idnits 2.17.1 draft-farrell-lpwan-overview-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 31, 2016) is 2724 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC2119' is defined on line 1578, but no explicit reference was found in the text -- Obsolete informational reference (is this intentional?): RFC 2460 (Obsoleted by RFC 8200) == Outdated reference: A later version (-04) exists of draft-zuniga-lpwan-sigfox-system-description-00 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 lpwan S. Farrell, Ed. 3 Internet-Draft Trinity College Dublin 4 Intended status: Informational October 31, 2016 5 Expires: May 4, 2017 7 LPWAN Overview 8 draft-farrell-lpwan-overview-03 10 Abstract 12 Low Power Wide Area Networks (LPWAN) are wireless technologies with 13 characteristics such as large coverage areas, low bandwidth, possibly 14 very small packet and application layer data sizes and long battery 15 life operation. This memo is an informational overview of the set of 16 LPWAN technologies being considered in the IETF and of the gaps that 17 exist between the needs of those technologies and the goal of running 18 IP in LPWANs. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on May 4, 2017. 37 Copyright Notice 39 Copyright (c) 2016 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. Common Concerns . . . . . . . . . . . . . . . . . . . . . . . 3 56 3. LPWAN Technologies . . . . . . . . . . . . . . . . . . . . . 4 57 3.1. LoRaWAN . . . . . . . . . . . . . . . . . . . . . . . . . 4 58 3.1.1. Provenance and Documents . . . . . . . . . . . . . . 4 59 3.1.2. Characteristics . . . . . . . . . . . . . . . . . . . 4 60 3.2. Narrowband IoT (NB-IoT) . . . . . . . . . . . . . . . . . 13 61 3.2.1. Provenance and Documents . . . . . . . . . . . . . . 13 62 3.2.2. Characteristics . . . . . . . . . . . . . . . . . . . 13 63 3.3. SIGFOX . . . . . . . . . . . . . . . . . . . . . . . . . 17 64 3.3.1. Provenance and Documents . . . . . . . . . . . . . . 17 65 3.3.2. Characteristics . . . . . . . . . . . . . . . . . . . 17 66 3.4. Wi-SUN Alliance Field Area Network (FAN) . . . . . . . . 21 67 3.4.1. Provenance and Documents . . . . . . . . . . . . . . 21 68 3.4.2. Characteristics . . . . . . . . . . . . . . . . . . . 22 69 4. Generic Terminology . . . . . . . . . . . . . . . . . . . . . 25 70 5. Gap Analysis . . . . . . . . . . . . . . . . . . . . . . . . 26 71 5.1. IPv6 and LPWAN . . . . . . . . . . . . . . . . . . . . . 26 72 5.1.1. Unicast and Multicast mapping . . . . . . . . . . . . 27 73 5.2. 6LoWPAN and LPWAN . . . . . . . . . . . . . . . . . . . . 27 74 5.2.1. 6LoWPAN Header Compression . . . . . . . . . . . . . 27 75 5.2.2. Address Autoconfiguration . . . . . . . . . . . . . . 28 76 5.2.3. Fragmentation . . . . . . . . . . . . . . . . . . . . 28 77 5.2.4. Neighbor Discovery . . . . . . . . . . . . . . . . . 28 78 5.3. 6lo and LPWAN . . . . . . . . . . . . . . . . . . . . . . 29 79 5.4. 6tisch and LPWAN . . . . . . . . . . . . . . . . . . . . 29 80 5.5. RoHC and LPWAN . . . . . . . . . . . . . . . . . . . . . 30 81 5.6. ROLL and LPWAN . . . . . . . . . . . . . . . . . . . . . 30 82 5.7. CoRE and LPWAN . . . . . . . . . . . . . . . . . . . . . 30 83 5.8. Security and LPWAN . . . . . . . . . . . . . . . . . . . 31 84 5.9. Mobility and LPWAN . . . . . . . . . . . . . . . . . . . 31 85 5.9.1. NEMO and LPWAN . . . . . . . . . . . . . . . . . . . 31 86 5.10. DNS and LPWAN . . . . . . . . . . . . . . . . . . . . . . 32 87 6. Security Considerations . . . . . . . . . . . . . . . . . . . 32 88 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 89 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 32 90 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 35 91 10. Informative References . . . . . . . . . . . . . . . . . . . 35 92 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 37 94 1. Introduction 96 [[Editor comments/queries are in double square brackets like this.]] 98 This document provides background material and an overview of the 99 technologies being considered in the IETF's Low Power Wide-Area 100 Networking (LPWAN) working group. We also provide a gap analysis 101 between the needs of these technologies and currently available IETF 102 specifications. 104 This document is largely the work of the people listed in Section 8. 105 Discussion of this document should take place on the lp-wan@ietf.org 106 list. 108 [[Editor's note: the eventual fate of this draft is a topic for the 109 WG to consider - it might end up as a useful RFC, or it might be best 110 maintained as a draft only until its utility has dissapated. FWIW, 111 the editor doesn't mind what outcome the WG choose.]] 113 2. Common Concerns 115 [[Editors note: We may want a section like this that describes some 116 cross-cutting issues, e.g. duty-cycles, some of the ISM band 117 restrictions. This isn't intended to be a problem statement nor a 118 set of requirements but just to describe some issues that affect more 119 than one of the LPWAN technologies. Such a section might be better 120 before or after Section 3, will see when text's added there. There 121 is some text for this in the current "gaps" draft.]] 123 Most technologies in this space aim for similar goals of supporting 124 large numbers of low-cost, low-throughput devices at very low-cost 125 and with very-low power consumption, so that even battery-powered 126 devices can be deployed for years. And as the name implies, coverage 127 of large areas is also a common goal. There are some differences 128 however, e.g., the Narrowband IoT specifications Section 3.2 also aim 129 for increased indoor coverage. However, by and large, the different 130 technologies aim for deployment in very similar circumstances. 132 Existing pilot deployments have shown huge potential and created much 133 industrial interest in these technolgies. As of today, essentially 134 no LPWAN devices have IP capabilities. Connecting LPWANs to the 135 Internet would provide significant benefits to these networks in 136 terms of interoperability, application deployment, and management, 137 among others. The goal of the LPWAN WG is to adapt IETF defined 138 protocols, addressing schemes and naming to this particular 139 constrained environment. 141 3. LPWAN Technologies 143 This section provides an overview of the set of LPWAN technologies 144 that are being considered in the LPWAN working group. The text for 145 each was mainly contributed by proponents of each technology. 147 Note that this text is not intended to be normative in any sesne, but 148 simply to help the reader in finding the relevant layer 2 149 specifications and in understanding how those integrate with IETF- 150 defined technologies. Similarly, there is no attempt here to set out 151 the pros and cons of the relevant technologies. [[Editor: I assume 152 that's the right target here. Please comment if you disagree.]] 154 [[Editor's note: the goal here is 2-3 pages per technology. If 155 there's much more needed then we could add appendices I guess 156 depending on what text the WG find useful to include.]] 158 3.1. LoRaWAN 160 [[Text here is from [I-D.farrell-lpwan-lora-overview] And yes, this 161 section is too long right now. Will shorten.]] 163 3.1.1. Provenance and Documents 165 LoRaWAN is a wireless technology for long-range low-power low-data- 166 rate applications developed by the LoRa Alliance, a membership 167 consortium. This draft is based on 168 version 1.0.2 [LoRaSpec] of the LoRa specification. (Note that 169 version 1.0.2 is expected to be published in a few weeks. We will 170 update this draft when that has happened. For now, version 1.0 is 171 available at [LoRaSpec1.0]) 173 3.1.2. Characteristics 175 In LoRaWAN networks, end-device transmissions may be received at 176 multiple gateways, so during nominal operation a network server may 177 see multiple instances of the same uplink message from an end-device. 179 The LoRaWAN network infrastructure manages the data rate and RF 180 output power for each end-device individually by means of an adaptive 181 data rate (ADR) scheme. End-devices may transmit on any channel 182 allowed by local regulation at any time, using any of the currently 183 available data rates. 185 LoRaWAN networks are typically organized in a star-of-stars topology 186 in which gateways relay messages between end-devices and a central 187 "network server" in the backend. Gateways are connected to the 188 network server via IP links while end-devices use single-hop LoRaWAN 189 communication that can be received at one or more gateways. All 190 communication is generally bi-directional, although uplink 191 communication from end-devices to the network server are favoured in 192 terms of overall bandwidth availability. 194 This section introduces some LoRaWAN terms. Figure 1 shows the 195 entities involved in a LoRaWAN network. 197 +----------+ 198 |End-device| * * * 199 +----------+ * +---------+ 200 * | Gateway +---+ 201 +----------+ * +---------+ | +---------+ 202 |End-device| * * * +---+ Network +--- Application 203 +----------+ * | | Server | 204 * +---------+ | +---------+ 205 +----------+ * | Gateway +---+ 206 |End-device| * * * * +---------+ 207 +----------+ 208 Key: * LoRaWAN Radio 209 +---+ IP connectivity 211 Figure 1: LoRaWAN architecture 213 o End-device: a LoRa client device, sometimes called a mote. 214 Communicates with gateways. 216 o Gateway: a radio on the infrastructure-side, sometimes called a 217 concentrator or base-station. Communicates with end-devices and, 218 via IP, with a network server. 