1

Gemserv The Buzz About Low Power Networks

The Buzz About Low Power Networks

General Overview and Security Considerations

3

Gemserv The Buzz About Low Power Networks

WHAT IS A LPWAN?

In the context of Internet of Things (IoT) applications and M2M solutions, where thousands of battery-powered sensors and smart devices spread over a large area are being deployed, the need for wireless communication technologies that allow long range connectivity and low power consumption is evident. Low Power Wide Area Networks (LPWANs) address this need and play a crucial role in enabling IoT applications that were previously prohibitive due to cost, such as smart grids, smart cities, and smart metering, to name a few. For clarification, LPWAN is not a standard. It is a term that is used to encompass protocols and implementations that share the same two characteristics, as the name suggests:

1. Low Power: devices and smart objects operate on batteries that can last 10+ years.

2. Wide Area: the operating range of these wireless networks is in the order of kilometres, depending on the area of deployment (i.e. rural, urban).

These types of networks not only make it possible to achieve long battery life for devices and long-range communication, but also enhanced coverage and power efficiency.

Too good to be true? Well, all these advantages are obtained at the expense of the data rate. It is, therefore, clear that not all IoT use cases can be solved using this radio technology. In fact, LPWANs are considered for applications where high latency is not a major issue, nor is low data rate. Furthermore, low connectivity cost remains one of the main drivers for the adoption of this type of network, for the number of devices connected to the internet is already significant and predicted to increase1.

Figures 1 and 2 show visually where each type of network that could be used for IoT and M2M applications is located, in terms of data rate, range, and power consumption. As one can see, the overlap between the various types of networks is very little if not zero, showing how the use of one over another is very much application-dependent. Cellular networks such as GSM and LTE, for instance, offer wide-area coverage. However, when it comes to battery consumption the difference with LPWANs is evident. Bluetooth Low Energy (BLE) and ZigBee are examples of technologies that offer low-power connectivity and good battery life. Though, they do not satisfy the long-range communication requirement.

FIGURE 1: WIRELESS STANDARDS POWER VS. RANGE COMPARISON

FIGURE 2: WIRELESS STANDARDS THROUGHPUT VS. RANGE COMPARISON2

Pow

er C

onsu

mpt

ion

Range

10m 1km 5km 10km 50km

High

Avg

Low

LPWAN

Cellular(2G, 3G, 4G...)

Short Range Comm.

(Bluetooth, ZigBee...)

802.11x WiFi

Dat

a Ra

te (b

ps)

Range

10m 1km 5km 10km 50km

10m

1kLPWAN

Cellular(2G, 3G, 4G...)

Short Range Comm.

(Bluetooth, ZigBee...)

802.11x WiFi

10100

100k

1. IoT Analytics https://iot-analytics.com/state-of-the-iot-update-q1-q2-2018-number-of-iot-devices-now-7b/

2. Etsi-LTN Functional Architecture https://www.etsi.org/deliver/etsi_gs/LTN/001_099/002/01.01.01_60/gs_LTN002v010101p.pdf

4 5

The Buzz About Low Power NetworksGemserv Gemserv The Buzz About Low Power Networks

DISTINCTIVE FEATURES Now we know that LPWANs can offer low-power connectivity and long-range communication, at a very low cost. The question that this section is addressing is, how can LPWANs achieve such conflicting design goals? Our purpose is to shed some light on the techniques used by LPWAN technologies, to better understand what sets them apart from other types of networks.

LOW POWER

This feature is achieved mainly thanks to three aspects, namely, network topology, duty cycling, and offloading complexity. Most LPWANs use a star network topology, as opposed to a mesh configuration. In a star network, end-devices are connected directly to the access points, allowing devices to save on battery, as they do not need to receive and repeat the signals from neighbouring devices. Furthermore, another advantage of this configuration is that star topology networks are less inclined to experience congestion. Duty cycling refers to the constraint in transmission, and

it is defined as the maximum ratio of Time On the Air (TOA) per hour – as an example, a 1% duty cycle would result in a TOA of maximum 36sec/hour. Within the duty cycle limitation, devices in LPWA networks may transmit at any time (employing access methods that are typically ALOHA-based). Downlink communication usually follows a schedule that is predefined: Devices either listen for a short time after an uplink transmission or they wake up at specific intervals agreed with the base station. This allows end-devices, when not on-air, to turn off power-hungry hardware components (i.e. transceivers) and increase their battery lifetime.

