Constrained Signaling Over LPWA

The goal of this document is to provide the necessary mechanisms to operate a Low-Power Wide-Area Network (LPWA) by using IETF CoAP as a core signaling protocol. Long-range, low-rate radio technologies have emerged in the past several years, and are the base for building LPWAs. LPWAs generally have the following characteristics: Work in narrow, license-free (ISM) bands with good propagation properties (< 1GHz) Low- to very-low throughput (1-200 kbps) Low-power operation (25 mW in Europe) Long-range communication capabilities (up to 30 km with line-of-sight, several km in urban environment) Strong channel access restrictions (1% to 10% duty cycling) Infrastructure-based Star topology LPWAs are built on radio communication technologies, which use advanced signal processing techniques and combination of appropriate modulation and coding approaches to provide the aforementioned radio characteristics. The absence of license fees and the far-reaching connectivity allow for an extremely competitive pricing of LPWAs compared to other networking technologies, e.g. cellular or mesh. LPWAs are sometimes referred to as LP-WAN or LR-WAN (Low-Rate WAN). Even though LPWAs are extremely limited in terms of network performance, they are enough for a wide class of applications, among which : Metering (water, gas, electricity) Infrastructure networks (water, gas, electricity, roads, pipelines, drains) Environment/Smart City (waste management, air pollution monitoring and alerting, acoustic noise monitoring, public lighting management, parking management, self service bike rental, digital board monitoring, water pipe leakage monitoring) Environment/Country side (soil quality, livestock surveillance, cattle and pet monitoring, climate, irrigation) Remote monitoring (house, building) Industrial (water tank, asset tracking) Automotive (vehicle tracking, impact detection, pay as you drive, assistance request, ...) Logistics (goods tracking, conservation monitoring) Healthcare (patient monitoring, home medical equipment usage) House appliances (pet tracking, white goods, personal asset) Truck (tyre monitoring) Identification (authentication) The IEEE is studying LPWAs, but limited to the case of low-energy critical infrastructure monitoring (LECIM), under the group IEEE 802.15.4k . The combination of the above characteristics and the envisioned applications define a new class of networks with the following unique constraints: Potentially extremely high density (expected of up to 10k-100k+ end-devices managed by a single radio antena) Coexistence of delay-tolerant and critical applications (metering and alarms) Low-power, low-throughput, lossy connectivity (use of ISM bands) Limited payload (100 bytes max, typically less than 50 bytes, 12 bytes for UNB) CoAP is a client-server protocol specialized for constrained networks and devices. CoAP is highly optimized, extensible, standard protocol, which in conjunction with the Concise Binary Object Representation (CBOR) is the ideal candidate for the signaling protocol of the control plane of an LPWA. It can be used during all stages of the lifecycle of the network, e.g. discovery, authentication, operation. Furthermore, this can be achieved by following RESTful management paradigm, by using a particular resource tree definition or adopting COOL .

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

There are two classes of LPWA radio technologies, using different radio modulation approaches: Ultra Narrow Band (UNB) Spread-spectrum (SS) An example of UNB is the technology developed and promoted by SigFox . Semtech LoRa uses a direct-sequence spread-spectrum with orthogonal codes (OSSS). Both approaches have their advantages and will coexist in the future, as there are currently several operators, which deploy the two types in the same areas.

At the physical layer, the important part is the possibility to reconstruct the signal at long distances. The used ISM bands are defined around the world (e.g. 868 MHz in Europe and 900 MHz in USA) and require a 1% (or 10%) duty cycling, or alternatively - advanced detection and channel reallocation techniques. In reality, all deployed networks use the duty cycling limitation, with the following distinction. There is one 100kHz band in which 10% duty cycling is allowed, with a slightly more emission power. The rest of the bands are limited at 1% duty cycling and very restricted power of emission (e.g. 25 mW in Europe). UNB LPWAs make the distinction between Uplink and Downlink, first depending on the modulation, and second with the 10% duty-cycling channel been used for the Downlink. OSSS LPWAs make no such distinction, although for the operation of a network, an operator can chose to use the same Uplink/Downlink channel separation. Note that the 1% or 10% duty-cycle limitation counts for all trafic originating from an electronic equipment, e.g. an antena managing 100k objects must obey the same limitation as an end-device, with all frames emitted from the antena (data, acknowledgements) counting towards its quota.

