Умный город - Blog - LoRaWAN and cybersecurity in plain terms: how data is encrypted and what to do to keep the network reliable
03.10.2025
286
LoRaWAN technology is already widely used for remote metering and urban telemetry. However, once a large number of meters and sensors are involved, security comes to the forefront as part of a broader IoT data protection issue.
This article explains what exactly LoRaWAN encrypts, which mistakes are most common during deployment, and which settings ensure secure data transmission through secure wireless communication.
In LoRaWAN networks, protection is built directly into the communication rules. Two layers operate in tandem. The network layer ensures that a frame is not corrupted in transit via a MIC integrity check. The application layer encrypts the “contents” of the frame—the meter readings and telemetry—so that even the network operator cannot read them. This type of protection is called application layer security and is backed by AES-128 encryption and LoRaWAN encryption.
Recent protocol versions further separate roles and keys to reduce LoRaWAN vulnerabilities and strengthen LoRaWAN authentication privacy.
Devices are best attached using the OTAA join procedure, where session keys are generated automatically and can be rotated regularly, enabling secure key exchange. The ABP mode is convenient for laboratory tests, but is less suitable for real projects because keys are static.
Each frame carries a counter whose value only increases, providing replay attack prevention. To prevent a device from “forgetting” this counter after reboot, it is stored in non-volatile memory as part of rigorous device provisioning and device authentication IoT practices.
A gateway is the bridge between the radio channel and the IP segment. A secure configuration is the LoRa Basics™ Station with TLS and certificate-based authentication—core measures of gateway security. Gateways are usually isolated into a dedicated network, allowed only strictly defined outbound connections, and kept current with timely firmware updates.
To mitigate against possible IoT cybersecurity risks, the same strict approach applies in the cloud: LoRaWAN servers (network, join, and application) communicate only over TLS with mutual authentication, use role-based access control, and maintain event logs.
Eavesdropping on the radio does not reveal contents, as data is protected by end-to-end encryption LoRaWAN, and integrity is verified. Replaying a captured frame will also not work because of the counter. A cloned device is detected and blocked thanks to unique keys and the secure attachment procedure (OTAA).
Interference on the air is a real issue for any radio network. It is mitigated by overlapping coverage (several gateways “hearing” the same device) and by monitoring link quality, such as the share of lost packets and signal level, using intrusion detection IoT–style observability. At critical sites, a backup channel is added.
Risks in the cloud are reduced by traditional measures such as network segmentation, least-privilege access for users and services, multi-factor authentication, timely updates, external vulnerability assessments, and an incident recovery plan—all of which is essential for data confidentiality within IoT devices backends.
Meter readings reflect the behavior of people and organizations and are considered sensitive information in smart city carbon management–style reporting. Sound practice is to transmit only the necessary minimum, strictly limit access, define retention periods in advance, and use anonymization for open reports and public dashboards.
LoRaWAN provides a high level of security, including encryption, integrity control, and protection against replays—foundational elements of end-to-end encryption LoRaWAN. However, to make this ensemble a full-fledged “immune system,” it is important to attach devices correctly, manage keys with discipline, configure gateways and servers properly, and maintain continuous monitoring.
Putting these safeguards in place will make it easier to demonstrate compliance, reduce costs, and ensure a stable service because data is protected, the network operates predictably, and users receive accurate bills—outcomes that are aligned with IoT sustainability projects, environmental monitoring systems, and data analytics best practices.
Stay on top of the latest industry news
Thank you, we have received your message. Our manager will contact you shortly.
Our experts are always happy to help and promptly answer your questions. Please fill out the form to discuss your project and develop a tailored action plan.
Thank you, we have received your message. Our manager will contact you shortly.
Thank you, we have accepted your request. In the near future the responsible manager will contact you and clarify the details of the order.
Our experts are always happy to help and promptly answer your questions. Please fill out the form to discuss your project and develop a tailored action plan.
Thank you, we have received your message. Our manager will contact you shortly.