{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T22:53:56Z","timestamp":1773183236694,"version":"3.50.1"},"reference-count":41,"publisher":"MDPI AG","issue":"6","license":[{"start":{"date-parts":[[2018,6,5]],"date-time":"2018-06-05T00:00:00Z","timestamp":1528156800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Spanish Ministry of Economy and Competitiveness","award":["PERSEIDES (ref. TIN2017-86885-R)"],"award-info":[{"award-number":["PERSEIDES (ref. TIN2017-86885-R)"]}]},{"DOI":"10.13039\/501100000780","name":"European Union","doi-asserted-by":"publisher","award":["CHIST-ERA (ref. PCIN-2016-010)"],"award-info":[{"award-number":["CHIST-ERA (ref. PCIN-2016-010)"]}],"id":[{"id":"10.13039\/501100000780","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa) and its layer-two supporter LoRa Wide Area Network (LoRaWAN), which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie\u2013Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.<\/jats:p>","DOI":"10.3390\/s18061833","type":"journal-article","created":{"date-parts":[[2018,6,5]],"date-time":"2018-06-05T11:04:46Z","timestamp":1528196686000},"page":"1833","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":70,"title":["Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach"],"prefix":"10.3390","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0069-3017","authenticated-orcid":false,"given":"Ramon","family":"Sanchez-Iborra","sequence":"first","affiliation":[{"name":"Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2673-3790","authenticated-orcid":false,"given":"Jes\u00fas","family":"S\u00e1nchez-G\u00f3mez","sequence":"additional","affiliation":[{"name":"Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6390-9586","authenticated-orcid":false,"given":"Salvador","family":"P\u00e9rez","sequence":"additional","affiliation":[{"name":"Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2401-0521","authenticated-orcid":false,"given":"Pedro","family":"Fern\u00e1ndez","sequence":"additional","affiliation":[{"name":"Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9224-7112","authenticated-orcid":false,"given":"Jos\u00e9","family":"Santa","sequence":"additional","affiliation":[{"name":"Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7697-116X","authenticated-orcid":false,"given":"Jos\u00e9","family":"Hern\u00e1ndez-Ramos","sequence":"additional","affiliation":[{"name":"Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain"},{"name":"European Commission, Joint Research Centre, 21027 Ispra, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5525-1259","authenticated-orcid":false,"given":"Antonio","family":"Skarmeta","sequence":"additional","affiliation":[{"name":"Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2018,6,5]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Sanchez-Iborra, R., and Cano, M.D. (2016). State of the Art in LP-WAN Solutions for Industrial IoT Services. Sensors, 16.","DOI":"10.3390\/s16050708"},{"key":"ref_2","unstructured":"LoRa-Alliance (2015). A Technical Overview of LoRa and LoRaWAN, LoRa-Alliance. Technical Report."},{"key":"ref_3","unstructured":"LoRa-Alliance (2015). Lorawan Specification Version 1.0, LoRa Alliance."},{"key":"ref_4","unstructured":"Selander, G., Mattsson, J., and Palombini, F. (2018, June 05). Ephemeral Diffie\u2013Hellman Over COSE (EDHOC). Available online: https:\/\/tools.ietf.org\/html\/draft-selander-ace-cose-ecdhe-06."},{"key":"ref_5","unstructured":"Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and Kivinen, T. (2018, June 05). Internet Key Exchange Protocol Version 2 (IKEv2). Available online: https:\/\/tools.ietf.org\/html\/rfc5996."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Dierks, T., and Rescorla, E. (2018, June 05). The Transport Layer Security (TLS) Protocol Version 1.2. Available online: https:\/\/www.ietf.org\/rfc\/rfc5246.txt.","DOI":"10.17487\/RFC8446"},{"key":"ref_7","unstructured":"Rescorla, E., and Modadugu, N. (2018, June 05). Datagram Transport Layer Security Version 1.2. Available online: https:\/\/tools.ietf.org\/html\/rfc6347."