Ultra Narrowband (UNB) technologies generally possess the following physical layer characteristics : Uplink: channelization mask 100kHz (600 kHz USA) baud rate 100 bauds (600 bauds USA) modulation BPSK Downlink: channelization mask: dynamic selection down link baud rate: 600 baud modulation scheme: GFSK downlink transmission power: 500 mW, 10% duty cycle

OSSS technologies possess the following physical layer characteristics : channelization mask: from 8 kHz to 500 kHz (depending on spreading factor) chip rate: 8 kcps up to 500 kcps data rate: 30-50 000 bps modulation scheme: equivalent to DSSS with orthogonal signaling No particular distinction is made between the Uplink and the Downlink.

Several proprietary MAC frame formats exist for UNB and OSSS. However, they are designed to operate the network in a centralized, highly-vertically-integrated fashion. The only standard MAC frame format is the IEEE 802.15.4k, which is based on the well-known IEEE 802.15.4 with the addition of a fragmentation sub-layer. The channel access method is based on ALOHA, although it is up to the network operator to chose if an appropriate end-node polling should be implemented.

We can identify three types of entities in a typical LPWA. These are: Node-F: far-reachable node, e.g. the end-point, object, device. Node-R: radio relay, bridging the LPWA radio technology to a different medium (often a LAN or cellular WAN). Node-G: gateway node, interconnection between the radio-relay node and the Internet.

| Node-R | <-- IP --> | Node-G | +--------+ +--------+ +--------+ ]]> General architecture of an LPWA. LPWA radio technology is used only between the Node-F and the Node-R. Of these, only Node-F and Node-R communicate through an LPWA radio technology. However, due to the extreme constraints of these technologies, they are always behind a gateway (Node-G). Note, that the Node-R and Node-G can be collocated, e.g. on a single hardware equipment. The Node-G is connected to the Internet and is assumed to have sufficient computational resources to store a context for each of the Node-Fs. The strong limitation here is the radio link. In an actual deployment, a (limited) set of Node-Rs cover a large area with a potentially very-high number of Node-Fs. A single Node-G is capable of controlling all Node-Rs.

An example coverage of an area with several Node-Rs. Note that a single Node-F may be covered by several Node-Rs.

Similar to other wireless infrastructure-based technologies, a Node-F can go through several stages: Semi-Association Network Discovery Association Authentication Dissociation The Node-F state machine is then the following:

Network discovery -> Associated -> Authenticated ^ | | | | | +------------------------------------------------------+ ]]> Node-F connectivity state machine. The Node-F can be in Semi-Associated mode. Upon start, and depending on the application, a Node-F can use a state of uni-directional communication, where it is considered semi-associated to the network. In that state, the Node-F broadcasts frames, handled by the Node-G, but the network cannot join the Node-F on a regular basis. This is a degraded LPWA operating mode and if caution is not used, can lead to significant scalability and evolvability issues. The Network Discovery can be reactive or proactive. The former is based on detecting beacon frames sent periodically by the network (e.g. Node-G). The latter is implemented by the Node-F broadcasting probe request frames, to which all appropriate Node-Gs must respond. Once a network has been discovered, the Node-F can associate to the network. The association creates the necessary (minimal) context on the Node-G, which initiates the authentication of the Node-F The authentication is initiated by the Node-G, which should allow for the necessary AAA exchanges to take place. If the authentication is successful, the Node-F enters the Authenticated state. In this stage there is bi-directional communication between the Node-F and the Node-G. If the authentication is not successful, the Node-F enters Disconnected state. Once in Authenticated state, the Node-F can downgrade its connectivity to Semi-Associated mode. The management of the node in Authenticated state is performed with COOL . As an example, managing the parameters of a Semtech LoRa device can be achieved through the use of the YANG module defined in Finally, the Node-F may decide to dissociate from the network by sending an explicit request. Upon dissociation the Node-G may release all contexts related to the Node-F and re-association requires going through the authentication stage again. Node mobility is achieved by explicitly dissociating from the old Node-G and then authenticating to the new Node-G. Implicit dissociation is also possible upon the expiration of predefined timers, or in case of mobility optimization.

