Enhancing LoRaWAN Security: Addressing Static Root Keys with Post-Quantum Cryptography
Abstract
The lack of an update method for LoRaWAN’s static root keys poses a major security risk, exposing networks to key compromise. Furthermore, existing approaches that use public-key cryptography are vulnerable to emerging quantum threats. This paper presents a quantum-safe solution to dynamically update root keys through a Root Key Renewal procedure, using post-quantum authenticated Diffie–Hellman via CSIDH and post-quantum signatures. To avoid a similar stagnation of the new signature key pairs, a Key Pair Update procedure is also proposed to refresh them. The proposed solution is tested in a simulated setup and the results show that HAWK, SNOVA, MAYO, Falcon, and SQISign are viable candidates for post-quantum LoRaWAN deployments.References
Alagic, G. (2025). Status report on the fourth round of the nist post-quantum cryptography standardization process. Technical report, National Institute of Standards and Technology.
Alagic, G., Bros, M., Ciadoux, P., Cooper, D., Dang, Q., Dang, T., Kelsey, J., Lichtinger, J., Liu, Y.-K., Miller, C., Moody, D., Peralta, R., Perlner, R., Robinson, A., Silberg, H., Smith-Tone, D., and Waller, N. (2024). Status report on the first round of the additional digital signature schemes for the nist post-quantum cryptography standardization process. Technical report, National Institute of Standards and Technology (U.S.).
Almuhaya, M. A. M., Jabbar, W. A., Sulaiman, N., and Abdulmalek, S. (2022). A survey on lorawan technology: Recent trends, opportunities, simulation tools and future directions. Electronics, 11(1):164.
Butun, I., Pereira, N., and Gidlund, M. (2018). Security risk analysis of lorawan and future directions. Future Internet, 11(1):3.
Castryck, W., Lange, T., Martindale, C., Panny, L., and Renes, J. (2018). CSIDH: An efficient post-quantum commutative group action. Cryptology ePrint Archive, Paper 2018/383.
Chen, X., Lech, M., and Wang, L. (2021). A complete key management scheme for lorawan v1.1. Sensors, 21(9):2962.
Dobraunig, C., Eichlseder, M., Mendel, F., and Schläffer, M. (2021). Ascon v1.2: Lightweight authenticated encryption and hashing. Journal of Cryptology, 34(3).
Donmez, T. C. M. and Nigussie, E. (2019). Key management through delegation for lorawan based healthcare monitoring systems. In 2019 13th International Symposium on Medical Information and Communication Technology (ISMICT), page 1–6. IEEE.
Figlarz, G. R. and Hessel, F. P. (2024). Enhancement in lorawan’s security with post-quantum key encapsulation method. In 2024 IEEE 10th World Forum on Internet of Things (WF-IoT), page 804–809. IEEE.
Hayati, N., Ramli, K., Windarta, S., and Suryanegara, M. (2022). A novel secure root key updating scheme for lorawans based on ctr aes drbg 128. IEEE Access, 10:18807–18819.
Issac, K., Pranay, G., Bharanidharan, N., and Rajaguru, H. (2020). A study on real world implementation and future trends of internet of things. In 2020 Fourth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), pages 357–361.
Jao, D. and De Feo, L. (2011). Towards Quantum-Resistant Cryptosystems from Super-singular Elliptic Curve Isogenies, page 19–34. Springer Berlin Heidelberg.
LoRa Alliance Technical Committee (2017). Lorawan 1.1 specification. Technical report, LoRa Alliance. Available at: [link]. Accessed: March 2025.
LoRa Alliance Technical Committee Regional Parameters Workgroup (2022). Lorawan regional parameters rp002-1.0.4. Available at: [link]. Accessed: March 2025.
Marlind, F. and Butun, I. (2020). Activation of lorawan end devices by using public key cryptography. In 2020 4th Cyber Security in Networking Conference (CSNet), page 1–8. IEEE.
Mekki, K., Bajic, E., Chaxel, F., and Meyer, F. (2018). Overview of cellular lpwan technologies for iot deployment: Sigfox, lorawan, and nb-iot. In 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), page 197–202. IEEE.
