A Novel Secure Root Key Updating Scheme for LoRaWANs based on CTRAES DRBG 128

A long-range wide area network (LoRaWAN) has a weakness in terms of key management: its root key is static, meaning that it never changes. Since all cryptographic keys are derived from the root key, such a weakness endangers LoRaWAN security. This paper proposes a novel secure root key updating scheme for LoRaWAN that involves periodically changing the root key value based on the CTRAES DRBG 128 algorithm. The scheme consists of two sequential phases: the initialization process that occurs at the end device and the root key update process that occurs at the join server. To validate the proposed scheme, we conduct randomness and communication protocol tests. The results indicate that the proposed scheme has a high degree of randomness, passes all 15 statistical tests in the NIST suite, and has secure communication protocols. The analyses verify that the new scheme has a mechanism to resist replay attacks and protects data integrity. The main advantage of the scheme is that it has a perfect forward secrecy feature that enhances the root key updating scheme with a lightweight computational load for the end device; additionally, root key updating can be performed automatically from a remote distance within the LoRaWAN coverage network. The proposed scheme also supports simultaneous updates for implementation in a large area with many devices. Finally, the overall results demonstrate how our proposed scheme may compensate for the weakness of LoRaWANs in key management and improve their security performance.