Use as CoAP for signaling is implemented as follows. The MAC, network and/or transport layers MUST provide a mechanism to differentiate user data from signaling data frames (e.g. by using separate MAC addresses, IP addresses and/or UDP-ports). Both the Node-G and the Node-F are running CoAP servers for implementing the control plane. Frames exchanged over the LPWA radio interface and marked as "signaling data" are handled by the corresponding control plane CoAP servers. The Node-G runs a (virtual) CoAP server for each Node-F. This server is identified with a DNS name, e.g. "node123.home.node-g.example.com", which can be used explicitly in the CoAP messages via the Proxy-Uri option if needed. Note, that the Node-R acts only as a transceiver and as such is transparent from protocol point of view. As such, the following management scheme applies:

| Node-G | +--------+ +--------+ ]]> Node-F connectivity from protocol point of view.

When in a semi-associated state, a Node-F broadcasts its messages without performing network discovery, or association. If the Node-F is under the coverage of a Node-G, the Node-G will receive the broadcast, and forward the user data. The frames SHOULD be signed, so that they could be authenticated by the network. Layer 2 acknowledgements MUST be used, and in some cases piggybacking on them can provoke the Node-F to associate to the network. The broadcast messages MUST include the necessary information to join the user data destination, and enough information for the Node-G to authenticate the message sender. This can be achieved through a Confirmable CoAP message, where the user data are POSTed to a well-known resource defined on the Node-G. DTLS with integrity check can be used, with long-lived keys negotiated by the Node-F and the network. Alternatively, COSE objects may provide the necessary mechanisms. Even though an application can be implemented by using only simplex association capabilities, there are non-negligible negative consequences related to scalability and evolvability in this case. For example, a Node-F which periodically broadcasts information will occupy the spectrum, even if there is no operator willing to accept its trafic. In addition, no channel access management can be applied.

A network can be discovered by a Node-F reactively or proactively. Reactive network discovery is based on the detection of periodic beacons emitted by the Node-G. The beacons are implemented with CoAP messages with the No-Response option . The Node-G POSTs its information to a well-known resource, e.g. "/network/node-G/" or a resource alias "/g". Alternatively, this could be achieved by POST-ting to a COOL container (e.g. POST /cool with data node ID = 1 for example).

Reactive network discovery. The Node-G sends periodically beacon messages, containing information pertinent to this network. The CoAP POST request is processed at the Node-F. A resource is created locally, with the representation, which provides the appropriate network parameters, e.g. network ID, Node-G ID, and other radio-related parameters, such as channel, beacon frequency and so forth. This information allows the Node-F to begin the authentication phase. A Node-F may chose to proactively probe for the existence of network coverage. In that case, it sends a Confirmable CoAP GET request to obtain the information from a well-known resource, normally published by the beacon messages, e.g. "/network/node-G/" or a resource alias "/g" or COOL data node ID ("/cool" data node ID = 2 for example).

Before being able to communicate, the Node-F must associate to the network, and then eventually authenticate. The association phase signals to the Node-G that there is a new device willing to communicate with the network. This association SHOULD provide enough information to allow the Node-G to start the authentication process. For example, it may provide the AAA server, which could authenticate the Node-F, or its EAP-Identity. Note, that the Node-F may elect to mark the association message with the No-response option , waiting for the subsequent authentication request from the Node-G.

The EAP-over-CoAP specifies an approach to encapsulating EAP messages over CoAP. This allows to authenticate a Node-F, which wishes to join an LPWA, and negotiate the L2 encryption keys, and DTLS keying material. As the Node-F has already associated to the Node-G, it is the Node-G that initiates the authentification request, by going directly to Step 1) of the EAP-over-CoAP specification.

Once the Node-F is authenticated to the network, it can send user data via the Node-G to any other end-point on the Internet. During the operation of the Node-F, the network may need to change one or more parameters concerning the LPWA radio parameters of the Node-F. These changes may even concern parameters related to the Node-F itself (such as sleep cycles), its network parameters (e.g. IP addresses), and so forth. This is achieved through the use of COOL . The appropriate YANG modules must be present on the Node-F (e.g. a Semtech LoRa Node-F should implement the .

| Header: 2.04 Changed | 2.04 | | | ]]> Example, in which the Node-G changes the Spreading Factor (e.g. COOL data node ID = 5) to 10, and the Channel (e.g. COOL data node ID = 6) to 2. Note, that the payload is encoded in CBOR.

If the Node-F wishes to deregister from the network, it could do so by deleting the context created upon association:

This memo includes no request to IANA.

All drafts are required to have a security considerations section. See RFC 3552 for a guide.

We want to thanks Alexander Pelov for all his inputs and corrections he has done to this work.