Offloading complexity refers to the decision of keeping the design of end-devices as simple as possible, both in terms of hardware and software. In fact, complex tasks are carried out by base stations or by the back-end system rather than the end-nodes, saving in processing power.

LONG RANGE

The transmission range of a radio signal is determined by various factors, such as the frequency of operation, data rate and modulation, receiver sensitivity and power gains and losses along the communication link. Low frequencies travel farther than higher frequencies, reason why most LPWA technologies use the Sub-1GHz band for communication – examples are the 433 or 868 MHz bands in Europe, and 915 MHz in the United States. Data rate is also linked to long-range transmissions. In fact, LPWANs can slow the modulation rate, translating into higher energy associated with each transmitted symbol (Shannon-Hartley theorem). This, in turns, plays a crucial role in increasing the receiver sensitivity, or the link budget (see following section). In simple terms, more energy per symbol means that a message has a higher possibility of being heard. One question that might come to mind is how LPWAN solutions address noise and interference.

FIGURE 3 NETWORK TOPOLOGIES: STAR VS. MESH

There are two modulation techniques that have been adopted by LPWA technologies, namely narrow-band and spread spectrum. Narrow-band techniques make use of narrow transmission channels to limit the noise level associated to each transmitted symbol. The narrower the channel, the less in-band noise is received. Spread spectrum techniques, on the other hand, make use of all the available bandwidth, resulting in signals that can be received below the noise floor. Figure 3 shows the different approach of these two techniques.

LOW COST

As previously mentioned, this aspect of LPWANs is possibly the main reason of its commercial success. Low costs are achieved by a reduction of the device hardware complexity (as end-nodes only need basic processing capability), by a simplified network infrastructure (as one base station can serve thousands of devices distributed over a wide area), and, lastly, by using license-free or owned licensed bands, which allows to avoid licensing costs.

FIGURE 4 WAVEFORMS RELATIVE TO SS AND UNB MODULATIONS

Pow

er (d

B)

Spread-spectrum waveform

Narrowband waveform

Noise level

f (Hz)

6 7

The Buzz About Low Power NetworksGemserv Gemserv The Buzz About Low Power Networks

THE LINK BUDGET

When it comes to deploying large-scale networks, a key parameter used to assess the overall system performance is the link budget. This is a parameter that accounts for all gains and losses from the transmitter to the receiver, through the medium. In simple terms, what happens is that a device transmits with a certain power.

The signal that is being transmitted will experience some degree of deterioration, especially due to path losses. The resulting signal power at the receiver’s end must be high enough for the receiver to detect the signal. As LPWAN technologies are designed for achieving long-range communication, receivers are characterised by a sensitivity that can be up to 40dB3 higher than non-LPWAN receivers – the greater the sensitivity, the longer the range.

LPWAN KEY PLAYERS

There are many competing technologies emerging in the LPWAN space, and each solution presents its distinctive features. This section aims at making some sense of the quite confusing LPWAN landscape.

Generally, LPWAN solutions are divided between technologies that use the unlicensed spectrum (ISM bands - Sub-1GHz, 2.4GHz), and technologies that use the licensed spectrum (Cellular network infrastructure). What is the best choice? The answer is, not surprisingly, that it depends on the use case. In fact, both implementations have their pros and cons and they complement each other perfectly. There is a need for coexistence between solutions to truly enable the full potential of the IoT, and here’s why: license spectrum technologies can provide reliable connectivity and more advanced security, which is suitable for business and enterprise IoT implementations, where factors such as low latency communications and high quality of service are considered critical. In addition, by making use of existing cellular networks, IoT connectivity is usually one software upgrade away4. Unlicensed spectrum technologies, on the other hand, have the potential of enabling the IoT in areas with no cellular coverage, and are suitable for applications that require low throughput and are not affected by a higher latency. In addition, these solutions generally have the advantage of a lower deployment and operational cost.

