LPWAN GAP Analysis

LPWAN (Low-Power Wide Area Network) technologies are a kind of constrained and challenged networks . They can operate in license or license-exempt bands to provide connectivity to a vast number of battery-powered devices requiring limited communications. If the existing pilot deployments have shown the huge potential and the industrial interest in their capabilities, the loose coupling with the Internet makes the device management and network operation complex. More importantly, LPWAN devices are, as of today, with no IP capabilities. The goal is to adapt IETF defined protocols, addressing schemes and naming spaces to this constrained environment.

The LPWANs are large-scale constrained networks in the sense of with the following characteristics: very small frame payload as low as 12 bytes. Typical traffic patterns are composed of a large majority of frames with payload size around 15 bytes and a small minority of up to 100 byte frames. Some nodes will exchange less than 10 frames per day. very low bandwidth, most LPWAN technologies offer a throughput between 50 bit/s to 250 kbit/s, with a duty cycle of 0.1% to 10% on some ISM bands. high packet loss, which can be the result of bad transmission conditions or collisions between nodes. variable MTU for a link depending on the used L2 modulation. highly asymmetric and in some cases unidirectional links. ultra dense networks with thousands to tens of thousands of nodes. different modulations and radio channels. sleepy nodes to preserve energy. In the terminology of , these characteristics put LP-WANs into the “challenged network” category where the IP connectivity has to be redefined or modified. Therefore, LP-WANs need to be considered as a separate class of networks. The intrinsic characteristics, current usages and architectures will allow the group to make and justify the design choices. Some of the desired properties are: keep compatibility with current Internet: preserve the end-to-end communication principle. maintain independence from L2 technology. use or adapt protocols defined by IETF to this new environment that could be less responsive. use existing addressing spaces and naming schemes defined by IETF. ensure the correspondence with the stringent LPWAN requirements, such as: limited number of messages per device. small message size, with potentially no L2 fragmentation. RTTs potentially orders of magnitude bigger than existing constrained networks. optimize the protocol stack in order to limit the number of duplicated functionalities; for instance acknowledgements should not be done at several layers.

IPv6 has been designed to allocate addresses to all the nodes connected to the Internet. Nevertheless the 40 bytes of overhead introduced by the protocol are incompatible with the LPWAN constraints. If IPv6 were used, several LPWAN frames will be needed just to carry the header. Another limitation comes from the MTU limit, which is 1280 bytes required from the layer 2 to carry IPv6 packet . This is a side effect of the PMTU discovery mechanism, which allows intermediary routers to send to the source an ICMP message (packet too big) to reduce the size. An attacker will be able to forge this message and reduce drastically the transmission performances. This limit allows to mitigate the impact of this attack. IPv6 needs a configuration protocol (neighbor discovery protocol, NDP ) to learn network parameters, and the node relation with its neighbor. This protocol generates a regular traffic with a large message size that does not fit LPWAN constraints.

6LoWPAN only resolves the IPv6 constraints by drastically reducing IPv6 overhead to about 4 bytes for ND traffic, but the header compression is not better for an end-to-end communications using global addresses (up to 20 bytes). 6LoWPAN has been initially designed for IEEE 802.15.4 networks with a frame size up to 127 bytes and a throughput of up to 250 kb/s with no duty cycle regarding the usage of the network. IEEE 802.15.4 is a CSMA/CA protocol which means that every unicast frame is acknowledged. Because IEEE 802.15.4 has its own reliability mechanism by retransmission, 6LoWPAN does not have reliable delivery. Some LPWAN technologies do not provide such acknowledgements at L2 and would require other reliability mechanisms. 6lo extends the usage of 6LoWPAN to other technologies (BLE, DECT, …), with similar characteristics to IEEE 802.15.4. The main constraint in these networks comes from the nature of the devices (constrained devices), whereas in LPWANs it is the network itself that imposes the most stringent constraint. 6LoWPAN has optimized Neighbor Discovery by reducing the message size, the periodic exchanges and removing multicast message for point-to-point exchanges with border router.

6TiSCH is complementary to LPWA technologies. A key element of 6tisch is the use of synchronization to enable determinism. TSCH and 6TiSCH may provide a standard scheduling function. An LPWA may or may not support synchronization like the one used in 6tisch. The 6tisch solution is dedicated to mesh networks that operate using 802.15.4e MAC with a deterministic slotted channel. The TSCH can help to reduce collisions and to enable a better balance over the channels. It improves the battery life by avoiding the idle listening time for the return channel.

The LPWANs considered by the WG are based on a star topology, which eliminates the need for routing. Future works may address additional use-cases which may require the adaptation of existing routing protocols or the definition of new ones. For the moment, the work done at the ROLL WG and other routing protocols are out of scope of the LPWAN WG.

