LoRaWAN uses two-layer AES-128 encryption: the NwkSKey provides frame authentication and integrity (between the device and the Network Server), while the AppSKey encrypts the application payload (between the device and the Application Server).
True
The Network Session Key (NwkSKey) is an AES-128 key used to compute a CMAC over each frame, which provides both authentication of the sender and integrity of the MAC header and payload. The Application Session Key (AppSKey) is a separate AES-128 key used in AES-CTR mode to encrypt the application payload end-to-end between the device and the Application Server. As a result, the Network Server can route and deduplicate frames but cannot decrypt the application payload — only the Application Server, which holds the AppSKey, can do so. This is a deliberate privacy-by-design pattern: the network operator never sees the customer data in clear.
Never store AppSKey on the same server as the rest of the network state — separating the Join Server, Network Server and Application Server key stores is a key requirement of the LoRaWAN 1.1 security model and good practice even on 1.0.x.
LoRaWAN bank in preparation
The full LoRaWAN bank isn't available yet. Drop your email to get notified at launch and grab an early-bird discount.
Join the waitlist →See the 9 other LoRaWAN practice questions
Related questions
- An important distinction must be made: "LoRa" is the physical-layer radio modulation (CSS, Chirp Spread Spectrum, proprietary to Semtech), whereas "LoRaWAN" is the MAC-layer protocol and network architecture (an open standard from the LoRa Alliance) built on top of LoRa.1. Architecture · LoRa vs LoRaWAN
- LoRaWAN uses a "star-of-stars" topology: each end device transmits unidirectionally toward ALL in-range gateways, the gateways forward the packet to the Network Server, which deduplicates the copies; there is no mesh between end devices.1. Architecture · Star-of-Stars-Topologie
- As of 2026, the main public LoRaWAN operators in France are: Orange Live Objects (near-nationwide coverage), Bouygues Objenious (in sunset), Helium Network (community-driven) and Loriot (Swiss-based commercial Network Server vendor, not a public carrier). In addition, many deployments are run on private networks (dedicated infrastructure).6. Network providers · Öffentliche Betreiber
- For critical IoT deployments (smart city, industrial sites, fleet asset tracking), private LoRaWAN networks are often preferred over public operators: full infrastructure control, contractual SLA, stronger security and no commercial dependency on a third-party operator.6. Network providers · Öffentlich vs. Privat
- Typical LoRaWAN smart-city use cases include: smart water meters, parking-bay occupancy sensors, fill-level sensors for waste bins, public-lighting telemonitoring, air-quality stations, EV charger monitoring (status and energy readings — not the OCPP charge-control protocol) and flood alerts — a typical LoRaWAN sensor costs between EUR 30 and EUR 150.7. Use cases · Smart City