All LoRaWAN devices are forced to encrypt their payload and header with the Advanced Encryption Standard (AES), using keys of 128 bits (or 32 hexadecimal characters). The LoRaWAN protocol offers two layers of security:
- On the network layer, the integrity of a message is enforced by the Message Integrity Code (MIC).
- On the application layer the payload is encrypted using the AppSKey.
KPN Security mechanisms
KPN depends not only on the included security mechanisms such as Over The Air Activation (OTAA) and AES128 in the LoRaWAN protocol specification but it also applies KPN security mechanisms. The complete solution is hosted in KPN owned datacentre premises on which the Corporate Security Policy Framework (CSPF) is applicable. The KPN CSPF consists of a set of policies, standards and guidelines and is derived from high level KPN Group Corporate Security Policy. The CSPF is based on the international standard for information security (ISO270013) and the international standard for business continuity (BS25999).
Connection towards the customer Application Server
The connection towards the customer Application Server is using the HTTPS protocol with TLS v1.2 signed certificate requirements. Within this tunnel the application data is authenticated by using bi-directional SHA-256 token calculation. For example code regarding token verification please refer to the Github information mentioned in the topic on online LoRa tools .