220 o Network Server: The Network Server (NS) terminates the LoRaWAN MAC 221 layer for the end-devices connected to the network. It is the 222 center of the star topology. 224 o Uplink message: refers to communications from end-device to 225 network server or appliction via one or more gateways. 227 o Downlink message: refers to communications from network server or 228 application via one gateway to a single end-device or a group of 229 end-devices (considering multicasting). 231 o Application: refers to application layer code both on the end- 232 device and running "behind" the network server. For LoRaWAN, 233 there will generally only be one application running on most end- 234 devices. Interfaces between the network server and application 235 are not further described here. 237 o Classes A, B and C define different device capabilities and modes 238 of operation for end-devices. End-devices can transmit uplink 239 messages at any time in any mode of operation (so long as e.g., 240 ISM band restrictions are honoured). An end-device in Class A can 241 only receive downlink messages at predetermined timeslots after 242 each uplink message transmission. Class B allows the end-device 243 to receive downlink messages at periodically scheduled timeslots. 244 Class C allows receipt of downlink messages at anytime. Class 245 selection is based on the end-devices' application use case and 246 its power supply. (While Classes B and C are not further 247 described here, readers may have seen those terms elsewhere so we 248 include them for clarity.) 250 LoRaWAN radios make use of ISM bands, for example, 433MHz and 868MHz 251 within the European Union and 915MHz in the Americas. 253 The end-device changes channel in a pseudo-random fashion for every 254 transmission to help make the system more robust to interference and/ 255 or to conform to local regulations. 257 As with other LPWAN radio technologies, LoRaWAN end-devices respect 258 the frequency, power and maximum transmit duty cycle requirements for 259 the sub-band imposed by local regulators. In most cases, this means 260 an end-device is only transmitting for 1% of the time, as specified 261 by ISM band regulations. And in some cases the LoRaWAN specification 262 calls for end-devices to transmit less often than is called for by 263 the ISM band regulations in order to avoid congestion. 265 Figure 2 below shows that after a transmission slot a Class A device 266 turns on its receiver for two short receive windows that are offset 267 from the end of the transmission window. The frequencies and data 268 rate chosen for the first of these receive windows depends on those 269 used for the transmit window. The frequency and data-rate for the 270 second receive window are configurable. If a downlink message 271 preamble is detected during a receive window, then the end-device 272 keeps the radio on in order to receive the frame. 274 End-devices can only transmit a subsequent uplink frame after the end 275 of the associated receive windows. When a device joins a LoRaWAN 276 network, there are similar timeouts on parts of that process. 278 |----------------------------| |--------| |--------| 279 | Tx | | Rx | | Rx | 280 |----------------------------| |--------| |--------| 281 |---------| 282 Rx delay 1 283 |------------------------| 284 Rx delay 2 286 Figure 2: LoRaWAN Class A transmission and reception window 288 Given the different regional requirements the detailed specification 289 for the LoRaWAN physical layer (taking up more than 30 pages of the 290 specification) is not reproduced here. Instead and mainly to 291 illustrate the kinds of issue encountered, in Table 1 we present some 292 of the default settings for one ISM band (without fully explaining 293 those here) and in Table 2 we describe maxima and minima for some 294 parameters of interest to those defining ways to use IETF protocols 295 over the LoRaWAN MAC layer. 297 +------------------------+------------------------------------------+ 298 | Parameters | Default Value | 299 +------------------------+------------------------------------------+ 300 | Rx delay 1 | 1 s | 301 | | | 302 | Rx delay 2 | 2 s (must be RECEIVE_DELAY1 + 1s) | 303 | | | 304 | join delay 1 | 5 s | 305 | | | 306 | join delay 2 | 6 s | 307 | | | 308 | 868MHz Default | 3 (868.1,868.2,868.3), date rate: 0.3-5 | 309 | channels | kbps | 310 +------------------------+------------------------------------------+ 312 Table 1: Default settings for EU868MHz band 314 +-----------------------------------------------+--------+----------+ 315 | Parameter/Notes | Min | Max | 316 +-----------------------------------------------+--------+----------+ 317 | Duty Cycle: some but not all ISM bands impose | 1% | no-limit | 318 | a limit in terms of how often an end-device | | | 319 | can transmit. In some cases LoRaWAN is more | | | 320 | stringent in an attempt to avoid congestion. | | | 321 | | | | 322 | EU 868MHz band data rate/frame-size | 250 | 50000 | 323 | | bits/s | bits/s : | 324 | | : 59 | 250 | 325 | | octets | octets | 326 | | | | 327 | US 915MHz band data rate/frame-size | 980 | 21900 | 328 | | bits/s | bits/s : | 329 | | : 19 | 250 | 330 | | octets | octets | 331 +-----------------------------------------------+--------+----------+ 333 Table 2: Minima and Maxima for various LoRaWAN Parameters 335 Note that in the case of the smallest frame size (19 octets), 8 336 octets are required for LoRa MAC layer headers leaving only 11 octets 337 for payload (including MAC layer options). However, those settings 338 do not apply for the join procedure - end-devices are required to use 339 a channel that can send the 23 byte Join-request message for the join 340 procedure. 342 Uplink and downlink higher layer data is carried in a MACPayload. 343 There is a concept of "ports" (an optional 8 bit value) to handle 344 different applications on an end-device. Port zero is reserved for 345 LoRaWAN specific messaging, such as the join procedure. 347 The header also distinguishes the uplink/downlink directions and 348 whether or not an acknowledgement ("confirmation") is required from 349 the peer. 351 All payloads are encrypted and ciphertexts are protected with a 352 cryptographic Message Integrity Check (MIC) - see Section 6 for 353 details. 355 In addition to carrying higher layer PDUs there are Join-Request and 356 Join-Response (aka Join-Accept) messages for handling network access. 357 And so-called "MAC commands" (see below) up to 15 bytes long can be 358 piggybacked in an options field ("FOpts"). 360 LoRaWAN end-devices can choose various different data rates from a 361 menu of available rates (dependent on the frequencies in use). It is 362 however, recommended that end-devices set the Adaptive Data Rate 363 ("ADR") bit in the MAC layer which is a signal that the network 364 should control the data rate (via MAC commands to the end-device). 365 The network can also assert the ADR bit and control data rates at 366 it's discretion. The goal is to ensure minimal on-time for radios 367 whilst increasing throughput and reliability when possible. Other 368 things being equal, the effect should be that end-devices closer to a 369 gateway can successfully use higher data rates, whereas end-devices 370 further from all gateways still receive connectivity though at a 371 lower data rate. 373 Data rate changes can be validated via a scheme of acks from the 374 network with a fall-back to lower rates in the event that downlink 375 acks go missing. 377 There are 16 (or 32) bit frame counters maintained in each direction 378 that are incremented on each transmission (but not re-transmissions) 379 that are not re-used for a given key. When the device supports a 32 380 bit counter, then only the least significant 16 bits are sent in the 381 MAC header, but all 32 bits are used in cryptographic operations. 382 (If an end-device only supports a 16 bit counter internally, then the 383 topmost 16 bits are set to zero.) 385 There are a number of MAC commands for: Link and device status 386 checking, ADR and duty-cycle negotiation, managing the RX windows and 387 radio channel settings. For example, the link check response message 388 allows the network server (in response to a request from an end- 389 device) to inform an end-device about the signal attenuation seen 390 most recently at a gateway, and to also tell the end-device how many 391 gateways received the corresponding link request MAC command. 393 Some MAC commands are initiated by the network server. For example, 394 one command allows the network server to ask an end-device to reduce 395 it's duty-cycle to only use a proportion of the maximum allowed in a 396 region. Another allows the network server to query the end-device's 397 power status with the response from the end-device specifying whether 398 it has an external power source or is battery powered (in which case 399 a relative battery level is also sent to the network server). 401 The network server can also inform an end-device about channel 402 assignments (mid-point frequencies and data rates). Of course, these 403 must also remain within the bands assigned by local regulation. 