{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T05:09:30Z","timestamp":1769317770078,"version":"3.49.0"},"reference-count":60,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2021,6,18]],"date-time":"2021-06-18T00:00:00Z","timestamp":1623974400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100010669","name":"H2020 LEIT Information and Communication Technologies","doi-asserted-by":"publisher","award":["957286"],"award-info":[{"award-number":["957286"]}],"id":[{"id":"10.13039\/100010669","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JSAN"],"abstract":"<jats:p>LoRaWAN (Long Range Wide Area Network) is a Low-Power Wide Area Networks (LPWAN) technology with very rapid uptake during the previous years, developed by the LoRa (Long Range) Alliance as an open standard operating over the unlicensed band. Current LoRaWAN architecture foresees specific techniques for bootstrapping end-to-end encryption during network initialization. In particular, this work focuses on the Over-The-Air Activation (OTAA) method, which uses two keys (Network key (NwkKey) and Application key (AppKey)) that are hard-coded into the device and do not change throughout the entire lifetime of the deployment. The inability to refresh these two keys is as a weak point in terms of the overall security of the network especially when considering deployments that are expected to operate for at least 10\u201315 years. In this paper, the security issues of OTAA are presented in detail highlighting the vulnerabilities against the specific type of attacks. A new scheme for network activation is proposed that builds upon the current LoRaWAN architecture in a way that maintains backwards compatibility while resolving certain vulnerabilities. Under the new mechanism, the devices periodically negotiate new keys securely based on elliptic-curve cryptography. The security properties of the proposed mechanism are analyzed against a specific type of attacks. The analysis indicates that the new secure rejoin mechanism guarantees (i) computational key secrecy, (ii) decisional key secrecy, and (iii) key independence, forward and backward, for both root keys thus properly addressing the considered security vulnerabilities of LoRaWAN. Moreover, the method is implemented in software using the RIOT-OS, a hardware-independent operating system that supports many different architectures for 8 bit, 16 bit, 32 bit and 64 bit processors. The resulting software is evaluated on the FIT IoT-Lab real-world experimentation facility under a diverse set of ARM Cortex-M* devices targeting a broad range of IoT applications, ranging from advanced wearable devices to interactive entertainment devices, home automation and industrial cyber-physical systems. The experiments indicate that the overall overhead incurred in terms of energy and time by the proposed rejoin mechanism is acceptable given the low frequency of execution and the improvements to the overall security of the LoRaWAN1.1 OTAA method.<\/jats:p>","DOI":"10.3390\/jsan10020036","type":"journal-article","created":{"date-parts":[[2021,6,20]],"date-time":"2021-06-20T21:50:15Z","timestamp":1624225815000},"page":"36","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["Design, Analysis, and Experimental Evaluation of a New Secure Rejoin Mechanism for LoRaWAN Using Elliptic-Curve Cryptography"],"prefix":"10.3390","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6848-4596","authenticated-orcid":false,"given":"Stefano","family":"Milani","sequence":"first","affiliation":[{"name":"Department of Computer, Control, and Management Engineering \u201cAntonio Ruberti\u201d, Sapienza University of Rome, 00185 Rome, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8955-9270","authenticated-orcid":false,"given":"Ioannis","family":"Chatzigiannakis","sequence":"additional","affiliation":[{"name":"Department of Computer, Control, and Management Engineering \u201cAntonio Ruberti\u201d, Sapienza University of Rome, 00185 Rome, Italy"}]}],"member":"1968","published-online":{"date-parts":[[2021,6,18]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"855","DOI":"10.1109\/COMST.2017.2652320","article-title":"Low