Next, a brief overview of the most popular LPWAN technologies currently on the market is presented. Note that these are only a handful, and have been chosen based on their commercial success. They are: LoRa, NB-IoT, Sigfox, and Ingenu.FIGURE 5 VISUALIZATION OF SYSTEM'S FACTORS AFFECTING

THE LINK BUDGET

Am

plitu

de (d

Bm)

PTX LTX GTX LPATH GRX LRX PRX

TX RX

4. GSMA - https://www.gsma.com/iot/mobile-iot-executive-summary/

9

Gemserv The Buzz About Low Power Networks

8

The Buzz About Low Power NetworksGemserv

LORA/LORAWAN

LoRa, which is short for “Long Range”, defines the physical communication layer that uses the proprietary spread spectrum modulation technique developed by start-up Cyleo, back in 2009, and subsequently acquired by Semtech in 2012. LoRaWAN, on the other hand, refers to the most popular MAC layer used for LoRa, and developed by the LoRa Alliance as an open standard. However, it should be noted that Semtech is still the provider of the LoRa chip.

NB-IOT

NB-IoT is the LPWA standard introduced by 3GPP in their Release 13 in 2016, with the purpose of providing a solution for wide-are coverage for the IoT. It is a licensed technology based on cellular network and can co-exist with GSM and LTE. In fact, this technology has three deployment modes specified by 3GPP, and these can be either within the LTE bands (in-band or guard-band deployment mode) or outside the LTE bands (standalone deployment).

SIGFOX

Sigfox is a French company that was founded in 2009. It commercialises its own ultra-narrow band proprietary communication technology, which operates in the unlicensed Sub-1GHz ISM radio band. The company is an LPWAN network operator that offers IoT connectivity by deploying its proprietary base stations, and at the same time, it licenses/sells its network technology to mobile operators across various countries.

INGENU

Ingenu, founded in 2008, is a company provider of wireless networks. The LPWAN solution proposed by Ingenu is a technology called Random Phase Multiple Access (RPMA), which is a form of Direct Sequence Spread Spectrum (DSSS). This proprietary solution operates in the globally available 2.4GHz ISM band (that of WiFi and Bluetooth). RPMA has a better uplink and downlink capacity, compared to some of its competitors, however, it might suffer from higher interference, less building penetration, and a shorter battery life.

SECURITY CONSIDERATIONS

LPWA networks provide support and connectivity for thousands of devices deployed over wide areas and with a battery-life expectancy of 10+ years. Given these characteristics, the concept of security by design must be at the top of the list of things to consider before implementing any LPWAN solution. Security by design refers to when the system infrastructure and technology is designed to cover the fundamentals (at the very least) of security vulnerabilities before deployment, when the system is designed with the assumption that it will experience some degree of hacking. One can imagine how costly, both in resources and time, it would be having to add layers of security post-deployment in a network of thousands of objects. Remember that connected devices used in LPWAN do not have the same processing capability and communication resources as traditional IT systems – even simple changes to a device can be difficult, due to very limited (downlink) capabilities.

When talking about security, be it point-to-point or end-to-end (yes, there is a difference), it is important to look at the system as a whole, because (not surprisingly) a system is as secure as its weakest link. In a generic LPWA network, security areas that need attention (prepare for a long list) are, namely, the physical device, the radio communication link to the gateway, the gateway (or base station), the communication link from the gateway to the backend system, the backend system (or network server), the link from the network server to the application server, and, lastly, the application. Although not all areas will be covered in this paper, as general advice, it is important to understand where the technology in use can help and where the user needs to take responsibility. For instance, when looking at device security, possible attacks involve physical tampering, keys extraction, and firmware modifications, to name a few.

Most technologies use unique keys per device for authentication and integrity purposes, however, for some use cases that is not enough. In fact, if some degree of physical protection, secure elements for key protection, and firmware signing are not implemented, an attacker could easily break the hardware, eavesdrop on the communication or spoof a device.