405 A LoRaWAN network has a short network identifier ("NwkID") which is a 406 seven bit value. A private network (common for LoRaWAN) can use the 407 value zero. If a network wishes to support "foreign" end-devices 408 then the NwkID needs to be registered with the LoRA Alliance, in 409 which case the NwkID is the seven least significant bits of a 410 registered 24-bit NetID. (Note however, that the methods for 411 "roaming" are currently being enhanced within the LoRA Alliance, so 412 the situation here is somewhat fluid.) 414 In order to operate nominally on a LoRaWAN network, a device needs a 415 32-bit device address, which is the catentation of the NwkID and a 416 25-bit device-specific network address that is assigned when the 417 device "joins" the network (see below for the join procedure) or that 418 is pre-provisioned into the device. 420 End-devices are assumed to work with one or a quite limited number of 421 applications, which matches most LoRaWAN use-cases. The applications 422 are identified by a 64-bit AppEUI, which is assumed to be a 423 registered IEEE EUI64 value. 425 In addition, a device needs to have two symmetric session keys, one 426 for protecting network artefacts (port=0), the NwkSKey, and another 427 for protecting appliction layer traffic, the AppSKey. Both keys are 428 used for 128 bit AES cryptpgraphic operations. (See Section 6 for 429 details.) 431 So, one option is for an end-device to have all of the above, plus 432 channel information, somehow (pre-)provisioned, in which case the 433 end-device can simply start transmitting. This is achievable in many 434 cases via out-of-band means given the nature of LoRaWAN networks. 435 Table 3 summarises these values. 437 +---------+---------------------------------------------------------+ 438 | Value | Description | 439 +---------+---------------------------------------------------------+ 440 | DevAddr | DevAddr (32-bits) = NwkId (7-bits) + device-specific | 441 | | network address (25 bits) | 442 | | | 443 | AppEUI | IEEE EUI64 naming the application | 444 | | | 445 | NwkSKey | 128 bit network session key for use with AES | 446 | | | 447 | AppSKey | 128 bit application session key for use with AES | 448 +---------+---------------------------------------------------------+ 450 Table 3: Values required for nominal operation 452 As an alternative, end-devices can use the LoRaWAN join procedure in 453 order to setup some of these values and dynamically gain access to 454 the network. 456 To use the join procedure, an end-device must still know the AppEUI. 457 In addition to the AppEUI, end-devices using the join procedure need 458 to also know a different (long-term) symmetric key that is bound to 459 the AppEUI - this is the application key (AppKey), and is distinct 460 from the application session key (AppSKey). The AppKey is required 461 to be specific to the device, that is, each end-device should have a 462 different AppKey value. And finally the end-device also needs a 463 long-term identifier for itself, syntactically also an EUI-64, and 464 known as the device EUI or DevEUI. Table 4 summarises these values. 466 +---------+----------------------------------------------------+ 467 | Value | Description | 468 +---------+----------------------------------------------------+ 469 | DevEUI | IEEE EUI64 naming the device | 470 | | | 471 | AppEUI | IEEE EUI64 naming the application | 472 | | | 473 | AppKey | 128 bit long term application key for use with AES | 474 +---------+----------------------------------------------------+ 476 Table 4: Values required for join procedure 478 The join procedure involves a special exchange where the end-device 479 asserts the AppEUI and DevEUI (integrity protected with the long-term 480 AppKey, but not encrypted) in a Join-request uplink message. This is 481 then routed to the network server which interacts with an entity that 482 knows that AppKey to verify the Join-request. All going well, a 483 Join-accept downlink message is returned from the network server to 484 the end-device that specifies the 24-bit NetID, 32-bit DevAddr and 485 channel information and from which the AppSKey and NwkSKey can be 486 derived based on knowledge of the AppKey. This provides the end- 487 device with all the values listed in Table 3. 489 There is some special handling related to which channels to use and 490 for multiple transmissions for the join-request which is intended to 491 ensure a successful join in as many cases as possible. Join-request 492 and Join-accept messages also include some random values (nonces) to 493 both provide some replay protection and to help ensure the session 494 keys are unique per run of the join procedure. If a Join-request 495 fails validation, then no Join-accept message (indeed no message at 496 all) is returned to the end-device. For example, if an end-device is 497 factory-reset then it should end up in a state in which it can re-do 498 the join procedure. 500 In this section we describe the use of cryptography in LoRaWAN. This 501 section is not intended as a full specification but to be sufficient 502 so that future IETF specifications can encompass the required 503 security considerations. The emphasis is on describing the 504 externally visible characteristics of LoRaWAN. 506 All payloads are encrypted and have data integrity. Frame options 507 (used for MAC commands) when sent as a payload (port zero) are 508 therefore protected. MAC commands piggy-backed as frame options 509 ("FOpts") are however sent in clear. Since MAC commands may be sent 510 as options and not only as payload, any values sent in that manner 511 are visible to a passive attacker but are not malleable for an active 512 attacker due to the use of the MIC. 514 For LoRaWAN version 1.0.x, the NWkSkey session key is used to provide 515 data integrity between the end-device and the network server. The 516 AppSKey is used to provide data confidentiality between the end- 517 device and network server, or to the application "behind" the network 518 server, depending on the implementation of the network. 520 All MAC layer messages have an outer 32-bit Message Integrity Code 521 (MIC) calculated using AES-CMAC calculated over the ciphertext 522 payload and other headers and using the NwkSkey. 524 Payloads are encrypted using AES-128, with a counter-mode derived 525 from IEEE 802.15.4 using the AppSKey. 527 Gateways are not expected to be provided with the AppSKey or NwkSKey, 528 all of the infrastructure-side cryptography happens in (or "behind") 529 the network server. 531 When session keys are derived from the AppKey as a result of the join 532 procedure the Join-accept message payload is specially handled. 534 The long-term AppKey is directly used to protect the Join-accept 535 message content, but the function used is not an aes-encrypt 536 operation, but rather an aes-decrypt operation. The justification is 537 that this means that the end-device only needs to implement the aes- 538 encrypt operation. (The counter mode variant used for payload 539 decryption means the end-device doesn't need an aes-decrypt 540 primitive.) 542 The Join-accept plaintext is always less than 16 bytes long, so 543 electronic code book (ECB) mode is used for protecting Join-accept 544 messages. 546 The Join-accept contains an AppNonce (a 24 bit value) that is 547 recovered on the end-device along with the other Join-accept content 548 (e.g. DevAddr) using the aes-encrypt operation. 550 Once the Join-accept payload is available to the end-device the 551 session keys are derived from the AppKey, AppNonce and other values, 552 again using an ECB mode aes-encrypt operation, with the plaintext 553 input being a maximum of 16 octets. 555 3.2. Narrowband IoT (NB-IoT) 557 [[Text here is from [I-D.ratilainen-lpwan-nb-iot].]] 559 3.2.1. Provenance and Documents 561 Narrowband Internet of Things (NB-IoT) is developed and standardized 562 by 3GPP. The standardization of NB-IoT was finalized with 3GPP 563 Release-13 in June 2016, but further enhancements for NB-IoT are 564 worked on in the following releases, for example in the form of 565 multicast support. For more information of what has been specified 566 for NB-IoT, 3GPP specification 36.300 [TGPP36300] provides an 567 overview and overall description of the E-UTRAN radio interface 568 protocol architecture, while specifications 36.321 [TGPP36321], 569 36.322 [TGPP36322], 36.323 [TGPP36323] and 36.331 [TGPP36331] give 570 more detailed description of MAC, RLC, PDCP and RRC protocol layers 571 respectively. 573 3.2.2. Characteristics 575 [[Editor notes: Not clear if all the radio info here is needed. Not 576 clear what minimum MTU might be. Many 3GPP acronyms/terms to 577 eliminate or explain.]] 579 Specific targets for NB-IoT include: Less than 5$ module cost, 580 extended coverage of 164 dB maximum coupling loss, battery life of 581 over 10 years, ~55000 devices per cell and uplink reporting latency 582 of less than 10 seconds. 584 NB-IoT supports Half Duplex FDD operation mode with 60 kbps peak rate 585 in uplink and 30 kbps peak rate in downlink, and a maximum size MTU 586 of 1600 bytes. As the name suggests, NB-IoT uses narrowbands with 587 the bandwidth of 180 kHz in both, downlink and uplink. The multiple 588 access scheme used in the downlink is OFDMA with 15 kHz sub-carrier 589 spacing. On uplink multi-tone SC-FDMA is used with 15 kHz tone 590 spacing or as a special case of SC-FDMA single tone with either 15kHz 591 or 3.75 kHz tone spacing may be used. 593 NB-IoT can be deployed in three ways. In-band deployment means that 594 the narrowband is multiplexed within normal LTE carrier. In Guard- 595 band deployment the narrowband uses the unused resource blocks 596 between two adjacent LTE carriers. Also standalone deployment is 597 supported, where the narrowband can be located alone in dedicated 598 spectrum, which makes it possible for example to refarm the GSM 599 carrier at 850/900 MHz for NB-IoT. All three deployment modes are 600 meant to be used in licensed bands. The maximum transmission power 601 is either 20 or 23 dBm for uplink transmissions, while for downlink 602 transmission the eNodeB may use higher transmission power, up to 46 603 dBm depending on the deployment. 