power wide area networks: An overview","volume":"19","author":"Raza","year":"2017","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Chatzigiannakis, I., and Tselios, C. (2021). Internet of Everything. Intelligent Computing for Interactive System Design: Statistics, Digital Signal Processing, and Machine Learning in Practice, Association for Computing Machinery. [1st ed.].","DOI":"10.1145\/3447404.3447408"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1109\/MWC.2016.7721743","article-title":"Long-Range Communications in Unlicensed Bands: The Rising Stars in the IoT and Smart City Scenarios","volume":"23","author":"Centenaro","year":"2016","journal-title":"IEEE Wirel. Commun."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1016\/j.bjp.2013.12.020","article-title":"SmartSantander: IoT experimentation over a smart city testbed","volume":"61","author":"Sanchez","year":"2014","journal-title":"Comput. Netw."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1016\/j.comcom.2016.03.014","article-title":"A privacy-preserving smart parking system using an IoT elliptic curve based security platform","volume":"89\u201390","author":"Chatzigiannakis","year":"2016","journal-title":"Comput. Commun."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1016\/j.cosrev.2010.09.003","article-title":"Urban pervasive applications: Challenges, scenarios and case studies","volume":"5","author":"Chatzigiannakis","year":"2011","journal-title":"Comput. Sci. Rev."},{"key":"ref_7","unstructured":"Boulogeorgos, A.A., Diamantoulakis, P.D., and Karagiannidis, G.K. (2016). Low Power Wide Area Networks (LPWANs) for Internet of Things (IoT) Applications: Research Challenges and Future Trends. arXiv."},{"key":"ref_8","unstructured":"Chatzigiannakis, I., Kinalis, A., and Nikoletseas, S. (2005, January 4\u20136). Power conservation schemes for energy efficient data propagation in heterogeneous wireless sensor networks. Proceedings of the 38th Annual Simulation Symposium, San Diego, CA, USA."},{"key":"ref_9","unstructured":"Xueying, Y. (2017). LoRaWAN: Vulnerability Analysis and Practical Expoitation. [Master\u2019s Thesis, TU Delft]."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Aras, E., Ramachandran, G.S., Lawrence, P., and Hughes, D. (2017, January 21\u201323). Exploring the Security Vulnerabilities of LoRa. Proceedings of the 2017 3rd IEEE International Conference on Cybernetics (CYBCONF), Exeter, UK.","DOI":"10.1109\/CYBConf.2017.7985777"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Kim, J., and Song, J. (2017, January 24\u201326). A Simple and Efficient Replay Attack Prevention Scheme for LoRaWAN. Proceedings of the 2017 the 7th International Conference on Communication and Network Security, Tokyo, Japan.","DOI":"10.1145\/3163058.3163064"},{"key":"ref_12","unstructured":"Miller, R. (2017, January 31). LoRa Security: Building a Secure LoRa Solution. Proceedings of the 2017 SyScan360 Information Security Conference, Seattle, WA, USA."},{"key":"ref_13","unstructured":"Michorius, J. (2021, June 01). What\u2019s Mine is Not Yours: LoRa Network and Privacy of Data on Publishing Devices. Available online: https:\/\/www.semanticscholar.org\/paper\/What-%E2%80%99-s-Mine-is-Not-Yours-%3A-LoRa-Network-and-of-on-Michorius\/bf6d0385090af421f9a49d9ac54f95dbaafabc77."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Naoui, S., Elhdhili, M.E., and Saidane, L.A. (2016, January 22\u201325). Enhancing the security of the IoT LoraWAN architecture. Proceedings of the 2016 International Conference on Performance Evaluation and Modeling in Wired and Wireless Networks (PEMWN), Paris, France.","DOI":"10.1109\/PEMWN.2016.7842904"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Cattani, M., Boano, C.A., and R\u00f6mer, K. (2017). An Experimental Evaluation of the Reliability of LoRa Long-Range Low-Power Wireless Communication. J. Sens. Actuator Netw., 6.","DOI":"10.3390\/jsan6020007"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Amaxilatis, D., and Chatzigiannakis, I. (2018). Design and Analysis of Adaptive