Leveraging Larger AES Keys in LoRaWAN: A Practical Evaluation of Energy and Time Costs
Internet of Things (IoT) devices increasingly contribute to critical infrastructures, necessitating robust security measures. LoRaWAN, a low-power IoT network, employs the Advanced Encryption Standard (AES) with a 128-bit key for encryption and integrity, balancing efficiency and security. As computational capabilities of devices advance and recommendations for stronger encryption, such as AES-256, emerge, the implications of using longer AES keys (192 and 256 bits) on LoRaWAN devices’ energy consumption and processing time become crucial. Despite the significance of the topic, there is a lack of research on the implications of using larger AES keys in real-world LoRaWAN settings. To address this gap, we perform extensive tests in a real-world LoRaWAN environment, modifying the source code of both a LoRaWAN end device and open-source server stack to incorporate larger AES keys. Our results show that, while larger AES keys increase both energy consumption and processing time, these increments are minimal compared to the time on air. Specifically, for the maximum payload size we used, when comparing AES-256 to AES-128, the additional computational time and energy are, respectively, 750 and 236 μJ. However, in terms of time on air costs, these increases represent just 0.2% and 0.13%, respectively. Our observations confirm our intuition that the increased costs correlate to the number of rounds of AES computation. Moreover, we formulate a mathematical model to predict the impact of longer AES keys on processing time, which further supports our empirical findings. These results suggest that implementing longer AES keys in LoRaWAN is a practical solution enhancing its security strength while not significantly impacting energy consumption or processing time.