605 For signaling optimization, two options are introduced in addition to 606 legacy RRC connection setup, mandatory Data-over-NAS (Control Plane 607 optimization, solution 2 in [TGPP23720]) and optional RRC Suspend/ 608 Resume (User Plane optimization, solution 18 in [TGPP23720]). In the 609 control plane optimization the data is sent over Non Access Stratum, 610 directly from Mobility Management Entity (MME) in core network to the 611 UE without interaction from base station. This means there are no 612 Access Stratum security or header compression, as the Access Stratum 613 is bypassed, and only limited RRC procedures. 615 The RRC Suspend/Resume procedures reduce the signaling overhead 616 required for UE state transition from Idle to Connected mode in order 617 to have a user plane transaction with the network and back to Idle 618 state by reducing the signaling messages required compared to legacy 619 operation 621 With extended DRX the RRC Connected mode DRX cycle is up to 10.24 622 seconds and in RRC Idle the DRX cycle can be up to 3 hours. 624 NB-IoT has no channel access restrictions allowing up to a 100% duty- 625 cycle. 627 3GPP access security is specified in [TGPP33203]. 629 +--+ 630 |UE| \ +------+ +------+ 631 +--+ \ | MME |------| HSS | 632 \ / +------+ +------+ 633 +--+ \+-----+ / | 634 |UE| ----| eNB |- | 635 +--+ /+-----+ \ | 636 / \ +--------+ 637 / \| | +------+ Service PDN 638 +--+ / | S-GW |----| P-GW |---- e.g. Internet 639 |UE| | | +------+ 640 +--+ +--------+ 642 Figure 3: 3GPP network architecture 644 Mobility Management Entity (MME) is responsible for handling the 645 mobility of the UE. MME tasks include tracking and paging UEs, 646 session management, choosing the Serving gateway for the UE during 647 initial attachment and authenticating the user. At MME, the Non 648 Access Stratum (NAS) signaling from the UE is terminated. 650 Serving Gateway (S-GW) routes and forwards the user data packets 651 through the access network and acts as a mobility anchor for UEs 652 during handover between base stations known as eNodeBs and also 653 during handovers between other 3GPP technologies. 655 Packet Data Node Gateway (P-GW) works as an interface between 3GPP 656 network and external networks. 658 Home Subscriber Server (HSS) contains user-related and subscription- 659 related information. It is a database, which performs mobility 660 management, session establishment support, user authentication and 661 access authorization. 663 E-UTRAN consists of components of a single type, eNodeB. eNodeB is a 664 base station, which controls the UEs in one or several cells. 666 The illustration of 3GPP radio protocol architecture can be seen from 667 Figure 4. 669 +---------+ +---------+ 670 | NAS |----|-----------------------------|----| NAS | 671 +---------+ | +---------+---------+ | +---------+ 672 | RRC |----|----| RRC | S1-AP |----|----| S1-AP | 673 +---------+ | +---------+---------+ | +---------+ 674 | PDCP |----|----| PDCP | SCTP |----|----| SCTP | 675 +---------+ | +---------+---------+ | +---------+ 676 | RLC |----|----| RLC | IP |----|----| IP | 677 +---------+ | +---------+---------+ | +---------+ 678 | MAC |----|----| MAC | L2 |----|----| L2 | 679 +---------+ | +---------+---------+ | +---------+ 680 | PHY |----|----| PHY | PHY |----|----| PHY | 681 +---------+ +---------+---------+ +---------+ 682 LTE-Uu S1-MME 683 UE eNodeB MME 685 Figure 4: 3GPP radio protocol architecture 687 The radio protocol architecture of NB-IoT (and LTE) is separated into 688 control plane and user plane. Control plane consists of protocols 689 which control the radio access bearers and the connection between the 690 UE and the network. The highest layer of control plane is called 691 Non-Access Stratum (NAS), which conveys the radio signaling between 692 the UE and the EPC, passing transparently through radio network. It 693 is responsible for authentication, security control, mobility 694 management and bearer management. 696 Access Stratum (AS) is the functional layer below NAS, and in control 697 plane it consists of Radio Resource Control protocol (RRC) 699 [TGPP36331], which handles connection establishment and release 700 functions, broadcast of system information, radio bearer 701 establishment, reconfiguration and release. RRC configures the user 702 and control planes according to the network status. There exists two 703 RRC states, RRC_Idle or RRC_Connected, and RRC entity controls the 704 switching between these states. In RRC_Idle, the network knows that 705 the UE is present in the network and the UE can be reached in case of 706 incoming call. In this state the UE monitors paging, performs cell 707 measurements and cell selection and acquires system information. 708 Also the UE can receive broadcast and multicast data, but it is not 709 expected to transmit or receive singlecast data. In RRC_Connected 710 the UE has a connection to the eNodeB, the network knows the UE 711 location on cell level and the UE may receive and transmit singlecast 712 data. RRC_Connected mode is established, when the UE is expected to 713 be active in the network, to transmit or receive data. Connection is 714 released, switching to RRC_Idle, when there is no traffic to save the 715 UE battery and radio resources. However, a new feature was 716 introduced for NB-IoT, as mentioned earlier, which allows data to be 717 transmitted from the MME directly to the UE, while the UE is in 718 RRC_Idle transparently to the eNodeB. 720 Packet Data Convergence Protocol's (PDCP) [TGPP36323] main services 721 in control plane are transfer of control plane data, ciphering and 722 integrity protection. 724 Radio Link Control protocol (RLC) [TGPP36322] performs transfer of 725 upper layer PDUs and optionally error correction with Automatic 726 Repeat reQuest (ARQ), concatenation, segmentation and reassembly of 727 RLC SDUs, in-sequence delivery of upper layer PDUs, duplicate 728 detection, RLC SDU discard, RLC-re-establishment and protocol error 729 detection and recovery. 731 Medium Access Control protocol (MAC) [TGPP36321] provides mapping 732 between logical channels and transport channels, multiplexing of MAC 733 SDUs, scheduling information reporting, error correction with HARQ, 734 priority handling and transport format selection. 736 Physical layer [TGPP36201] provides data transport services to higher 737 layers. These include error detection and indication to higher 738 layers, FEC encoding, HARQ soft-combining. Rate matching and mapping 739 of the transport channels onto physical channels, power weighting and 740 modulation of physical channels, frequency and time synchronization 741 and radio characteristics measurements. 743 User plane is responsible for transferring the user data through the 744 Access Stratum. It interfaces with IP and consists of PDCP, which in 745 user plane performs header compression using Robust Header 746 Compression (RoHC), transfer of user plane data between eNodeB and 747 UE, ciphering and integrity protection. Lower layers in user plane 748 are similarly RLC, MAC and physical layer performing tasks mentioned 749 above. 751 Under worst-case conditions, NB-IoT may achieve data rate of roughly 752 200 bps. For downlink with 164 dB coupling loss, NB-IoT may achieve 753 higher data rates, depending on the deployment mode. Stand-alone 754 operation may achieve the highest data rates, up to few kbps, while 755 in-band and guard-band operations may reach several hundreds of bps. 756 NB-IoT may even operate with higher maximum coupling loss than 170 dB 757 with very low bit rates. 759 3.3. SIGFOX 761 [[Text here is from [I-D.zuniga-lpwan-sigfox-system-description].]] 763 3.3.1. Provenance and Documents 765 The SIGFOX LPWAN is in line with the terminology and specifications 766 being defined by the ETSI ERM TG28 Low Throughput Networks (LTN) 767 group [etsi_ltn]. As of today, SIGFOX's network has been fully 768 deployed in 6 countries, with ongoing deployments on 18 other 769 countries, which in total will reach 397M people. 771 3.3.2. Characteristics 773 SIGFOX LPWAN autonomous battery-operated devices send only a few 774 bytes per day, week or month, allowing them to remain on a single 775 battery for up to 10-15 years. 777 The radio interface is compliant with the following regulations: 779 Spectrum allocation in the USA [fcc_ref] 781 Spectrum allocation in Europe [etsi_ref] 783 Spectrum allocation in Japan [arib_ref] 785 The SIGFOX LTN radio interface is also compliant with the local 786 regulations of the following countries: Australia, Brazil, Canada, 787 Kenya, Lebanon, Mauritius, Mexico, New Zealand, Oman, Peru, 788 Singapore, South Africa, South Korea, and Thailand. 790 The radio interface is based on Ultra Narrow Band (UNB) 791 communications, which allow an increased transmission range by 792 spending a limited amount of energy at the device. Moreover, UNB 793 allows a large number of devices to coexist in a given cell without 794 significantly increasing the spectrum interference. 