Milani, S. and Chatzigiannakis, I. (2021). Design, analysis, and experimental evaluation of a new secure rejoin mechanism for lorawan using elliptic-curve cryptography. Journal of Sensor and Actuator Networks, 10(2):36.
Ntshabele, K., Isong, B., Gasela, N., and Abu-Mahfouz, A. M. (2022). A comprehensive analysis of lorawan key security models and possible attack solutions. Mathematics, 10(19):3421.
Papatsaroucha, D., Astyrakakis, N., Pallis, E., Grammatikis, P. I. R., Sarigiannidis, P. G., and Markakis, E. K. (2024). A cloud-based key rolling technique for alleviating join procedure replay attacks in lorawan-based wireless sensor networks. In 2024 IEEE International Conference on Big Data (BigData), page 2811–2820. IEEE.
Qadir, J., Butun, I., Gastaldo, P., Aiello, O., and Caviglia, D. D. (2023). Mitigating cyber attacks in lorawan via lightweight secure key management scheme. IEEE Access, 11:68301–68315.
Ribeiro, V., Filho, R. H., and Ramos, A. (2019). A secure and fault-tolerant architecture for lorawan based on blockchain. In 2019 3rd Cyber Security in Networking Conference (CSNet), page 35–41. IEEE.
Robert, D. (2023). Breaking SIDH in Polynomial Time, page 472–503. Springer Nature Switzerland.
Shor, P. W. (1997). Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Journal on Computing, 26(5):1484–1509.
Sonmez Turan, M., McKay, K., Chang, D., Bassham, L. E., Kang, J., Waller, N. D., Kelsey, J. M., and Hong, D. (2023). Status report on the final round of the nist lightweight cryptography standardization process. Technical report, National Institute of Standards and Technology (U.S.).
The Things Network (2025). Lorawan airtime calculator. Available at: [link]. Accessed: March 2025.
Tsai, K.-L., Chen, L.-W., Leu, F.-Y., and Wu, C.-T. (2022). Two-stage high-efficiency encryption key update scheme for lorawan based iot environment. Computers, Materials & Continua, 73(1):547–562.
You, I., Kwon, S., Choudhary, G., Sharma, V., and Seo, J. T. (2018). An enhanced lorawan security protocol for privacy preservation in iot with a case study on a smart factory-enabled parking system. Sensors, 18(6):1888.
Alagic, G., Bros, M., Ciadoux, P., Cooper, D., Dang, Q., Dang, T., Kelsey, J., Lichtinger, J., Liu, Y.-K., Miller, C., Moody, D., Peralta, R., Perlner, R., Robinson, A., Silberg, H., Smith-Tone, D., and Waller, N. (2024). Status report on the first round of the additional digital signature schemes for the nist post-quantum cryptography standardization process. Technical report, National Institute of Standards and Technology (U.S.).
Almuhaya, M. A. M., Jabbar, W. A., Sulaiman, N., and Abdulmalek, S. (2022). A survey on lorawan technology: Recent trends, opportunities, simulation tools and future directions. Electronics, 11(1):164.
Butun, I., Pereira, N., and Gidlund, M. (2018). Security risk analysis of lorawan and future directions. Future Internet, 11(1):3.
Castryck, W., Lange, T., Martindale, C., Panny, L., and Renes, J. (2018). CSIDH: An efficient post-quantum commutative group action. Cryptology ePrint Archive, Paper 2018/383.
Chen, X., Lech, M., and Wang, L. (2021). A complete key management scheme for lorawan v1.1. Sensors, 21(9):2962.
Dobraunig, C., Eichlseder, M., Mendel, F., and Schläffer, M. (2021). Ascon v1.2: Lightweight authenticated encryption and hashing. Journal of Cryptology, 34(3).
Donmez, T. C. M. and Nigussie, E. (2019). Key management through delegation for lorawan based healthcare monitoring systems. In 2019 13th International Symposium on Medical Information and Communication Technology (ISMICT), page 1–6. IEEE.
Figlarz, G. R. and Hessel, F. P. (2024). Enhancement in lorawan’s security with post-quantum key encapsulation method. In 2024 IEEE 10th World Forum on Internet of Things (WF-IoT), page 804–809. IEEE.
