Recently, I began exploring the world of low power IoT devices as part of a side project of mine. I have recently been hoping to investigate medium scale weather data collection in my area. I hope to use this as sample data for programatically understanding data at scale and to further understand the field of IoT data collection.
When I started researching data collection projects and IoT, I was looking in the wrong place. I was researching simply DIY data collection devices, many of which serve simple home automation or data collection purposes. They also typically run on ESP based WiFi solutions or Arduino/RPi based cellular solutions. Most also run on replaceable batteries or a wired power source. While these solutions are perfectly viable and do what they were intended for, they didn’t have what I was looking for. WiFi devices would limit me to a small range, and would quickly run out of power even with extremely conservative power usage. Cellular would be even worse for battery life, require more expensive hardware and need some form of cellular plan.
Eventually, I came upon LoRA. LoRA is a high-range, low-power communications solution that is growing in the IoT field. LoRA enables low-power devices to connect to a wireless network and transmit/receive data. The communication flow is very straightforward. A LoRA “node” is typically an Arduino/ESP/Raspberry Pi and has sensors/actuators. These nodes are connected to a nearby LoRA “gateway” (Example) which provides connection to the internet or a local device. If connected to the internet, the gateway typically sends and receives data with a cloud server where it is then processed or sent to a frontend. This system allows for low-power, mass sensor data collection and actuator control.
The LoRA ecosystem is extremely open, backed by organizations such as the LoRA Alliance and mass networks such as The Things Network. These networks are extremely vital to the general success of LoRA because they enable widespread connection of LoRA devices. This accessibility makes the addition of nodes painless, and encourages the growth of connected devices. Low cost LoRA gateways cost approximately $60 with a maximum range of ~3-6 miles. These are then connected to a larger network, meaning anyone can connect their own node within range and use it from anywhere without having to own or maintain the gateway.
The LoRA network is designed for mass data collection (such as weather stations) and therefore must be expandable. The network is capable of handling this and the only obvious bottleneck is the server receiving the data. But as for versatility in a large network, there is one very important feature missing in a low message size network like LoRA. Software updates and patching.
Many LoRA nodes will be deployed in remote locations and/or be difficult to perform maintenance on. Personally, I will be installing LoRA equipment into waterproof project boxes and mounting the assembly in the middle of the woods at the top of a tree. This means physical accessibility is extremely difficult. This made me shy away from LoRA initially, but then I found that this was not impossible. The Things Network wrote an article detailing the problem and the solution. Essentially, to preserve battery life, commands are only able to be received during downlink windows. These are typically after commands are sent. Also, due to the duty cycle of the gateway, individually updating a fleet may take weeks. To solve this, TTN created a solution that temporarily adds the devices to a single session, and enables multicast support. This makes the gateway duty cycle much more efficient as it maintains a P2P update network rather than send the entire update at once to each device. While more work is being done on this, the video is quite impressive.
Security in a LoRA network is extremely difficult as with any open radio technology, though it has evolved over time and gotten extremely reliable. LoRaWAN 1.0 uses a variety of security measures to prevent MitM attacks. The first measure is a network encryption that checks the validity of messages between the node and the server. The second is a session key that is only shared with the node and the server. This means the payload is secure from the node to the owner’s server. These measures prevent anyone from receiving or sending raw data.
This does however leave one issue associated with radio networks. Replay attacks can be used to execute a command (such as turning on an actuator or repeating sensor data) by capturing the encrypted signal and broadcasting the same encrypted signal again. This is solved using a frame counter system, which keeps a counter of uplinks and downlinks on both the server and the node. If there is a mismatch, it will fail the message check and be ignored. This, in addition to other basic radio security solutions such as spread spectrum make LoRA vulnerabilities extremely low.
Overall, the LoRA system is a reliable and secure method of creating low-power networks. The reason I assert that this is the future is because of its ability to grow. As gateways get cheaper and more accessible, nodes will be almost plug n’ play. I am personally preparing to install a gateway and start testing with simple solar powered nodes that measure air temperature and humidity, water temperature (nearby streams and lake) and wind speed. I will post all project files and findings here in the coming months and I cannot wait to begin working.