CONNECTIVITY ·
Why LoRaWAN + PKI is harder than it looks
LoRaWAN's security model assumes a provisioning environment that doesn't exist in most real deployments. Here's how we close the gap without bolting on a second protocol.
PLACEHOLDER · Layout article — content is lorem ipsum, not real technical claims.
PLACEHOLDER — lorem ipsum below. Replace before launch.
The gap LoRaWAN assumes away
Lorem ipsum dolor sit amet, consectetur adipiscing elit. The 1.0.x security model depends on AppKeys being delivered to devices and network servers through a trusted path. That path is almost never specified, and almost never the same twice.
Three approaches we've shipped
- Pre-shared keys with tight provisioning. Works for small fleets under
direct operator control.
- Join-server-mediated delivery. Better, but needs a join server you
actually trust.
- Device-identity over the application payload. X.509-signed
identities carried inside application frames — adds bytes, removes ambiguity.
# Sketch: frame-level identity envelope (not real production code)
def wrap_frame(payload: bytes, device_cert: bytes, sig: bytes) -> bytes:
header = b"\x01" + len(device_cert).to_bytes(2, "big")
return header + device_cert + sig + payloadWhat to avoid
- Treating AppKey rotation as "a field tech will reflash it."
- Relying on the LNS for identity. The LNS is an intermediary, not a root of
trust.
- Skipping mutual auth on the LNS-to-backend leg because "it's internal."
Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.