796 Both uplink and downlink communications are possible with the UNB 797 solution. Due to spectrum optimizations, different uplink and 798 downlink frames and time synchronization methods are needed. 800 The main radio characteristics of the UNB uplink transmission are: 802 o Channelization mask: 100 Hz (600 Hz in the USA) 804 o Uplink baud rate: 100 baud (600 baud in the USA) 806 o Modulation scheme: DBPSK 808 o Uplink transmission power: compliant with local regulation 810 o Link budget: 155 dB (or better) 812 o Central frequency accuracy: not relevant, provided there is no 813 significant frequency drift within an uplink packet 815 In Europe, the UNB uplink frequency band is limited to 868,00 to 816 868,60 MHz, with a maximum output power of 25 mW and a maximum mean 817 transmission time of 1%. 819 The format of the uplink frame is the following: 821 +--------+--------+--------+------------------+-------------+-----+ 822 |Preamble| Frame | Dev ID | Payload |Msg Auth Code| FCS | 823 | | Sync | | | | | 824 +--------+--------+--------+------------------+-------------+-----+ 826 Figure 5: Uplink Frame Format 828 The uplink frame is composed of the following fields: 830 o Preamble: 19 bits 832 o Frame sync and header: 29 bits 834 o Device ID: 32 bits 836 o Payload: 0-96 bits 838 o Authentication: 16-40 bits 840 o Frame check sequence: 16 bits (CRC) 842 The main radio characteristics of the UNB downlink transmission are: 844 o Channelization mask: 1.5 kHz 846 o Downlink baud rate: 600 baud 848 o Modulation scheme: GFSK 850 o Downlink transmission power: 500 mW (4W in the USA) 852 o Link budget: 153 dB (or better) 854 o Central frequency accuracy: Centre frequency of downlink 855 transmission are set by the network according to the corresponding 856 uplink transmission. 858 In Europe, the UNB downlink frequency band is limited to 869,40 to 859 869,65 MHz, with a maximum output power of 500 mW with 10% duty 860 cycle. 862 The format of the downlink frame is the following: 864 +------------+-----+---------+------------------+-------------+-----+ 865 | Preamble |Frame| ECC | Payload |Msg Auth Code| FCS | 866 | |Sync | | | | | 867 +------------+-----+---------+------------------+-------------+-----+ 869 Figure 6: Downlink Frame Format 871 The downlink frame is composed of the following fields: 873 o Preamble: 91 bits 875 o Frame sync and header: 13 bits 877 o Error Correcting Code (ECC): 32 bits 879 o Payload: 0-64 bits 881 o Authentication: 16 bits 883 o Frame check sequence: 8 bits (CRC) 885 The radio interface is optimized for uplink transmissions, which are 886 asynchronous. Downlink communications are achieved by querying the 887 network for existing data from the device. 889 A device willing to receive downlink messages opens a fixed window 890 for reception after sending an uplink transmission. The delay and 891 duration of this window have fixed values. The LTN network transmits 892 the downlink message for a given device during the reception window. 893 The LTN network selects the BS for transmitting the corresponding 894 downlink message. 896 Uplink and downlink transmissions are unbalanced due to the 897 regulatory constraints on the ISM bands. Under the strictest 898 regulations, the system can allow a maximum of 140 uplink messages 899 and 4 downlink messages per device. These restrictions can be 900 slightly relaxed depending on system conditions and the specific 901 regulatory domain of operation. 903 +--+ 904 |EP| * +------+ 905 +--+ * | RA | 906 * +------+ 907 +--+ * | 908 |EP| * * * * | 909 +--+ * +----+ | 910 * | BS | \ +--------+ 911 +--+ * +----+ \ | | 912 DA -----|EP| * * * | SC |----- NA 913 +--+ * / | | 914 * +----+ / +--------+ 915 +--+ * | BS |/ 916 |EP| * * * * +----+ 917 +--+ * 918 * 919 +--+ * 920 |EP| * * 921 +--+ 923 Figure 7: ETSI LTN architecture 925 Figure 7 depicts the different elements of the SIGFOX architecture. 927 SIGFOX has a "one-contract one-network" model allowing devices to 928 connect in any country, without any notion of roaming. 930 The architecture consists of a single core network, which allows 931 global connectivity with minimal impact on the end device and radio 932 access network. The core network elements are the Service Center 933 (SC) and the Registration Authority (RA). The SC is in charge of the 934 data connectivity between the Base Station (BS) and the Internet, as 935 well as the control and management of the BSs and End Points. The RA 936 is in charge of the End Point network access authorization. 938 The radio access network is comprised of several BSs connected 939 directly to the SC. Each BS performs complex L1/L2 functions, 940 leaving some L2 and L3 functionalities to the SC. 942 The devices or End Points (EPs) are the objects that communicate 943 application data between local device applications (DAs) and network 944 applications (NAs). 946 EPs (or devices) can be static or nomadic, as they associate with the 947 SC and they do not attach to a specific BS. Hence, they can 948 communicate with the SC through one or many BSs. 950 Due to constraints in the complexity of the EP, it is assumed that 951 EPs host only one or very few device applications, which communicate 952 to one single network application at a time. 954 The radio protocol provides mechanisms to authenticate and ensure 955 integrity of the message. This is achieved by using a unique device 956 ID and a message authentication code, which allow ensuring that the 957 message has been generated and sent by the device with the ID claimed 958 in the message. 960 Security keys are independent for each device. These keys are 961 associated with the device ID and they are pre-provisioned. 962 Application data can be encrypted by the application provider. 964 3.4. Wi-SUN Alliance Field Area Network (FAN) 966 [[Text here is via personal communication from Bob Heile 967 (bheile@ieee.org) and was authored by Bob and Sum Chin Sean. As 968 there is no I-D on which this is based, I've just cut'n'pasted the 969 text provided in here with no editing so far. Some editing will of 970 course be needed, as will references to specifications.]] 972 3.4.1. Provenance and Documents 974 The Wi-SUN Alliance is an industry alliance promoting global 975 interoperability and compliance to open-standards for smart city, 976 smart grid, smart utility, and a broad set of general IoT 977 applications. The Wi-SUN Alliance Field Area Network (FAN) profile 978 is open standards based (primarily on IETF and IEEE802 standards) and 979 was developed to address applications like smart municipality/city 980 infrastructure monitoring and management, electric vehicle (EV) 981 infrastructure, advanced metering infrastructure (AMI), distribution 982 automation (DA), supervisory control and data acquisition (SCADA) 983 protection/management, distributed generation monitoring and 984 management, and many more IoT applications. These applications, 985 although quite different in many respects, share a common set of 986 system requirements such as high network robustness, high scalability 987 and superior security, which the Wi-SUN FAN addresses. Additionally, 988 the Alliance has created a certification program to promote global 989 multi-vendor interoperability. 991 The FAN profile is an IPv6 frequency hopping wireless mesh network 992 with enterprise level security. The frequency hopping wireless mesh 993 topology has multiple advantages such as superior network robustness, 994 reliability due to high redundancy, good scalability due to the 995 flexible mesh configuration and good resilience to interference. All 996 these attributes address the industrial grade requirements set forth 997 by various IoT application scenarios. Very low power modes are in 998 development permitting long term battery operation of network nodes. 1000 3.4.2. Characteristics 1002 The FAN profile is an IPv6 frequency hopping wireless mesh network 1003 with enterprise level security. The frequency hopping wireless mesh 1004 topology has multiple advantages such as superior network robustness, 1005 reliability due to high redundancy, good scalability due to the 1006 flexible mesh configuration and good resilience to interference. All 1007 these attributes address the industrial grade requirements set forth 1008 by various IoT application scenarios. Very low power modes are in 1009 development permitting long term battery operation of network nodes. 1011 As indicated above, the FAN profile is based on various open 1012 standards in IETF, IEEE802 and ANSI/TIA for low power and lossy 1013 networks. The FAN profile specification provides an application- 1014 independent IPv6-based transport service for both connectionless 1015 (i.e. UDP) and connection-oriented (i.e. TCP) services. There are 1016 two possible methods for establishing the IPv6 packet routing: 1017 mandatory Routing Protocol for Low-Power and Lossy Networks (RPL) at 1018 the Network layer or optional Multi-Hop Delivery Service (MHDS) at 1019 the Data Link layer. Refer to Figure 1 for a pictorial overview of 1020 the FAN protocol stack. 