CoRE provides a resource-oriented application intended to run on constrained IP networks. It may be necessary to adapt the protocols to take into account the duty cycling and the potentially extremely limited throughput. For example, some of the timers in CoAP may need to be redefined. Taking into account CoAP acknowledgements may allow the reduction of L2 acknowledgements. The actual work in progress in the CoRE WG where the COMI/CoOL network management interface which uses Structured Identifiers (SID) to reduce payload size over CoAP proves to be a good solution for the LPWA technologies. The overhead is reduced by adding a dictionary which match a URI to a small identifier and a compact mapping of the YANG model into the CBOR binary representation.

Most of the LPWA integrate some authentication or encryption mechanisms that may not have been defined by the IETF. The working group will work to integrate these mechanisms to unify management. For the technologies which are not integrating natively security protocols, the group will adapt existing mechanisms to the LPWA constraints. The AAA infrastructure brings a scalable solution. It offers a central management for the security processes, draft-garcia-dime-diameter-lorawan-00 and draft-garcia-radext-radius-lorawan-00 explains the possible security process for a LORAWAN network. The mechanisms basically are divided by: key management protocols, encryption and integrity algorithms used. Most of the solutions do not present a key management procedure to derive specific keys for securing network and or data information. In most cases it is assumed a pre-shared key between the smart object and the communication endpoint.

LPWA nodes can be mobile. However, LPWAN mobility is different than the one specified for Mobile IP. LPWAN, implies sporadic traffic and will rarely be used for high-frequency, real-time communications. The applications do not generate a flow, they need to save energy and most of the time the node will be down. The mobility will imply most of the time a group of devices, which represent a network itself, the the mobility concerns more the gateway than the devices.

The purpose of the DNS is to enable applications to name things that have a global unique name. Lots of protocols are using DNS to identify the objects, especially REST and applications using CoAP. Therefore, things should be registred in DNS. DNS is probably a good point of research for the LPWA technologies, while the matching of the name and the IP information can be used to configured the LPWA devices.

Different technologies can be included under the LPWAN acronym. The following list is the result of a survey among the first participant to the mailing-list. It cannot be exhaustive but is representative of the current trends.

2 km urban | up to 100kbps| | +-------------+---------------+--------------+--------+ | NB-IoT * | <15 km | ~ 200kbps | >1000B | +-------------+---------------+--------------+--------+ * supports segmentation ]]> The table gives some key performance parameters for some candidate technologies. The maximum MTU size must be taken carefully, for instance in LoRa, it take up to 2 sec to send a 50 Byte frame using the most robust modulation. In that case the theoretical limit of 256 B will be impossible to reach. Most of the technologies listed in the Annex A work in the ISM band and may be used for private a public networks. Weightless-W uses white spaces in the TV spectrum and NB-LTE will use licensed channels. Some technologies include encryption at layer 2.

LORAWAN LoRaWAN provides a joining procedure called “Over the Air Activation” that enables a smart object to securely join the network, deriving the necessary keys to perform the communications securely. The messages are integrity protected and the application information is ciphered with the derived keys from the joining procedure. The joining procedure consists of one exchange, that entails a join-request message and a join-accept message. Upon successful authentication, the smart- object and the network-server are able to derive two keys to secure the communications (AppSKey and NwkSKey) SIGFOX The SIGFOX radio protocol provides mechanisms to authenticate and ensure integrity of the message. This is achieved by using a unique device ID and a message authentication code, which allow ensuring that the message has been generated and sent by the device with the ID claimed in the message. Security keys are independent for each device. These keys are associated with the device ID and they are pre-provisioned. Application data can be encrypted by the application provider. IEEE802.15.4k and IEEE802.15.4g There is no mention of acquiring key material to secure the communications. DASH-7 DASH-7 defines 2 keys for specific users (root, user) and a network key. Provides network security, integrity and encryption. The process of how these keys are distributed is not explained. RPMA They use security algorithms and provides for mutual device authentication, message authentication and message confidentiality. No mention of how the key material is distributed. Weightless They offer a joining procedure to network by authenticating the smart object. Integrity of the messages, encryption and key distribution NB-IoT ToDo. Not Access to the specification.

Thanks you very much for the discussion and feedback on the LPWAN mailing list, namely, Pascal Thubert, Carles Gomez, Samita Chakrabarti, Xavier Vilajosana, Misha Dohler, Florian Meier, Timothy J. Salo, Michael Richardson, Robert Cragie, Paul Duffy, Pat Kinney, Joaquin Cabezas and Bill Gage. We would like also to thanks the input made for the security part to Dan Garcia Carrillo et Rafael Marin Lopez