Guido VoigtLoRaWAN Main Wiki Page
Security
Over-the-Air-Activation (OTAA)
OTAA-Methodebased on Over-the-Air-Messages for Join Requests and Join Accepts. For each end device you need
- 64-Bit-DevEUI [UUID global / like a MAC]
- 64-Bit-AppEUI [crypto sign to join network]
- 128-Bit Application Session Key (AppSKey)
- 128-Bit Network Session Key (NwkSKey)
- 2byte aka 16bit DevNonce [random byte to prevend relplay attack]
- Workflow
![LoRaWAN-Security]()
- use this key with AppKey to generate a 4-Byte MIC (Message Integrity Code)
- Server accpet only devices with known DevEUI- und AppEUI and check MIC with AppKey.
![DevAddr-FCnt-Payload-MIC]()
Activation by Personalization (ABP)
the ABP-Method diff from OTAA, as DevAddr and Session Keys (NwkSKey und AppSKey) will be sent. For ABP Network need to know already all key. (preshared or OTAA before)