1022 +------------------------------+------------------------------------+ 1023 | Layer | Description | 1024 +------------------------------+------------------------------------+ 1025 | IPv6 protocol suite | TCP/UDP | 1026 | | | 1027 | | 6LoWPAN Adaptation + Header | 1028 | | Compression | 1029 | | | 1030 | | DHCPv6 for IP address management. | 1031 | | | 1032 | | Routing using RPL. | 1033 | | | 1034 | | ICMPv6. | 1035 | | | 1036 | | Unicast and Multicast forwarding. | 1037 | | | 1038 | MAC based on IEEE 802.15.4e | Frequency hopping | 1039 | + IE extensions | | 1040 | | | 1041 | | Discovery and Join | 1042 | | | 1043 | | Protocol Dispatch (IEEE 802.15.9) | 1044 | | | 1045 | | Several Frame Exchange patterns | 1046 | | | 1047 | | Optional Mesh Under routing (ANSI | 1048 | | 4957.210). | 1049 | | | 1050 | PHY based on 802.15.4g | Various data rates and regions | 1051 | | | 1052 | Security | 802.1X/EAP-TLS/PKI | 1053 | | Authentication. | 1054 | | | 1055 | | 802.11i Group Key Management | 1056 | | | 1057 | | Optional ETSI-TS-102-887-2 Node 2 | 1058 | | Node Key Management | 1059 +------------------------------+------------------------------------+ 1061 Table 5: Wi-SUN Stack Overivew 1063 The Transport service is based on User Datagram Protocol (UDP) 1064 defined in RFC768 or Transmission Control Protocol (TCP) defined in 1065 RFC793. 1067 The Network service is provided by IPv6 defined in RFC2460 with 1068 6LoWPAN adaptation as defined in RC4944 and RFC6282. Additionally, 1069 ICMPv6 as defined in RFC4443 is used for control plane in information 1070 exchange. 1072 The Data Link service provides both control/management of the 1073 Physical layer and data transfer/management services to the Network 1074 layer. These services are divided into Media Access Control (MAC) 1075 and Logical Link Control (LLC) sub-layers. The LLC sub-layer 1076 provides a protocol dispatch service which supports 6LoWPAN and an 1077 optional MAC sub-layer mesh service. The MAC sub-layer is 1078 constructed using data structures defined in IEEE802.15.4-2015. 1079 Multiple modes of frequency hopping are defined. The entire MAC 1080 payload is encapsulated in an IEEE802.15.9 Information Element to 1081 enable LLC protocol dispatch between upper layer 6LoWPAN processing, 1082 MAC sublayer mesh processing, etc. These areas will be expanded once 1083 IEEE802.15.12 is completed 1085 The PHY service is derived from a sub-set of the SUN FSK 1086 specification in IEEE802.15.4-2015. The 2-FSK modulation schemes, 1087 with channel spacing range from 200 to 600 kHz, are defined to 1088 provide data rates from 50 to 300 kbps, with Forward Error Coding 1089 (FEC) as an optional feature. Towards enabling ultra-low-power 1090 applications, the PHY layer design is also extendable to low energy 1091 and critical infrastructure monitoring networks, such as 1092 IEEE802.15.4k. 1094 The FAN security supports Data Link layer network access control, 1095 mutual authentication, and establishment of a secure pairwise link 1096 between a FAN node and its Border Router, which is implemented with 1097 an adaptation of IEEE802.1X and EAP-TLS as described in RFC5216 using 1098 secure device identity as described in IEEE802.1AR. Certificate 1099 formats are based upon RFC5280. A secure group link between a Border 1100 Router and a set of FAN nodes is established using an adaptation of 1101 the IEEE802.11 Four-Way Handshake. A set of 4 group keys are 1102 maintained within the network, one of which is the current transmit 1103 key. Secure node to node links are supported between one-hop FAN 1104 neighbors using an adaptation of ETSI-TS-102-887-2. FAN nodes 1105 implement Frame Security as specified in IEEE802.15.4-2015. 1107 The Wi-Sun Alliance FAN spec was developed to serve the LPWAN space 1108 among others. It already includes most needed networking elements as 1109 a result of the longstanding working relationships between the IETF 1110 and IEEE802. Nonetheless, the Alliance feels there is significant 1111 value to this LPWAN effort in IETF and strongly supports its 1112 objectives. Some of the things the Alliance hopes to accomplish 1113 through its participation are awareness (in the event changes are 1114 needed in the FAN spec), to help ensure consistency of approach, 1115 share relevant experience, and to address co-existence issues and 1116 potential interoperability since these solutions will be used in the 1117 same markets in complementary ways. Because it is IP based, the Wi- 1118 SUN FAN already readily interconnects to Ethernet and WiFi through 1119 routers. It would be useful if the same could be accomplished with 1120 other approaches. 1122 4. Generic Terminology 1124 [[Text here is from [I-D.minaburo-lpwan-gap-analysis].]] 1126 LPWAN technologies, such as those discussed below, have similar 1127 architectures but different terminology. We can identify different 1128 types of entities in a typical LPWAN network: 1130 o The Host, which are the devices or the things (e.g. sensors, 1131 actuators, etc.), they are named differently in each technology 1132 (End Device, User Equipment or End Point). There is a high 1133 density of hosts per radio gateway. 1135 o The Radio Gateway, which is the end point of the constrained link. 1136 It is known as: Gateway, Evolved Node B or Base station. 1138 o The Network Gateway or Router is the interconnection node between 1139 the Radio Gateway and the Internet. It is known as: Network 1140 Server, Serving GW or Service Center. 1142 o AAA Server, which controls the user authentication, the 1143 applications. It is known as: Join-Server, Home Subscriber Server 1144 or Registration Authority. [[Ed: I'm not clear that AAA server is 1145 the right generic term here.]] 1147 o At last we have the Application Server, known also as Packet Data 1148 Node Gateway or Network Application. 1150 +---------------------------------------------------------------------+ 1151 | Function/ | | | | | 1152 | Technology | LORAWAN | NB-IOT | SIGFOX | IETF | 1153 +--------------+-----------+------------+-------------+---------------+ 1154 | Sensor, | | | | | 1155 | Actuator, | End | User | End | Thing | 1156 |device, object| Device | Equipment | Point | (HOST) | 1157 +--------------+-----------+------------+-------------+---------------+ 1158 | Transceiver | | Evolved | Base | RADIO | 1159 | Antenna | Gateway | Node B | Station | GATEWAY | 1160 +--------------+-----------+------------+-------------+---------------+ 1161 | Server | Network | Serving- | Service |Network Gateway| 1162 | | Server | Gateway | Center | (ROUTER) | 1163 +--------------+-----------+------------+-------------+---------------+ 1164 | Security | Join | Home |Registration | | 1165 | Server | Server | Subscriber | Authority | AAA | 1166 | | | Server | | SERVER | 1167 +--------------+-----------+------------+-------------+---------------+ 1168 | Application |Application| Packet Data| Network | APPLICATION | 1169 | | Server |Node Gateway| Application | SERVER | 1170 +---------------------------------------------------------------------+ 1172 Figure 8: LPWAN Architecture Terminology 1174 () () () | +------+ 1175 () () () () / \ +---------+ | AAA | 1176 () () () () () () / \========| /\ |====|Server| +-----------+ 1177 () () () | | <--|--> | +------+ |Application| 1178 () () () () / \============| v |==============| Server | 1179 () () () / \ +---------+ +-----------+ 1180 HOSTS Radio Gateways Network Gateway 1182 Figure 9: LPWAN Architecture 1184 5. Gap Analysis 1186 [[Text here is from [I-D.minaburo-lpwan-gap-analysis].]] 1188 5.1. IPv6 and LPWAN 1190 IPv6 [RFC2460] has been designed to allocate addresses to all the 1191 nodes connected to the Internet. Nevertheless, the header overhead 1192 of, at least, 40 bytes introduced by the protocol is incompatible 1193 with the LPWAN constraints. If IPv6 (with no further optimization) 1194 were used, several LPWAN frames would be needed just to carry the 1195 header, discussion on this point is developed in the 6LoWPAN section 1196 below. Another limitation comes from the IPv6 MTU requirement, by 1197 which the layer below IP has to support packets of at least 1280 1198 bytes [RFC2460]. 1200 IPv6 needs a configuration protocol (neighbor discovery protocol, NDP 1201 [RFC4861]) for a node to learn network parameters, and the node 1202 relation with its neighbours. This protocol generates a regular 1203 traffic with a large message size that does not fit LPWAN 1204 constraints. 1206 5.1.1. Unicast and Multicast mapping 1208 In some LPWAN technologies, layer two multicast is not supported. In 1209 that case, if the network topology is a star, the solution and 1210 considerations of section 3.2.5 of [RFC7668] may be applied. 1212 5.2. 6LoWPAN and LPWAN 1214 Several technologies that exhibit significant constraints in various 1215 dimensions have exploited the 6LoWPAN suite of specifications 1216 [RFC4944], [RFC6282], [RFC6775] to support IPv6 [I-D.hong-6lo-use- 1217 cases]. However, the constraints of LPWANs, often more extreme than 1218 those typical of technologies that have (re)used 6LoWPAN, constitute 1219 a challenge for the 6LoWPAN suite in order to enable IPv6 over LPWAN. 1220 LPWANs are characterised by device constraints (in terms of 1221 processing capacity, memory, and energy availability), and specially, 1222 link constraints, such as: 1224 o very low layer two payload size (from ~10 to ~100 bytes), 1226 o very low bit rate (from ~10 bit/s to ~100 kbit/s), and 1228 o in some specific technologies, further message rate constraints 1229 (e.g. between ~0.1 message/minute and ~1 message/minute) due to 1230 regional regulations that limit the duty cycle. 1232 5.2.1. 