{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T14:16:09Z","timestamp":1770992169155,"version":"3.50.1"},"reference-count":25,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2018,11,2]],"date-time":"2018-11-02T00:00:00Z","timestamp":1541116800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"The LoRaWAN is one of the new low-power wide-area network (LPWAN) standards applied to Internet of Things (IoT) technology. The key features of LPWAN are its low power consumption and long-range coverage. The LoRaWAN 1.1 specification includes a basic security scheme. However, this scheme could be further improved in the aspect of key management. In this paper, LoRaWAN 1.1 security is reviewed, and enhanced LoRaWAN security with a root key update scheme is proposed. The root key update will make cryptoanalysis of security keys in LoRaWAN more difficult. The analysis and simulation show that the proposed root key update scheme requires fewer computing resources compared with other key derivation schemes, including the scheme used in the LoRaWAN session key update. The results also show the key generated in the proposed scheme has a high degree of randomness, which is a basic requirement for a security key.<\/jats:p>","DOI":"10.3390\/cryptography2040034","type":"journal-article","created":{"date-parts":[[2018,11,5]],"date-time":"2018-11-05T04:26:39Z","timestamp":1541391999000},"page":"34","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":34,"title":["An Enhanced Key Management Scheme for LoRaWAN"],"prefix":"10.3390","volume":"2","author":[{"given":"Jialuo","family":"Han","sequence":"first","affiliation":[{"name":"School of Engineering, RMIT University, Melbourne 3000, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9485-1102","authenticated-orcid":false,"given":"Jidong","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Engineering, RMIT University, Melbourne 3000, Australia"}]}],"member":"1968","published-online":{"date-parts":[[2018,11,2]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Naoui, S., Elhdhili, M.E., and Saidane, L.A. (2016, January 22\u201324). Enhancing the security of the IoT LoraWAN architecture. Proceedings of the 2016 International Conference on Performance Evaluation and Modeling in Wired and Wireless Networks (PEMWN), Paris, France.","DOI":"10.1109\/PEMWN.2016.7842904"},{"key":"ref_2","unstructured":"(2015). A Technical Overview of LoRa and LoRaWAN, LoRa Alliance. [1st ed.]."},{"key":"ref_3","unstructured":"Semtech (2017, October 06). What Is LoRa? | Semtech LoRa Technology | Semtech. Available online: https:\/\/www.semtech.com\/lora\/what-is-lora."},{"key":"ref_4","unstructured":"Sornin, N., and Yegin, A. (2018, March 20). LoRaWAN Backend Interfaces 1.0 Specification. Available online: www.lora-alliance.org."},{"key":"ref_5","unstructured":"Sornin, N., and Yegin, A. (2018, March 20). LoRa Specification 1.1. LoRa Alliance Standard Specification. Available online: www.lora-alliance.org."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Sanchez-Iborra, R., S\u00e1nchez-G\u00f3mez, J., P\u00e9rez, S., Fern\u00e1ndez, P., Santa, J., Hern\u00e1ndez-Ramos, J., and Skarmeta, A. (2018). Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach. Sensors, 18.","DOI":"10.3390\/s18061833"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"You, I., Kwon, S., Choudhary, G., Sharma, V., and Seo, J.T. (2018). An Enhanced LoRaWAN Security Protocol for Privacy Preservation in IoT with a Case Study on a Smart Factory-Enabled Parking System. Sensors, 18.","DOI":"10.3390\/s18061888"},{"key":"ref_8","unstructured":"Miller, R. (2016). LoRa Security: Building a Secure LoRa Solution, MWR Labs. [1st ed.]. MWR Labs Whitepaper."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1016\/j.compeleceng.2011.01.009","article-title":"Key management systems for sensor networks in the context of the Internet of Things","volume":"37","author":"Roman","year":"2011","journal-title":"Comput. Electr. Eng."