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Schaad, J. (2018, June 05). CBOR Object Signing and Encryption (COSE). Available online: https:\/\/tools.ietf.org\/html\/rfc8152.","DOI":"10.17487\/RFC8152"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Krawczyk, H. (2011). Perfect forward secrecy. Encyclopedia of Cryptography and Security, Springer.","DOI":"10.1007\/978-1-4419-5906-5_90"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1109\/MSP.2016.4","article-title":"Learning Internet-of-Things Security \u201cHands-On\u201d","volume":"14","author":"Kolias","year":"2016","journal-title":"IEEE Secur. Priv."},{"key":"ref_11","unstructured":"Shelby, Z., Hartke, K., and Bormann, C. (2018, June 05). The Constrained Application Protocol (CoAP). Available online: http:\/\/www.rfc-editor.org\/rfc\/rfc7252.txt."},{"key":"ref_12","unstructured":"Barnes, R. (2018, June 05). Use Cases and Requirements for JSON Object Signing and Encryption (JOSE). Available online: https:\/\/datatracker.ietf.org\/doc\/rfc7165\/."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Mikhalev, V., Gomez, L., Armknecht, F., and M\u00e1rquez, J. (2017). Towards End-to-End Data Protection in Low-Power Networks. Computer Security, Springer International Publishing.","DOI":"10.1007\/978-3-319-72817-9_1"},{"key":"ref_14","unstructured":"Miller, R. (2016). Lora Security: Building a Secure Lora Solution, MWR Labs Whitepaper."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Tomasin, S., Zulian, S., and Vangelista, L. (2017, January 19\u201322). Security analysis of LoRaWAN join procedure for Internet of Things networks. Proceedings of the IEEE Wireless Communications and Networking Conference Workshops (WCNCW), San Francisco, CA, USA.","DOI":"10.1109\/WCNCW.2017.7919091"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Aras, E., Ramachandran, G.S., Lawrence, P., and Hughes, D. (2017, January 21\u201323). Exploring the security vulnerabilities of LoRa. Proceedings of the 3rd IEEE International Conference on Cybernetics (CYBCONF), Exeter, UK.","DOI":"10.1109\/CYBConf.2017.7985777"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Oniga, B., Dadarlat, V., Poorter, E.D., and Munteanu, A. (2017, January 7\u20139). Analysis, design and implementation of secure LoRaWAN sensor networks. Proceedings of the 13th IEEE International Conference on Intelligent Computer Communication and Processing (ICCP), Cluj-Napoca, Romania.","DOI":"10.1109\/ICCP.2017.8117042"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"2153","DOI":"10.1109\/JSEN.2017.2789121","article-title":"A Secure Device-to-Device Link Establishment Scheme for LoRaWAN","volume":"18","author":"Kim","year":"2018","journal-title":"IEEE Sens. J."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Mikhaylov, K., Petajajarvi, J., Haapola, J., and Pouttu, A. (2017, January 21\u201325). D2D communications in LoRaWAN Low Power Wide Area Network: From idea to empirical validation. Proceedings of the IEEE International Conference on Communications Workshops (ICC Workshops), Paris, France.","DOI":"10.1109\/ICCW.2017.7962746"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Naoui, S., Elhdhili, M.E., and Saidane, L.A. (2016, January 22\u201325). Enhancing the security of the IoT LoraWAN architecture. Proceedings of the International Conference on Performance Evaluation and Modeling in Wired and Wireless Networks (PEMWN), Paris, France.","DOI":"10.1109\/PEMWN.2016.7842904"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"6590713","DOI":"10.1155\/2017\/6590713","article-title":"A Dual Key-Based Activation Scheme for Secure LoRaWAN","volume":"2017","author":"Kim","year":"2017","journal-title":"Wirel. Commun. Mobile Comput."},{"key":"ref_22","unstructured":"Alliance, L. (2017). Lorawan Specification Version 1.1, LoRa Alliance."},{"key":"ref_23","unstructured":"(2018, May 31). LoRa-Alliance. Available online: https:\/\/www.lora-alliance.org\/."},{"key":"ref_24","unstructured":"McGrew, D., and Bailey, D. (2018, June 05). AES-CCM Cipher Suites for Transport Layer Security (TLS). Available online: https:\/\/datatracker.ietf.org\/doc\/rfc6347\/."