6LoWPAN Header Compression 1234 6LoWPAN header compression reduces IPv6 (and UDP) header overhead by 1235 eliding header fields when they can be derived from the link layer, 1236 and by assuming that some of the header fields will frequently carry 1237 expected values. 6LoWPAN provides both stateless and stateful header 1238 compression. In the latter, all nodes of a 6LoWPAN are assumed to 1239 share compression context. In the best case, the IPv6 header for 1240 link-local communication can be reduced to only 2 bytes. For global 1241 communication, the IPv6 header may be compressed down to 3 bytes in 1242 the most extreme case. However, in more practical situations, the 1243 lowest IPv6 header size may be 11 bytes (one address prefix 1244 compressed) or 19 bytes (both source and destination prefixes 1245 compressed). These headers are large considering the link layer 1246 payload size of LPWAN technologies, and in some cases are even bigger 1247 than the LPWAN PDUs. 6LoWPAN has been initially designed for IEEE 1248 802.15.4 networks with a frame size up to 127 bytes and a throughput 1249 of up to 250 kb/s, which may or may not be duty-cycled. 1251 5.2.2. Address Autoconfiguration 1253 In the ambit of 6LoWPAN, traditionally, Interface Identifiers (IIDs) 1254 have been derived from link layer identifiers [RFC4944] . This allows 1255 optimisations such as header compression. Nevertheless, recent 1256 guidance has given advice on the fact that, due to privacy concerns, 1257 6LoWPAN devices should not be configured to embed their link layer 1258 addresses in the IID by default. 1260 5.2.3. Fragmentation 1262 As stated above, IPv6 requires the layer below to support an MTU of 1263 1280 bytes [RFC2460]. Therefore, given the low maximum payload size 1264 of LPWAN technologies, fragmentation is needed. 1266 If a layer of an LPWAN technology supports fragmentation, proper 1267 analysis has to be carried out to decide whether the fragmentation 1268 functionality provided by the lower layer or fragmentation at the 1269 adaptation layer should be used. Otherwise, fragmentation 1270 functionality shall be used at the adaptation layer. 1272 6LoWPAN defined a fragmentation mechanism and a fragmentation header 1273 to support the transmission of IPv6 packets over IEEE 802.15.4 1274 networks [RFC4944]. While the 6LoWPAN fragmentation header is 1275 appropriate for IEEE 802.15.4-2003 (which has a frame payload size of 1276 81-102 bytes), it is not suitable for several LPWAN technologies, 1277 many of which have a maximum payload size that is one order of 1278 magnitude below that of IEEE 802.15.4-2003. The overhead of the 1279 6LoWPAN fragmentation header is high, considering the reduced payload 1280 size of LPWAN technologies and the limited energy availability of the 1281 devices using such technologies. Furthermore, its datagram offset 1282 field is expressed in increments of eight octets. In some LPWAN 1283 technologies, the 6LoWPAN fragmentation header plus eight octets from 1284 the original datagram exceeds the available space in the layer two 1285 payload. In addition, the MTU in the LPWAN networks could be 1286 variable which implies a variable fragmentation solution. 1288 5.2.4. Neighbor Discovery 1290 6LoWPAN Neighbor Discovery [RFC6775] defined optimizations to IPv6 1291 Neighbor Discovery [RFC4861], in order to adapt functionality of the 1292 latter for networks of devices using IEEE 802.15.4 or similar 1293 technologies. The optimizations comprise host-initiated interactions 1294 to allow for sleeping hosts, replacement of multicast-based address 1295 resolution for hosts by an address registration mechanism, multihop 1296 extensions for prefix distribution and duplicate address detection 1297 (note that these are not needed in a star topology network), and 1298 support for 6LoWPAN header compression. 1300 6LoWPAN Neighbor Discovery may be used in not so severely constrained 1301 LPWAN networks. The relative overhead incurred will depend on the 1302 LPWAN technology used (and on its configuration, if appropriate). In 1303 certain LPWAN setups (with a maximum payload size above ~60 bytes, 1304 and duty-cycle-free or equivalent operation), an RS/RA/NS/NA exchange 1305 may be completed in a few seconds, without incurring packet 1306 fragmentation. In other LPWANs (with a maximum payload size of ~10 1307 bytes, and a message rate of ~0.1 message/minute), the same exchange 1308 may take hours or even days, leading to severe fragmentation and 1309 consuming a significant amount of the available network resources. 1310 6LoWPAN Neighbor Discovery behavior may be tuned through the use of 1311 appropriate values for the default Router Lifetime, the Valid 1312 Lifetime in the PIOs, and the Valid Lifetime in the 6CO, as well as 1313 the address Registration Lifetime. However, for the latter LPWANs 1314 mentioned above, 6LoWPAN Neighbor Discovery is not suitable. 1316 5.3. 6lo and LPWAN 1318 The 6lo WG has been reusing and adapting 6LoWPAN to enable IPv6 1319 support over a variety of constrained node link layer technologies 1320 such as Bluetooth Low Energy (BLE), ITU-T G.9959, DECT-ULE, MS/TP- 1321 RS485, NFC or IEEE 802.11ah. 1323 These technologies are relatively similar in several aspects to IEEE 1324 802.15.4, which was the original 6LoWPAN target technology. 6LoWPAN 1325 has been the basis for the functionality defined by 6Lo, which has 1326 mostly used the subset of 6LoWPAN techniques most suitable for each 1327 lower layer technology, and has provided additional optimizations for 1328 technologies where the star topology is used, such as BLE or DECT- 1329 ULE. 1331 The main constraint in these networks comes from the nature of the 1332 devices (constrained devices), whereas in LPWANs it is the network 1333 itself that imposes the most stringent constraints. 1335 5.4. 6tisch and LPWAN 1337 The 6tisch solution is dedicated to mesh networks that operate using 1338 802.15.4e MAC with a deterministic slotted channel. The TSCH can 1339 help to reduce collisions and to enable a better balance over the 1340 channels. It improves the battery life by avoiding the idle 1341 listening time for the return channel. 1343 A key element of 6tisch is the use of synchronization to enable 1344 determinism. TSCH and 6TiSCH may provide a standard scheduling 1345 function. The LPWAN networks probably will not support 1346 synchronization like the one used in 6tisch. 1348 5.5. RoHC and LPWAN 1350 RoHC header compression mechanisms were defined for point to point 1351 multimedia channels, to reduce the header overhead of the RTP flows, 1352 it can also reduce the overhead of IPv4 or IPv6 or IPv4/v6/UDP 1353 headers. It is based on a shared context which does not require any 1354 state but packets are not routable. The context is initialised at 1355 the beginning of the communication or when it is lost. The 1356 compression is managed using a sequence number (SN) which is encoded 1357 using a window algorithm letting the reduction of the SN to 4 bits 1358 instead of 2 bytes. But this window needs to be updated each 15 1359 packets which implies larger headers. When RoHC compression is used 1360 we talk about an average header compression size to give the 1361 performance of compression. For example, the compression start 1362 sending bigger packets than the original (52 bytes) to reduce the 1363 header up to 4 bytes (it stays here only for 15 packets, which 1364 correspond to the window size). Each time the context is lost or 1365 needs to be synchronised, packets of about 15 to 43 bytes are sent. 1367 The RoHC header compression is not adapted to the constrained nodes 1368 of the LPWAN networks: it does not take into account the energy 1369 limitations and the transmission rate, and context is synchronised 1370 during the transmission, which does not allow a better compression. 1372 5.6. ROLL and LPWAN 1374 The LPWAN technologies considered by the lpwan WG are based on a star 1375 topology, which eliminates the need for routing. Future works may 1376 address additional use-cases which may require the adaptation of 1377 existing routing protocols or the definition of new ones. As of the 1378 writing, the work done at the ROLL WG and other routing protocols are 1379 out of scope of the LPWAN WG. 1381 5.7. CoRE and LPWAN 1383 CoRE provides a resource-oriented framework for applications intended 1384 to run on constrained IP networks. It may be necessary to adapt the 1385 protocols to take into account the duty cycling and the potentially 1386 extremely limited throughput of LPWANs. 1388 For example, some of the timers in CoAP may need to be redefined. 1389 Taking into account CoAP acknowledgements may allow the reduction of 1390 L2 acknowledgements. On the other hand, the current work in progress 1391 in the CoRE WG where the COMI/CoOL network management interface 1392 which, uses Structured Identifiers (SID) to reduce payload size over 1393 CoAP proves to be a good solution for the LPWAN technologies. The 1394 overhead is reduced by adding a dictionary which matches a URI to a 1395 small identifier and a compact mapping of the YANG model into the 1396 CBOR binary representation. 