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"SeungJae, N., DongYeop, H., WoonSeob, S., and Ki-Hyung, K. (2017, January 11\u201313). Scenario and countermeasure for replay attack using join request messages in LoRaWAN. Proceedings of the 2017 International Conference on Information Networking (ICOIN), Da Nang, Vietnam.","DOI":"10.1109\/ICOIN.2017.7899580"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Kim, J., and Song, J. (2017, January 24\u201326). A simple and efficient replay attack prevention scheme for LoRaWAN. Proceedings of the 2017 the 7th International Conference on Communication and Network Security, Tokyo, Japan.","DOI":"10.1145\/3163058.3163064"},{"key":"ref_12","unstructured":"Gildas Avoine, L.F. (2016). Rescuing LoRaWAN 1.0, CNRS. INSA Rennes, France."},{"key":"ref_13","unstructured":"Stallings, W., and Brown, L. (2012). Computer Security: Principles and Practice, Pearson. [2nd ed.]."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Zhang, Z.-K., Cho, M.C.Y., and Shieh, S. (2015, January 14\u201317). Emerging security threats and countermeasures in IoT. Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIA CCS\u201915), Singapore.","DOI":"10.1145\/2714576.2737091"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Hossain, M.M., Fotouhi, M., and Hasan, R. (July, January 27). Towardsan Analysis of Security Issues, Challenges, and Open Problems in the Internet of Tings. Proceedings of the IEEE World Congress on Services (SERVICES 2015), New York, NY, USA.","DOI":"10.1109\/SERVICES.2015.12"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Zhao, K., and Ge, L. (2013, January 14\u201315). A survey on the internet of things security. Proceedings of the 9th International Conference on Computational Intelligence and Security (CIS 2013), Emei Mountain, China.","DOI":"10.1109\/CIS.2013.145"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"765143","DOI":"10.1155\/2011\/765143","article-title":"EDDK: Energy-efficient distributed deterministic key management for wireless sensor networks","volume":"2011","author":"He","year":"2011","journal-title":"EURASIP J. Wirel. Commun. Netw."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Barker, E., Barker, W., Burr, W., Polk, W., and Smid, M. (2016). Recommendation for Key Management Part 1: General (Revision 4), NIST Special Publication.","DOI":"10.6028\/NIST.SP.800-57pt1r4"},{"key":"ref_19","unstructured":"(2018, October 23). RFC 4503\u2014A Description of the Rabbit Stream Cipher Algorithm. Available online: https:\/\/tools.ietf.org\/html\/rfc4503."},{"key":"ref_20","unstructured":"Che, L. (2009). NIST Special Publication 800-108, National Institute of Standards and Technology."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Krawczyk, H. (2010). Cryptographic Extraction and Key Derivation: The HKDF Scheme. Advances in Cryptology\u2014Proceedings of the 30th International Cryptology Conference (CRYPTO 2010), Santa Barbara, CA, USA, 15\u201319 August 2010, Springer.","DOI":"10.1007\/978-3-642-14623-7_34"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Chen, L. (2011). SP 800-56C. Recommendation for Key Derivation through Extraction-then-Expansion, National Institute of Standards & Technology.","DOI":"10.6028\/NIST.SP.800-56c"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Dworkin, M.J. (2005). SP 800-38B. Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, National Institute of Standards & Technology.","DOI":"10.6028\/NIST.SP.800-38b-2005"},{"key":"ref_24","unstructured":"Matthew, R., and Olivier, B. (2008). The Rabbit Stream Cipher. New Stream Cipher Designs, Springer."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Su\u00e1rez-Albela, M., Fern\u00e1ndez-Caram\u00e9s, T.M., Fraga-Lamas, P., and Castedo, L. (2017). A practical evaluation of a high-security energy-efficient gateway for IoT fog computing applications. Sensors, 17.","DOI":"10.3390\/s17091978"}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/4\/34\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:27:42Z","timestamp":1760196462000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/4\/34"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,11,2]]},"references-count":25,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2018,12]]}},"alternative-id":["cryptography2040034"],"URL":"https:\/\/doi.org\/10.3390\/cryptography2040034","relation":{},"ISSN":["2410-387X"],"issn-type":[{"value":"2410-387X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,11,2]]}}}