A Secure Authentication and Key Agreement Scheme for LoRaWAN

In the Internet of Things (IoT) environment, security and privacy are paramount concerns for critical applications. The LoRa protocol efficiently enables long-range communication for resource-constrained end devices in LoRaWAN networks. To foster technology adoption and user trust, safeguarding the data collected by end devices is essential. Authentication and key agreement protocols play a pivotal role in achieving this goal. Here, we introduce a novel scheme for authentication and key exchange in LoRaWAN, enabling mutual authentication among participants. This scheme empowers users/end devices and network servers to establish secure end-to-end session keys without unconditional trust. We assess the scheme's security informally and provide formal verification using AVISPA tools and the BAN logic. Furthermore, we compare it to existing authentication schemes, demonstrating its efficiency in terms of computational and communication overhead.