory that is actually not accessible 103 00:05:32,590 --> 00:05:34,430 via software means, right? 104 00:05:34,430 --> 00:05:36,750 A mitigation for that is actually smart car chips. 105 00:05:36,750 --> 00:05:40,170 And these are secure elements that have been designed 106 00:05:40,170 --> 00:05:42,253 for side channel protections. 107 00:05:43,260 --> 00:05:47,210 Now, another consideration is the Client-Side Key Storage. 108 00:05:47,210 --> 00:05:49,720 Depending on the application server architecture, 109 00:05:49,720 --> 00:05:53,950 the client could be responsible for the secure key storage 110 00:05:53,950 --> 00:05:55,170 of all those keys zero. 111 00:05:55,170 --> 00:05:57,350 So the App key, the Network Section Key 112 00:05:57,350 --> 00:05:59,200 and the App Session Key. 113 00:05:59,200 --> 00:06:01,760 So to mitigate the threat of, you know, 114 00:06:01,760 --> 00:06:04,000 this type of exposure, all device keys 115 00:06:04,000 --> 00:06:06,000 are encrypted under a master key. 116 00:06:06,000 --> 00:06:09,120 So they're not exposed whenever in use, right? 117 00:06:09,120 --> 00:06:13,610 Clients and implementers can also employ a USB smart key 118 00:06:13,610 --> 00:06:16,620 to protect key material in a physical device, right? 119 00:06:16,620 --> 00:06:18,540 Now another consideration is also 120 00:06:18,540 --> 00:06:21,110 the LoRA network server key storage. 121 00:06:21,110 --> 00:06:23,220 And again, it's actually the network server 122 00:06:23,220 --> 00:06:24,910 is used to generate the device keys 123 00:06:24,910 --> 00:06:26,860 for all the LoRA devices. 124 00:06:26,860 --> 00:06:28,770 So if it's actually compromised, of course 125 00:06:28,770 --> 00:06:30,190 you actually have the keys to the kingdom. 126 00:06:30,190 --> 00:06:33,820 In that case, all device keys should be encrypted 127 00:06:33,820 --> 00:06:36,451 under the master keys to actually mitigate threats 128 00:06:36,451 --> 00:06:37,970 of exposure. 129 00:06:37,970 --> 00:06:40,680 So in summary, the main security risk 130 00:06:40,680 --> 00:06:44,100 with LoRA is the key life cycle management. 131 00:06:44,100 --> 00:06:47,640 This includes the session key, the generation, you know 132 00:06:47,640 --> 00:06:50,823 that session key, the storage and the transport.