},{"key":"ref_25","unstructured":"Fu, D., and Solinas, J. (2018, June 05). Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2. Available online: https:\/\/tools.ietf.org\/html\/rfc6655."},{"key":"ref_26","unstructured":"Selander, G., Palombini, F., and Hartke, K. (2018, June 05). Requirements for CoAP End-To-End Security. Available online: https:\/\/tools.ietf.org\/html\/draft-hartke-core-e2e-security-reqs-00."},{"key":"ref_27","unstructured":"Bormann, C., Ersue, M., and Keranen, A. (2018, June 05). Terminology for Constrained-Node Networks. Available online: https:\/\/tools.ietf.org\/html\/rfc7228."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Krawczyk, H. (2003). SIGMA: The \u2018SIGn-and-MAc\u2019approach to authenticated Diffie\u2013Hellman and its use in the IKE protocols. Annual International Cryptology Conference, Springer.","DOI":"10.1007\/978-3-540-45146-4_24"},{"key":"ref_29","unstructured":"McGrew, D., Igoe, K., and Salter, M. (2018, June 05). Fundamental Elliptic Curve Cryptography Algorithms. Available online: https:\/\/tools.ietf.org\/html\/rfc6090."},{"key":"ref_30","unstructured":"Bormann, C., and Hoffman, P. (2018, June 05). Concise Binary Object Representation (CBOR). Available online: https:\/\/tools.ietf.org\/html\/rfc7049."},{"key":"ref_31","unstructured":"Krawczyk, H., and Eronen, P. (2018, June 05). HMAC-Based Extract-and-Expand Key Derivation Function (HKDF). Available online: https:\/\/tools.ietf.org\/html\/rfc5869."},{"key":"ref_32","first-page":"45","article-title":"Integrating LP-WAN Communications within the Vehicular Ecosystem","volume":"7","author":"Santa","year":"2017","journal-title":"J. Internet Serv. Inf. Secur."},{"key":"ref_33","unstructured":"Minaburo, A., Toutain, L., and Gomez, C. (2018, June 05). LPWAN Static Context Header Compression (SCHC) and Fragmentation for IPv6 and UDP. Available online: https:\/\/tools.ietf.org\/html\/draft-ietf-lpwan-ipv6-static-context-hc-07."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Barker, E. (2016). Recommendation for Key Management Part 1: General (Revision 4).","DOI":"10.6028\/NIST.SP.800-57pt1r4"},{"key":"ref_35","unstructured":"McGrew, D. (2018, June 05). An Interface and Algorithms for Authenticated Encryption. Available online: https:\/\/tools.ietf.org\/html\/rfc5116."},{"key":"ref_36","unstructured":"Langley, A., Hamburg, M., and Turner, S. (2018, June 05). Elliptic Curves for Security. Available online: https:\/\/tools.ietf.org\/html\/rfc7748."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Chen, L. (2011). Recommendation for Key Derivation through Extraction-then-Expansion.","DOI":"10.6028\/NIST.SP.800-56c"},{"key":"ref_38","unstructured":"Aragon, S., Tiloca, M., and Raza, S. (2018, June 05). IPsec Profile of ACE. Available online: https:\/\/tools.ietf.org\/html\/draft-aragon-ace-ipsec-profile-01."},{"key":"ref_39","unstructured":"Brown, D. (2009). Standards for Efficient Cryptography, Certicom Research. Technical Report."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Sanchez-Iborra, R., Sanchez-Gomez, J., Ballesta-Vi\u00f1as, J., Cano, M.D., and Skarmeta, A. (2018). Performance evaluation of LoRa considering scenario conditions. Sensors, 18.","DOI":"10.3390\/s18030772"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Sanchez-Iborra, R., Sanchez-Gomez, J., and Skarmeta, A. (2018). Evolving IoT Networks by the Confluence of MEC and LP-WAN Paradigms. Future Gener. Comput. Syst., in press.","DOI":"10.1016\/j.future.2018.05.057"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/18\/6\/1833\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:07:24Z","timestamp":1760195244000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/18\/6\/1833"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,6,5]]},"references-count":41,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2018,6]]}},"alternative-id":["s18061833"],"URL":"https:\/\/doi.org\/10.3390\/s18061833","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,6,5]]}}}