A Secure and LoRaWAN Compatible User Authentication Protocol for Critical Applications in the IoT Environment

Abstract

Security and privacy are two main concerns in the critical applications in the Internet of Things environments. Long Range Wide Area Network (LoRaWAN) is a protocol, which effectively allows long-range communication for battery-constrained end devices in IoT environments, and it is accepted and used by individuals and industry. In order to facilitate the use of this technology and gain the trust of users, it is necessary to assure security and privacy for the information collected by end devices. The user authentication and key establishment protocols are very paramount in this regard. Although there are some authentication schemes in the literature, they could not be applied in the LoRaWAN networks. Thus, in this article, we introduce a new secure user authenticated key establishment scheme for LoRaWAN networks. The proposed scheme provides mutual authentication among participants, and it allows a user and an end device to establish a secure session key between themselves without trusting the network server unconditionally and completely. In order to prove that the proposed scheme is secure, we constructed formal proof employing the real-or-random model. Besides, we employed Proverif and automated validation of internet security protocols and applications tool to confirm that it satisfies authentication and security characteristics. Further, we show that our proposal is efficient with respect to computation, communication and storage costs in end devices. Eventually, we exhibit a practical demonstration of our proposal applying the NS2 simulator.