Hierarchical Low-Power Long-Range Networks. J. Sens. Actuator Netw., 7.","DOI":"10.3390\/jsan7040051"},{"key":"ref_17","first-page":"101","article-title":"Brief Announcement: Providing End-to-End Secure Communication in Low-Power Wide Area Networks","volume":"Volume 10879","author":"Dinur","year":"2018","journal-title":"Proceedings of the Cyber Security Cryptography and Machine Learning\u2014Second International Symposium, CSCML 2018"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Marais, J.M., Malekian, R., and Abu-Mahfouz, A.M. (2017, January 18\u201320). LoRa and LoRaWAN testbeds: A review. Proceedings of the 2017 IEEE AFRICON, Cape Town, South Africa.","DOI":"10.1109\/AFRCON.2017.8095703"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"2687148","DOI":"10.1155\/2020\/2687148","article-title":"A Model with Leaf Area Index and Trunk Diameter for LoRaWAN Radio Propagation in Eastern China Mixed Forest","volume":"2020","author":"Wu","year":"2020","journal-title":"J. Sens."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1016\/j.entcs.2006.11.007","article-title":"Design, analysis and performance evaluation of group key establishment in wireless sensor networks","volume":"171","author":"Chatzigiannakis","year":"2007","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1145\/984334.984337","article-title":"Tree-based group key agreement","volume":"7","author":"Kim","year":"2004","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"ref_22","first-page":"6","article-title":"Group Key Agreement for Ad Hoc Networks","volume":"2006","author":"Liao","year":"2006","journal-title":"IACR Cryptol. EPrint Arch."},{"key":"ref_23","unstructured":"Williams, H.C. Use of Elliptic Curves in Cryptography. Proceedings of the Advances in Cryptology\u2014CRYPTO \u201985 Proceedings, Santa Barbara, CA, USA, 11\u201315 August 1986."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Hankerson, D., Menezes, A.J., and Vanstone, S. (2010). Guide to Elliptic Curve Cryptography, Springer Publishing Company. [1st ed.].","DOI":"10.1007\/978-1-4419-5906-5_245"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1016\/j.micpro.2015.02.003","article-title":"Review of Elliptic Curve Cryptography processor designs","volume":"39","author":"Marzouqi","year":"2015","journal-title":"Microprocess. Microsyst."},{"key":"ref_26","unstructured":"RIOT-OS (2021, June 01). RIOT-OS. Available online: https:\/\/github.com\/RIOT-OS\/RIOT."},{"key":"ref_27","unstructured":"Kmackay (2021, June 01). Micro-Ecc. Available online: https:\/\/github.com\/kmackay\/micro-ecc."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Adjih, C., Baccelli, E., Fleury, E., Harter, G., Mitton, N., Noel, T., Pissard-Gibollet, R., Saint-Marcel, F., Schreiner, G., and Vandaele, J. (2015, January 14\u201316). FIT IoT-LAB: A large scale open experimental IoT testbed. Proceedings of the 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), Milan, Italy.","DOI":"10.1109\/WF-IoT.2015.7389098"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1016\/j.comnet.2014.11.008","article-title":"Security, privacy and trust in Internet of Things: The road ahead","volume":"76","author":"Sicari","year":"2015","journal-title":"Comput. Netw."},{"key":"ref_30","unstructured":"Chantzis, F., Deirme, E., Stais, I., Calderon, P., and Woods, B. (2020). Practical IoT Hacking the Definitive Guide to Attacking the Internet of Things, No Starch Press, Inc.. Chapter 13."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Butun, I., Pereira, N., and Gidlund, M. (2018, January 25). Analysis of LoRaWAN v1.1 security. Proceedings of the 4th ACM MobiHoc Workshop on Experiences with the Design and Implementation of Smart Objects, Los Angeles, CA, USA.","DOI":"10.1145\/3213299.3213304"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and Moeller, B. (2021, June 01). Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS); Internet Requests for Comments, RFC 4492; RFC Editor, May 2006, ISSN 2070-1721. Available online: https:\/\/datatracker.ietf.org\/doc\/html\/rfc4492.","DOI":"10.17487\/rfc4492"},{"key":"ref_33","unstructured":"Nir, Y., Josefsson, S., and Pegourie-Gonnard, M. (2021, June 01). Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier. Available online: https:\/\/tools.ietf.org\/id\/draft-ietf-tls-rfc4492bis-16.html."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1109\/MWC.2004.1269719","article-title":"The advantages of elliptic curve cryptography for wireless security","volume":"11","author":"Lauter","year":"2004","journal-title":"IEEE Wirel. Commun."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"M\u00f6ssinger, M., Petschkuhn, B., Bauer, J., Staudemeyer, R.C., W\u00f3jcik, M., and P\u00f6hls, H.C. (2016, January 21\u201324). Towards quantifying the cost of a secure IoT: Overhead and energy consumption of ECC signatures on an ARM-based device. Proceedings of the 2016 IEEE 17th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM), Coimbra, Portugal.","DOI":"10.1109\/WoWMoM.2016.7523559"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Su\u00e1rez-Albela, M., Fraga-Lamas, P., and Fern\u00e1ndez-Caram\u00e9s, T.M. (2018). A practical evaluation on RSA and ECC-based cipher suites for IoT high-security energy-efficient fog and mist computing devices. Sensors, 18.","DOI":"10.3390\/s18113868"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Ronen, E., Shamir, A., Weingarten, A.O., and O\u2019Flynn, C. (2017, January 22\u201326). IoT goes nuclear: Creating a ZigBee chain reaction. Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.","DOI":"10.1109\/SP.2017.14"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Sanchez-Gomez, J., Garcia-Carrillo, D., Marin-Perez, R., and Skarmeta, A.F. (2020). Secure Authentication and Credential Establishment in Narrowband IoT and 5G. Sensors, 20.","DOI":"10.3390\/s20030882"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Chatzigiannakis, I., Konstantinou, E., Liagkou, V., and Spirakis, P. (2007, January 18\u201321). Agent-based Distributed Group Key Establishment in Wireless Sensor Networks. Proceedings of the 2007 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, Espoo, Finland.","DOI":"10.1109\/WOWMOM.2007.4351807"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"1503","DOI":"10.1109\/ACCESS.2015.2474705","article-title":"Group key establishment for enabling secure multicast communication in wireless sensor networks deployed for IoT applications","volume":"3","author":"Porambage","year":"2015","journal-title":"IEEE Access"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Sanchez-Iborra, R., S\u00e1nchez-G\u00f3mez, J., P\u00e9rez, S., Fern\u00e1ndez, P.J., Santa, J., Hern\u00e1ndez-Ramos, J.L., and Skarmeta, A.F. (2018). Enhancing lorawan security through a lightweight and authenticated key management approach. Sensors, 18.","DOI":"10.3390\/s18061833"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Han, J., and Wang, J. (2018). An enhanced key management scheme for LoRaWAN. Cryptography, 2.","DOI":"10.3390\/cryptography2040034"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Xing, J., Hou, L., Zhang, K., and Zheng, K. (2019, January 16\u201319). An Improved Secure Key Management Scheme for LoRa System. Proceedings of the 2019 IEEE 19th International Conference on Communication Technology (ICCT), Xi\u2019an, China.","DOI":"10.1109\/ICCT46805.2019.8947215"},{"key":"ref_44","unstructured":"Wuille, P. (2021, June 01). Bip32: Hierarchical Deterministic Wallets. Available online: https:\/\/github.com\/bitcoin\/bips\/blob\/master\/bip-0032.mediawiki."},{"key":"ref_45","unstructured":"LoRa Alliance Technical Committee (2021, June 01). LoRaWAN 1.1 Specification. Available online: https:\/\/lora-alliance.org\/wp-content\/uploads\/2020\/11\/lorawantm_specification_-v1.1.pdf."},{"key":"ref_46","unstructured":"Lipmaa, H., Rogaway, P., and Wagner, D. (2000, January 20). Comments to NIST concerning AES modes of operation: CTR-mode encryption. Proceedings of the Symmetric Key Block Cipher Modes of Operation Workshop, Baltimore, MD, USA."},{"key":"ref_47","unstructured":"McGrew, D.A. (2002). Counter Mode Security: Analysis and Recommendations, Cisco Systems."