Skip to main content

Advertisement

Springer Nature Link
Log in

SDSMS-LoRa: secure dynamic session key management scheme for LoRaWAN v1.1

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) has made human activities more productive and efficient by minimizing the need for human labor. LoRa, an IoT communication technology, has recently become popular because it can connect low-power devices over long distances using LPWAN. However, the static key mechanism in LoRaWAN v1.1 poses many security risks. The use of static keys poses a security risk if they are compromised, and the involvement of the join server in message transmission can increase latency and network load. The static keys have a long lifetime, increasing the risk of exposure. Hence, this paper proposes a solution to the static key problems in LoRaWAN v1.1 by providing a dynamic session key establishment method. The proposed method uses an elliptic curve cryptosystem to establish a secret session key in LoRaWAN during over-the-air activation. A new session key is generated for each session to provide forward and backward secrecy. The scheme improves the operational cost of session key establishment by not requiring the join server to be involved in message transmission. The session keys are generated at each node and expire after each session. This makes the nodes more resource-efficient, energy-efficient, and cost-effective when running critical applications on a LoRa-powered IoT network. Security analysis using the Scyther tool and random oracle model (ROM) gives additional strength to the proposed scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

Data Availability

Not applicable.

References

  1. Leonardi L, Bello LL, Patti G (2023) Mrt-lora: a multi-hop real-time communication protocol for industrial iot applications over lora networks. Comput Commun 199:72–86

    Article  Google Scholar 

  2. Jabbar WA, Ting TM, Hamidun MFI, Kamarudin AHC, Wu W, Sultan J, Alsewari AA, Ali MA (2024) Development of lorawan-based iot system for water quality monitoring in rural areas. Expert Syst Appl 242:122862

    Article  Google Scholar 

  3. LoRaWAN Version 1.0 Specification. https://lora-alliance.org/wp-content/uploads/2020/11/lorawan1_0_2-20161012_1398_1.pdf. Accessed 19 Jun 2024

  4. Eldefrawy M, Butun I, Pereira N, Gidlund M (2019) Formal security analysis of lorawan. Comput Netw 148:328–339

    Article  Google Scholar 

  5. Gladisch A, Rietschel S, Mundt T, Bauer J, Goltz J, Wiedenmann S (2018) Securely connecting iot devices with lorawan. In: 2018 Second World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4), 220–229. IEEE

  6. Yang X, Karampatzakis E, Doerr C, Kuipers F (2018) Security vulnerabilities in lorawan. In: 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI), 129–140. IEEE

  7. Na S, Hwang D, Shin W, Kim K-H (2017) Scenario and countermeasure for replay attack using join request messages in lorawan. In: 2017 International Conference on Information Networking (ICOIN), 718–720. IEEE

  8. Naoui S, Elhdhili ME, Saidane LA (2017) Trusted third party based key management for enhancing lorawan security. In: 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA), 1306–1313. IEEE

  9. Danish SM, Lestas M, Asif W, Qureshi HK, Rajarajan M (2019) A lightweight blockchain based two factor authentication mechanism for lorawan join procedure. In: 2019 IEEE International Conference on Communications Workshops (ICC Workshops), 1–6. IEEE

  10. LoRaWAN Version 1.1 Specification. https://lora-alliance.org/wp-content/uploads/2020/11/lorawantm_specification_-v1.1.pdf. Accessed 19 Jun 2024

  11. Ruotsalainen H, Zhang J, Grebeniuk S (2019) Experimental investigation on wireless key generation for low-power wide-area networks. IEEE Internet Things J 7(3):1745–1755

    Article  MATH  Google Scholar 

  12. Xu W, Jha S, Hu W (2018) Lora-key: secure key generation system for lora-based network. IEEE Internet Things J 6(4):6404–6416

    Article  MATH  Google Scholar 

  13. Junejo AK, Benkhelifa F, Wong B, Mccann JA (2021) Lora-lisk: a lightweight shared secret key generation scheme for lora networks. IEEE Internet Things J 9(6):4110–4124

    Article  Google Scholar 

  14. Hayati N, Ramli K, Windarta S, Suryanegara M (2022) A novel secure root key updating scheme for lorawans based on ctr_aes drbg 128. IEEE Access 10:18807–18819

    Article  Google Scholar 

  15. Haakegaard R, Lang J (2015) The elliptic curve diffie-hellman (ecdh). In: Online at https://koclab.Cs.ucsb.edu/teaching/ecc/project/2015Projects/Haakegaard+Lang.Pdf

  16. Gueron S, Krasnov V (2015) Fast prime field elliptic-curve cryptography with 256-bit primes. J Cryptogr Eng 5(2):141–151

