03.10.2025 36

LoRaWAN and cybersecurity in plain terms: how data is encrypted and what to do to keep the network reliable

LoRaWAN technology is already widely used for remote metering and urban telemetry. However, once a large number of meters and sensors are involved, security comes to the forefront as part of a broader IoT data protection issue.

This article explains what exactly LoRaWAN encrypts, which mistakes are most common during deployment, and which settings ensure secure data transmission through secure wireless communication.

What exactly LoRaWAN protects and who can see the data

In LoRaWAN networks, protection is built directly into the communication rules. Two layers operate in tandem. The network layer ensures that a frame is not corrupted in transit via a MIC integrity check. The application layer encrypts the “contents” of the frame—the meter readings and telemetry—so that even the network operator cannot read them. This type of protection is called application layer security and is backed by AES-128 encryption and LoRaWAN encryption.

Recent protocol versions further separate roles and keys to reduce LoRaWAN vulnerabilities and strengthen LoRaWAN authentication privacy.

Devices are best attached using the OTAA join procedure, where session keys are generated automatically and can be rotated regularly, enabling secure key exchange. The ABP mode is convenient for laboratory tests, but is less suitable for real projects because keys are static.

Each frame carries a counter whose value only increases, providing replay attack prevention. To prevent a device from “forgetting” this counter after reboot, it is stored in non-volatile memory as part of rigorous device provisioning and device authentication IoT practices.

Gateways and the “cloud”: where configuration errors are most common

A gateway is the bridge between the radio channel and the IP segment. A secure configuration is the LoRa Basics™ Station with TLS and certificate-based authentication—core measures of gateway security. Gateways are usually isolated into a dedicated network, allowed only strictly defined outbound connections, and kept current with timely firmware updates.

To mitigate against possible IoT cybersecurity risks, the same strict approach applies in the cloud: LoRaWAN servers (network, join, and application) communicate only over TLS with mutual authentication, use role-based access control, and maintain event logs.

Typical threats

Eavesdropping on the radio does not reveal contents, as data is protected by end-to-end encryption LoRaWAN, and integrity is verified. Replaying a captured frame will also not work because of the counter. A cloned device is detected and blocked thanks to unique keys and the secure attachment procedure (OTAA).

Interference on the air is a real issue for any radio network. It is mitigated by overlapping coverage (several gateways “hearing” the same device) and by monitoring link quality, such as the share of lost packets and signal level, using intrusion detection IoT–style observability. At critical sites, a backup channel is added.

Risks in the cloud are reduced by traditional measures such as network segmentation, least-privilege access for users and services, multi-factor authentication, timely updates, external vulnerability assessments, and an incident recovery plan—all of which is essential for data confidentiality within IoT devices backends.

Personal data: why this matters

Meter readings reflect the behavior of people and organizations and are considered sensitive information in smart city carbon management–style reporting. Sound practice is to transmit only the necessary minimum, strictly limit access, define retention periods in advance, and use anonymization for open reports and public dashboards.

A brief configuration guide for cybersecurity

  • Attach devices via OTAA, store keys in protected vaults, rotate session keys regularly, and keep frame counters in non-volatile memory.
  • Build encrypted channels: TLS between gateways and the backend and between all backend components, with mutual authentication.
  • Isolate gateways on the network, keep software updated, apply allow-lists for connections, and use the principle of least privilege.
  • Introduce role-based access control, multi-factor authentication, action auditing, and immutable event logs.
  • Continuously observe network health: fraction of successful transmissions, signal level, join anomalies, “silent” nodes, and counter resets.
  • Formalize the lifecycle: checklist-based acceptance, device identifier inventory, signed firmware and secure over-the-air updates, regular audits, and recovery drills.

LoRaWAN provides a high level of security, including encryption, integrity control, and protection against replays—foundational elements of end-to-end encryption LoRaWAN. However, to make this ensemble a full-fledged “immune system,” it is important to attach devices correctly, manage keys with discipline, configure gateways and servers properly, and maintain continuous monitoring. 

Putting these safeguards in place will make it easier to demonstrate compliance, reduce costs, and ensure a stable service because data is protected, the network operates predictably, and users receive accurate bills—outcomes that are aligned with IoT sustainability projects, environmental monitoring systems, and data analytics best practices.

Was it helpful?

3

Other articles

03.10.2025 / Darya Pozharska LoRaWAN and cybersecurity in plain terms: how data is encrypted and what to do to keep the network reliable

LoRaWAN technology is already widely used for remote metering and urban telemetry. However, once a large number of meters and sensors are involved,...

Read more
01.10.2025 / Darya Pozharska Emergency Protection: NB-IoT Valves and LoRaWAN Leak Sensors in Apartment Buildings

Modern apartment buildings are becoming increasingly complex in their engineering systems, while the risk of accidents due to water leaks or heat...

Read more
26.09.2025 / Darya Pozharska The Role of LoRaWAN in Decarbonization: how to calculate the carbon footprint and reduce it with IoT

Decarbonization of urban infrastructure begins with accurate data. Without regular, comparable, and verifiable readings, it is impossible either to...

Read more
22.09.2025 / Darya Pozharska Which Metrics to Collect from LoRaWAN Devices to Build an Effective Resource-Consumption Model

Accurate resource-consumption models underpin managed tariffs, capacity planning, and loss reduction. LoRaWAN data collection gives utilities and...

Read more
18.09.2025 / Darya Pozharska Roles and Areas of Responsibility in LoRaWAN Deployment: from Integrator to Network Owner

LoRaWAN projects rarely boil down to being as simple as “we installed a few sensors and everything worked.” In reality, they are almost always a...

Read more
04.09.2025 / Aleksey Kuznetsov Smart Water Meters on LoRaWAN/NB-IoT: Fast Results for Utilities and HOAs in 90 Days

Today, property management companies and housing associations increasingly face the problem of accurate and timely resource accounting. Traditional...

Read more
02.09.2025 / Aleksey Kuznetsov A City Without Cables: Roadmap for Transitioning Stationary Meters to Wireless LoRaWAN Accounting

Modern cities are changing rapidly. Where kilometers of cables once stretched, wireless communication and IoT smart metering is now increasingly...

Read more

Subscribe to our blog

Stay on top of the latest industry news

    By clicking Submit, you acknowledge that you have read and agree to our privacy policy.

    Your message has been sent successfully.

    Thank you, we have received your message. Our manager will contact you shortly.

    Jooby.Store: Shop Smart Metering Solutions

    Discover our remote metering devices, now available for retail purchase with delivery across Europe. Jooby.Store offers an extensive selection of intelligent radio modules and sensors for measuring gas, water, heat, and electricity consumption.
    Jooby.Store: Shop Smart Metering Solutions

    Ready to discuss a project?

    Our experts are always happy to help and promptly answer your questions. Please fill out the form to discuss your project and develop a tailored action plan.

      By clicking Submit, you acknowledge that you have read and agree to our privacy policy.

      Your message has been sent successfully.

      Thank you, we have received your message. Our manager will contact you shortly.

      Making a request

      By clicking Submit, you acknowledge that you have read and agree to our privacy policy.

      Your request has been sent

      Thank you, we have accepted your request. In the near future the responsible manager will contact you and clarify the details of the order.

      Ready to discuss a project?

      Our experts are always happy to help and promptly answer your questions. Please fill out the form to discuss your project and develop a tailored action plan.

        By clicking Submit, you acknowledge that you have read and agree to our privacy policy.

        Your message has been sent successfully.

        Thank you, we have received your message. Our manager will contact you shortly.