},{"key":"ref_48","first-page":"363","article-title":"Elliptic curve diffie-hellman key exchange algorithm for securing hypertext information on wide area network","volume":"4","author":"Ahirwal","year":"2013","journal-title":"Int. J. Comput. Sci. Inf. Technol."},{"key":"ref_49","unstructured":"Nakov, S. (2021, June 01). ECDH Key Exchange\u2014Pratical Cryptography for Developer. Available online: https:\/\/cryptobook.nakov.com\/asymmetric-key-ciphers\/ecdh-key-exchange."},{"key":"ref_50","first-page":"7","article-title":"Koblitz Curves and its practical uses in Bitcoin security","volume":"2","author":"Bjoernsen","year":"2009","journal-title":"Order (\u03b5 (GF (2k)"},{"key":"ref_51","first-page":"910","article-title":"A comparison between the secp256r1 and the koblitz secp256k1 bitcoin curves","volume":"13","author":"Houria","year":"2019","journal-title":"Indones. J. Electr. Eng. Comput. Sci."},{"key":"ref_52","doi-asserted-by":"crossref","unstructured":"Shaikh, J.R., Nenova, M., Iliev, G., and Valkova-Jarvis, Z. (2017, January 13\u201315). Analysis of standard elliptic curves for the implementation of elliptic curve cryptography in resource-constrained E-commerce applications. Proceedings of the 2017 IEEE International Conference on Microwaves, Antennas, Communications and Electronic Systems (COMCAS), Tel-Aviv, Israel.","DOI":"10.1109\/COMCAS.2017.8244805"},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"649","DOI":"10.2307\/1971363","article-title":"Factoring integers with elliptic curves","volume":"126","author":"Lenstra","year":"1987","journal-title":"Ann. Math."},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Rottleuthner, M., Schmidt, T.C., and W\u00e4hlisch, M. (2019, January 10). Eco: A Hardware-Software Co-Design for In Situ Power Measurement on Low-end IoT Systems. Proceedings of the 7th International Workshop on Energy Harvesting & Energy-Neutral Sensing Systems, New York, NY, USA.","DOI":"10.1145\/3362053.3363495"},{"key":"ref_55","unstructured":"RIOT-OS (2021, June 01). RIOT OS Crypto Module. Available online: https:\/\/api.riot-os.org\/group__sys__crypto.html."},{"key":"ref_56","unstructured":"G\u00fcndo\u011fan, C., Ams\u00fcss, C., Schmidt, T.C., and W\u00e4hlisch, M. (2020, January 22\u201326). IoT content object security with OSCORE and NDN: A first experimental comparison. Proceedings of the 2020 IFIP Networking Conference (Networking), Paris, France."},{"key":"ref_57","unstructured":"Kietzmann, P., Boeckmann, L., Lanzieri, L., Schmidt, T.C., and W\u00e4hlisch, M. (2021, January 17\u201319). A Performance Study of Crypto-Hardware in the Low-end IoT. Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN), New York, NY, USA."},{"key":"ref_58","doi-asserted-by":"crossref","unstructured":"Gura, N., Patel, A., Wander, A., Eberle, H., and Shantz, S.C. Comparing elliptic curve cryptography and RSA on 8-bit CPUs. Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems, Cambridge, MA, USA, 11\u201313 August 2004.","DOI":"10.1007\/978-3-540-28632-5_9"},{"key":"ref_59","first-page":"1","article-title":"Lightweight implementations of NIST P-256 and SM2 ECC on 8-bit resource-constraint embedded device","volume":"18","author":"Zhou","year":"2019","journal-title":"ACM Trans. Embed. Comput. Syst."},{"key":"ref_60","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1109\/MCOM.2017.1600613","article-title":"Understanding the limits of LoRaWAN","volume":"55","author":"Adelantado","year":"2017","journal-title":"IEEE Commun. Mag."}],"container-title":["Journal of Sensor and Actuator Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2224-2708\/10\/2\/36\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T06:18:50Z","timestamp":1760163530000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2224-2708\/10\/2\/36"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6,18]]},"references-count":60,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2021,6]]}},"alternative-id":["jsan10020036"],"URL":"https:\/\/doi.org\/10.3390\/jsan10020036","relation":{},"ISSN":["2224-2708"],"issn-type":[{"value":"2224-2708","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,6,18]]}}}