Hayati, N., Ramli, K., Windarta, S., and Suryanegara, M. (2022). A novel secure root key updating scheme for lorawans based on ctr aes drbg 128. IEEE Access, 10:18807–18819.
Issac, K., Pranay, G., Bharanidharan, N., and Rajaguru, H. (2020). A study on real world implementation and future trends of internet of things. In 2020 Fourth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), pages 357–361.
Jao, D. and De Feo, L. (2011). Towards Quantum-Resistant Cryptosystems from Super-singular Elliptic Curve Isogenies, page 19–34. Springer Berlin Heidelberg.
LoRa Alliance Technical Committee (2017). Lorawan 1.1 specification. Technical report, LoRa Alliance. Available at: [link]. Accessed: March 2025.
LoRa Alliance Technical Committee Regional Parameters Workgroup (2022). Lorawan regional parameters rp002-1.0.4. Available at: [link]. Accessed: March 2025.
Marlind, F. and Butun, I. (2020). Activation of lorawan end devices by using public key cryptography. In 2020 4th Cyber Security in Networking Conference (CSNet), page 1–8. IEEE.
Mekki, K., Bajic, E., Chaxel, F., and Meyer, F. (2018). Overview of cellular lpwan technologies for iot deployment: Sigfox, lorawan, and nb-iot. In 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), page 197–202. IEEE.
Milani, S. and Chatzigiannakis, I. (2021). Design, analysis, and experimental evaluation of a new secure rejoin mechanism for lorawan using elliptic-curve cryptography. Journal of Sensor and Actuator Networks, 10(2):36.
Ntshabele, K., Isong, B., Gasela, N., and Abu-Mahfouz, A. M. (2022). A comprehensive analysis of lorawan key security models and possible attack solutions. Mathematics, 10(19):3421.
Papatsaroucha, D., Astyrakakis, N., Pallis, E., Grammatikis, P. I. R., Sarigiannidis, P. G., and Markakis, E. K. (2024). A cloud-based key rolling technique for alleviating join procedure replay attacks in lorawan-based wireless sensor networks. In 2024 IEEE International Conference on Big Data (BigData), page 2811–2820. IEEE.
Qadir, J., Butun, I., Gastaldo, P., Aiello, O., and Caviglia, D. D. (2023). Mitigating cyber attacks in lorawan via lightweight secure key management scheme. IEEE Access, 11:68301–68315.
Ribeiro, V., Filho, R. H., and Ramos, A. (2019). A secure and fault-tolerant architecture for lorawan based on blockchain. In 2019 3rd Cyber Security in Networking Conference (CSNet), page 35–41. IEEE.
Robert, D. (2023). Breaking SIDH in Polynomial Time, page 472–503. Springer Nature Switzerland.
Shor, P. W. (1997). Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Journal on Computing, 26(5):1484–1509.
Sonmez Turan, M., McKay, K., Chang, D., Bassham, L. E., Kang, J., Waller, N. D., Kelsey, J. M., and Hong, D. (2023). Status report on the final round of the nist lightweight cryptography standardization process. Technical report, National Institute of Standards and Technology (U.S.).
The Things Network (2025). Lorawan airtime calculator. Available at: [link]. Accessed: March 2025.
Tsai, K.-L., Chen, L.-W., Leu, F.-Y., and Wu, C.-T. (2022). Two-stage high-efficiency encryption key update scheme for lorawan based iot environment. Computers, Materials & Continua, 73(1):547–562.
You, I., Kwon, S., Choudhary, G., Sharma, V., and Seo, J. T. (2018). An enhanced lorawan security protocol for privacy preservation in iot with a case study on a smart factory-enabled parking system. Sensors, 18(6):1888.
Published
2025-09-01
How to Cite
SALDANHA, Matheus de O.; GIRON, Alexandre A.; CUSTÓDIO, Ricardo; IDALINO, Thaís B..
Enhancing LoRaWAN Security: Addressing Static Root Keys with Post-Quantum Cryptography. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 367-383.
DOI: https://doi.org/10.5753/sbseg.2025.11371.