1398 5.8. Security and LPWAN 1400 Most of the LPWAN technologies integrate some authentication or 1401 encryption mechanisms that may not have been defined by the IETF. 1402 The working group will work to integrate these mechanisms to unify 1403 management. For the technologies which are not integrating natively 1404 security protocols, it is necessary to adapt existing mechanisms to 1405 the LPWAN constraints. The AAA infrastructure brings a scalable 1406 solution. It offers a central management for the security processes, 1407 draft-garcia- dime-diameter-lorawan-00 and draft-garcia-radext- 1408 radius-lorawan-00 explain the possible security process for a LoRaWAN 1409 network. The mechanisms basically are divided in: key management 1410 protocols, encryption and integrity algorithms used. Most of the 1411 solutions do not present a key management procedure to derive 1412 specific keys for securing network and or data information. In most 1413 cases, a pre-shared key between the smart object and the 1414 communication endpoint is assumed. 1416 5.9. Mobility and LPWAN 1418 LPWANs nodes can be mobile. However, LPWAN mobility is different 1419 from the one specified for Mobile IP. LPWAN implies sporadic traffic 1420 and will rarely be used for high-frequency, real-time communications. 1421 The applications do not generate a flow, they need to save energy and 1422 most of the time the node will be down. The mobility will imply most 1423 of the time a group of devices, which represent a network itself. 1424 The mobility concerns more the gateway than the devices. 1426 5.9.1. NEMO and LPWAN 1428 NEMO Mobility solutions may be used in the case where some hosts 1429 belonging to the same Network gateway will move from one point to 1430 another and that they are not aware of this mobility. 1432 5.10. DNS and LPWAN 1434 The purpose of the DNS is to enable applications to name things that 1435 have a global unique name. Lots of protocols are using DNS to 1436 identify the objects, especially REST and applications using CoAP. 1437 Therefore, things should be registered in DNS. DNS is probably a 1438 good topic of research for LPWAN technologies, while the matching of 1439 the name and the IP information can be used to configure the LPWAN 1440 devices. 1442 6. Security Considerations 1444 [[Ed: Yep, these are tbd.]] 1446 7. IANA Considerations 1448 There are no IANA considerations related to this memo. 1450 8. Contributors 1452 As stated above this document is mainly a collection of content 1453 developed by the full set of contributors listed below. The main 1454 input documents and their authors were: 1456 o Text for Section 3.1 was provieded by Alper Yegin and Stephen 1457 Farrell in [I-D.farrell-lpwan-lora-overview]. 1459 o Text for Section 3.2 was provided by Antti Ratilainen in 1460 [I-D.ratilainen-lpwan-nb-iot]. 1462 o Text for Section 3.3 was provided by Juan Carlos Zuniga and Benoit 1463 Ponsard in [I-D.zuniga-lpwan-sigfox-system-description]. 1465 o Text for Section 3.4 was provided via personal communication from 1466 Bob Heile (bheile@ieee.org) and was authored by Bob and Sum Chin 1467 Sean. There is no Internet draft for that at present. 1469 o Text for Section 5 was provided by Ana Minabiru, Carles Gomez, 1470 Laurent Toutain, Josep Paradells and Jon Crowcroft in 1471 [I-D.minaburo-lpwan-gap-analysis]. Additional text from that 1472 draft is also used elsewhere above. 1474 The full list of contributors are: 1476 Jon Crowcroft 1477 University of Cambridge 1478 JJ Thomson Avenue 1479 Cambridge, CB3 0FD 1480 United Kingdom 1482 Email: jon.crowcroft@cl.cam.ac.uk 1484 Carles Gomez 1485 UPC/i2CAT 1486 C/Esteve Terradas, 7 1487 Castelldefels 08860 1488 Spain 1490 Email: carlesgo@entel.upc.edu 1492 Bob Heile 1493 Wi-Sun Alliance 1494 11 Robert Toner Blvd, Suite 5-301 1495 North Attleboro, MA 02763 1496 USA 1498 Phone: +1-781-929-4832 1499 Email: bheile@ieee.org 1501 Ana Minaburo 1502 Acklio 1503 2bis rue de la Chataigneraie 1504 35510 Cesson-Sevigne Cedex 1505 France 1507 Email: ana@ackl.io 1509 Josep PAradells 1510 UPC/i2CAT 1511 C/Jordi Girona, 1-3 1512 Barcelona 08034 1513 Spain 1515 Email: josep.paradells@entel.upc.edu 1517 Benoit Ponsard 1518 SIGFOX 1519 425 rue Jean Rostand 1520 Labege 31670 1521 France 1522 Email: Benoit.Ponsard@sigfox.com 1523 URI: http://www.sigfox.com/ 1525 Antti Ratilainen 1526 Ericsson 1527 Hirsalantie 11 1528 Jorvas 02420 1529 Finland 1531 Email: antti.ratilainen@ericsson.com 1533 Chin-Sean SUM 1534 Wi-Sun Alliance 1535 20, Science Park Rd 1536 Singapore 117674 1538 Phone: +65 6771 1011 1539 Email: sum@wi-sun.org 1541 Laurent Toutain 1542 Institut MINES TELECOM ; TELECOM Bretagne 1543 2 rue de la Chataigneraie 1544 CS 17607 1545 35576 Cesson-Sevigne Cedex 1546 France 1548 Email: Laurent.Toutain@telecom-bretagne.eu 1550 Alper Yegin 1551 Actility 1552 Paris, Paris 1553 FR 1555 Email: alper.yegin@actility.com 1557 Juan Carlos Zuniga 1558 SIGFOX 1559 425 rue Jean Rostand 1560 Labege 31670 1561 France 1563 Email: JuanCarlos.Zuniga@sigfox.com 1564 URI: http://www.sigfox.com/ 1566 9. Acknowledgements 1568 Thanks to all those listed in Section 8 for the excellent text. 1569 Errors in the handling of that are solely the editor's fault. 1571 Thanks to [your name here] for comments. 1573 Stephen Farrell's work on this memo was supported by the Science 1574 Foundation Ireland funded CONNECT centre . 1576 10. Informative References 1578 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1579 Requirement Levels", BCP 14, RFC 2119, 1580 DOI 10.17487/RFC2119, March 1997, 1581 . 1583 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1584 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, 1585 December 1998, . 1587 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 1588 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 1589 DOI 10.17487/RFC4861, September 2007, 1590 . 1592 [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler, 1593 "Transmission of IPv6 Packets over IEEE 802.15.4 1594 Networks", RFC 4944, DOI 10.17487/RFC4944, September 2007, 1595 . 1597 [RFC6282] Hui, J., Ed. and P. Thubert, "Compression Format for IPv6 1598 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, 1599 DOI 10.17487/RFC6282, September 2011, 1600 . 1602 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 1603 Bormann, "Neighbor Discovery Optimization for IPv6 over 1604 Low-Power Wireless Personal Area Networks (6LoWPANs)", 1605 RFC 6775, DOI 10.17487/RFC6775, November 2012, 1606 . 1608 [RFC7668] Nieminen, J., Savolainen, T., Isomaki, M., Patil, B., 1609 Shelby, Z., and C. Gomez, "IPv6 over BLUETOOTH(R) Low 1610 Energy", RFC 7668, DOI 10.17487/RFC7668, October 2015, 1611 . 1613 [I-D.farrell-lpwan-lora-overview] 1614 Farrell, S. and A. Yegin, "LoRaWAN Overview", draft- 1615 farrell-lpwan-lora-overview-01 (work in progress), October 1616 2016. 1618 [I-D.minaburo-lpwan-gap-analysis] 1619 Minaburo, A., Gomez, C., Toutain, L., Paradells, J., and 1620 J. Crowcroft, "LPWAN Survey and GAP Analysis", draft- 1621 minaburo-lpwan-gap-analysis-02 (work in progress), October 1622 2016. 1624 [I-D.zuniga-lpwan-sigfox-system-description] 1625 Zuniga, J. and B. PONSARD, "SIGFOX System Description", 1626 draft-zuniga-lpwan-sigfox-system-description-00 (work in 1627 progress), July 2016. 1629 [I-D.ratilainen-lpwan-nb-iot] 1630 Ratilainen, A., "NB-IoT characteristics", draft- 1631 ratilainen-lpwan-nb-iot-00 (work in progress), July 2016. 1633 [TGPP36300] 1634 3GPP, "TS 36.300 v13.4.0 Evolved Universal Terrestrial 1635 Radio Access (E-UTRA) and Evolved Universal Terrestrial 1636 Radio Access Network (E-UTRAN); Overall description; Stage 1637 2", 2016, 1638 . 1640 [TGPP36321] 1641 3GPP, "TS 36.321 v13.2.0 Evolved Universal Terrestrial 1642 Radio Access (E-UTRA); Medium Access Control (MAC) 1643 protocol specification", 2016. 1645 [TGPP36322] 1646 3GPP, "TS 36.322 v13.2.0 Evolved Universal Terrestrial 1647 Radio Access (E-UTRA); Radio Link Control (RLC) protocol 1648 specification", 2016. 1650 [TGPP36323] 1651 3GPP, "TS 36.323 v13.2.0 Evolved Universal Terrestrial 1652 Radio Access (E-UTRA); Packet Data Convergence Protocol 1653 (PDCP) specification (Not yet available)", 2016. 1655 [TGPP36331] 1656 3GPP, "TS 36.331 v13.2.0 Evolved Universal Terrestrial 1657 Radio Access (E-UTRA); Radio Resource Control (RRC); 1658 Protocol specification", 2016. 1660 [TGPP36201] 1661 3GPP, "TS 36.201 v13.2.0 - Evolved Universal Terrestrial 1662 Radio Access (E-UTRA); LTE physical layer; General 1663 description", 2016. 1665 [TGPP23720] 1666 3GPP, "TR 23.720 v13.0.0 - Study on architecture 1667 enhancements for Cellular Internet of Things", 2016. 1669 [TGPP33203] 1670 3GPP, "TS 33.203 v13.1.0 - 3G security; Access security 1671 for IP-based services", 2016. 1673 [etsi_ltn] 1674 "ETSI Technical Committee on EMC and Radio Spectrum 1675 Matters (ERM) TG28 Low Throughput Networks (LTN)", 1676 February 2015. 1678 [fcc_ref] "FCC CFR 47 Part 15.247 Telecommunication Radio Frequency 1679 Devices - Operation within the bands 902-928 MHz, 1680 2400-2483.5 MHz, and 5725-5850 MHz.", June 2016. 1682 [etsi_ref] 1683 "ETSI EN 300-220 (Parts 1 and 2): Electromagnetic 1684 compatibility and Radio spectrum Matters (ERM); Short 1685 Range Devices (SRD); Radio equipment to be used in the 25 1686 MHz to 1 000 MHz frequency range with power levels ranging 1687 up to 500 mW", May 2016. 1689 [arib_ref] 1690 "ARIB STD-T108 (Version 1.0): 920MHz-Band Telemeter, 1691 Telecontrol and data transmission radio equipment.", 1692 February 2012. 1694 [LoRaSpec] 1695 LoRa Alliance, "LoRaWAN Specification Version V1.0.2", Nov 1696 2016, . 1698 [LoRaSpec1.0] 1699 LoRa Alliance, "LoRaWAN Specification Version V1.0", Jan 1700 2015, . 1703 Author's Address 1704 Stephen Farrell (editor) 1705 Trinity College Dublin 1706 Dublin 2 1707 Ireland 1709 Phone: +353-1-896-2354 1710 Email: stephen.farrell@cs.tcd.ie