Furthermore, when discussing the radio link, data confidentiality plays an important role. It is almost always achieved by using encryption mechanisms, however, it is worth pointing out that not all LPWAN technologies enable encryption by default. Sigfox, for instance, does not provide data confidentiality – it is the user who, if possible, should add encryption, by using secure elements (SE), or block ciphers such as AES-128 in CTR mode, or by developing their own encryption mechanisms5. Reliable delivery is also another security aspect to consider in the radio link. It refers to the confirmation of successful delivery of a message. Technologies with limited downlink capabilities might, in fact, not be the preferred choice for use cases in which acknowledgment of message delivery is a requirement. A more general security issue that poses a high threat in the LPWAN space is device updatability and firmware upgrades. With a reported 600% increase in IoT attacks6, a system must be able to respond by integrating patching capabilities and software/firmware upgrades. In addition, mechanisms should be in place for updatability of long-term stored keys, in the event they are compromised. If these two points cannot be implemented in a given use case, the user should be advised to implement other mechanisms for dealing with serious vulnerabilities, which can be as simple as disabling compromised devices.

5. Sigfox - Recommendation Guide – http://www.aerea.nl/wp-content/up-loads/2018/06/Secure-Sigfox-Ready-devices-recommendation-guide-II.pdf

6. Semantech - https://www.symantec.com/content/dam/symantec/docs/re-ports/istr-23-executive-summary-en.pdf

10

The Buzz About Low Power NetworksGemserv

EMERGING APPLICATIONS

There are a number of parameters to consider when choosing the appropriate technology, ranging from network coverage, to scalability, to security, and ultimately, the use case will determine the adopted solution. Industry sectors that have adopted LPWAN are continuously increasing. This section summarises a few examples, highlighting security threats and needs.

MANUFACTURING INDUSTRY

One of the earliest adopters of M2M communication for improving supply chain efficiency. Asset control and tracking location are only a couple of possible uses of these technologies. Asset control and location-tracking sensors can be exploited if security is not correctly implemented. An attacker might be able to spoof devices and cover the tracks of the transported goods. They could monitor the asset locations and find a convenient time to steal it. What are the countermeasures that should be in place? Data confidentiality and integrity, replay protection, and device authentication would be a good start.

GENERAL UTILITIES

This sector includes found smart metering implementations and monitoring solutions for electricity, gas, and water. For these, technologies that allow low data volumes, and low-cost communications are ideal. However, what if a malicious actor tries to modify meter readings to a lower value? And what if the very same actor tries to disable the service in a particular area for ransom? Countermeasures that must be in place are data availability, confidentiality, and integrity. In addition, a good network monitoring and filtering system should be considered, as well as identity protection.

SMART CITY LIGHTING

This use case can be quite appealing at a city level. Smart lights allow for massive energy savings, and for a more effective maintenance of the system. Nevertheless, connected lights can pose a serious threat if vulnerabilities in the system are exploited. An example would be the possibility to override the system and thus change the lights schedule. It could even be possible to turn off lights in a particular street/area, threatening the safety of drivers and residents. Data integrity and availability must be implemented in such systems, as well as network authentication, to name but a few.

CONCLUSION

When looking at large scale applications, IoT has shown a clear need for long-range and low-power types of communication in order to support a high number of smart devices spread over a wide area. LPWANs offer a low-cost solution to this need. However, due to a lack of standards, many LPWAN solutions have been proposed, causing a fragmentation in the market. All proposed LPWAN solutions aim to offer low power and long-range connectivity, though every solution presents many technical differences from one another, and it will be the specific use case that determines which solution is the best fit.

In terms of security, the need for a baseline that follows industry standards, transparent to users and simple, should be the norm. Too many LPWAN security features are only optional, some are disabled or not even made available by the operators7. It is important to understand where the user needs to step in and take responsibility, to cope with the missing pieces.

7. Franklin Heath Ltd – https://fhcouk.files.wordpress.com/2017/05/lpwa-secu-rity-white-paper-1_0_1.pdf

12

The Buzz About Low Power Networks

Contact Us

Author

To get in touch with us contact us at:

E: connected.devices@gemserv.comT: +44 (0)20 7090 1000W: www.gemserv.com@gemserv

London Office8 Fenchurch PlaceLondonEC3M 4AJCompany Reg. No: 4419878

Alessandro ScarlattiTechnical Consultant – Connected Devices

GemservWe are an expert provider of professional services enabling the energy market transformation and data revolution. Our vision is to ensure that complex markets work for everyone’s benefit.