    Article  MATH  Google Scholar 

  17. Bos J, Kaihara M, Kleinjung T, Lenstra AK, Montgomery PL (2009) On the security of 1024-bit rsa and 160-bit elliptic curve cryptography

  18. Ullah S, Zahilah R (2021) Curve25519 based lightweight end-to-end encryption in resource constrained autonomous 8-bit iot devices. Cybersecurity 4(1):1–13

    Article  Google Scholar 

  19. Gilbert H, Handschuh H (2003) Security analysis of sha-256 and sisters. In: International Workshop on Selected Areas in Cryptography. Springer

  20. Song J, Poovendran R, Lee J, Iwata T (2006) The aes-cmac algorithm

  21. Scyther tool. https://people.cispa.io/cas.cremers/scyther/. Accessed 19 Jun 2024

  22. Basin D, Cremers C (2010) Modeling and analyzing security in the presence of compromising adversaries. In: Computer Security-ESORICS 2010: 15th European Symposium on Research in Computer Security, Athens, Greece, Sep 20-22, 2010. Proceedings, vol. 15. Springer

  23. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MathSciNet  MATH  Google Scholar 

  24. Mittelbach A, Fischlin M (2021) The Theory of Hash Functions and Random Oracles. Springer, Cham

    Book  MATH  Google Scholar 

  25. Goldreich O (2009) Foundations of Cryptography, vol 2. Cambridge University Press, Basic Applications

  26. Sun H, Wen Q, Li W (2016) A strongly secure pairing-free certificateless authenticated key agreement protocol under the cdh assumption. Sci China Inf Sci 59(3):1–16

    Article  MATH  Google Scholar 

  27. Pan J, Qian C, Ringerud M (2022) Signed (group) Diffie–Hellman key exchange with tight security. J Cryptol 35(4):26

    Article  MathSciNet  MATH  Google Scholar 

  28. LaMacchia B, Lauter K, Mityagin A (2007) Stronger security of authenticated key exchange. In: International Conference on Provable Security. Springer, Berlin, Heidelberg

  29. Li S, Zhang F, Sun Y, Shen L (2013) Efficient leakage-resilient public key encryption from ddh assumption. Clust Comput 16:797–806

    Article  MATH  Google Scholar 

  30. Nam J, Lee J, Kim S, Won D (2005) Ddh-based group key agreement in a mobile environment. J Syst Softw 78(1):73–83

    Article  MATH  Google Scholar 

  31. Khomytska I, Bazylevych I, Teslyuk V, Karamysheva I (2023) The chi-square test and data clustering combined for author identification. In: 2023 IEEE 18th International Conference on Computer Science and Information Technologies (CSIT), 1–5. IEEE

Download references

Acknowledgements

We would like to thank our colleagues at the Center for Distributed Ledger & Innovation, IDRBT, for their helpful feedback and support. Also, we extend our thanks to Mr. P L Ramesh and Mr. Manesh Kumar Behara, Research Associates, for their valuable contributions to the research.

Funding

This work is supported by Science and Engineering Research Board (SERB), a statutory body of the Department of Science and Technology, Government of India under Grant No. SRG/2020/002458.

Author information

Authors and Affiliations

  1. Department of Computer Applications, National Institute of Technology, Trichy, Tamil Nadu, 620015, India

    S. S. Sravan & P. J. A Alphonse

  2. Centre for Distributed Ledger & Innovation, Institute for Development and Research in Banking Technology, Masab Tank, Hyderabad, Telangana, 500057, India

    S. S. Sravan & Susmita Mandal

Authors
  1. S. S. Sravan
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Susmita Mandal
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. P. J. A Alphonse
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

The first author, Sravan S S, is a Ph.D. scholar under the supervision of both the second and third authors. The first author has developed this core key exchange and mutual authentication protocol for the proposed work. The experiment was conducted by the first author, along with research associates, under the supervision of the second author. The second author, Dr. Susmita Mandal, provided major guidance and supervision to the first author in completing this work. The second author has received funding from the authority to conduct the research project. The third author, Dr. P.J.A Alphonse, has supported the first author as a supervisor in progressing his Ph.D. career.

Corresponding author

Correspondence to S. S. Sravan.

Ethics declarations

Conflict of interest

The authors declare that they have no conflicts of interest.

Ethical approval

This article does not contain any studies involving human participants or animals performed by any of the authors.

Consent to publish

I understand that the text and any pictures or videos published in the article. Will be used only in educational publications intended for professionals Or If the publication or product is published on an open access basis, I understand that it will be freely available on the internet and may be seen by the general public.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sravan, S.S., Mandal, S. & Alphonse, P.J.A. SDSMS-LoRa: secure dynamic session key management scheme for LoRaWAN v1.1. J Supercomput 81, 371 (2025). https://doi.org/10.1007/s11227-024-06802-6

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11227-024-06802-6

Keywords