A bit of background, LoRaWAN is an open protocol that defines communication between low powered sensor devices and the Internet. It is great but it does not define data payload formats. It’s much like HTTP, it defines a mechanism for communication but not what that communication is.
The current state of play is that the various sensor manufacturers devise their own payload formats for data sent from or to their sensors. There are some efforts to define standards (such as Cayenne LPP) but none are widespread. The difficulty is that there are so many different types of sensors that designing a protocol to fit inside a few Bytes and yet cover all eventualities isn’t simple.
So at the moment when you add a sensor to a LoRaWAN network, you need to translate the payload into something useful.
I will keep adding more sensors to it as time goes on.
Alliot are delighted to be shortlisted as Solution Provider of the Year at the Smart Cities Awards in London! The shortlist announcement marks a first for us and we couldn’t be happier to be acknowledged for our expertise.
Designed to celebrate organisations dedicated to providing solutions throughout the UK, the awards set out to identify companies who are using smart approaches to advance the economy.
What Solutions does Alliot Provide?
In a sector that is ever evolving, it’s important to ensure that within all this action solutions are capable of delivering what is actually required; that’s where partnering with a reliable, knowledgeable supplier like Alliot comes into play.
The Alliot team are often presented with unique requirements. Supplying the best-in-class IoT hardware is the core of our business, but it doesn’t stop there. We are equipped to support you from proof-of-concept right the way through to commercial deployments. Our expert team are on hand to support you every step of the way.
To simplify large deployments, we are also able to provision your sensors and gateways prior to despatch. Simply provide us with your configuration requirements and we’ll take care of the rest!
Get your projects off the ground today by contacting the Alliot team.
This week, a security company called IOActive published a white paper on security vulnerabilities in LoRaWAN. You can read it here. I was also in the audience at a talk they gave during the Things Conference 2020 in Amsterdam last week on the same subject of security in LoRaWAN.
This report has caused a slight stir in the LoRaWAN community, to that end the LoRa-Alliance published a blog post on security. You can read this here.
I’ve read both and having been involved in security conscious areas of computing for many years (Voice-over-IP before IoT/LPWAN), there’s nothing in either report that I can’t agree with in some way. I do feel the IOActive report is a little bit sensationalist but hey, they’re a business trying to get their name out there so I can let them off. Plus, everything they talk about I have seen before in the VoIP world so it’s not new to me. Here’s my own thoughts on this subject.
There’s really two aspects to the report, the first is that LoRaWAN version 1.0 AppKeys are brute forceable. This is true, any encrypted or hashed password is brute forceable given enough time and resource. This information is neither new or surprising. The problem here is that it’s not that hard to do in a lot of cases, often due to poor management of these keys. LoRaWAN 1.1 adds extra security to mitigate this risk, I wont go into details here, the spec is published by the LoRa-Alliance if you want to read it plus these reports cover it too.
The other aspect the reports deal with are implementation issues and human factors. These are frequently the cause of cyber security problems in all areas, certainly it is the case in the Voice-over-IP world as well as IoT.
With respect to LoRaWAN, the issue is one of management of the AppKeys. Here’s a run down of the problems. I have seen each and every one of these problems in the real world several times!
Keys sent and stored in a non-secure fashion. I’ve seen both manufacturers and end user emailing spreadsheets or text files containing AppKeys in plain text. Then keeping hold of these files on their computer in case they need to refer to them later on. This is bad. If someone ever got hold of these files then they have a copy of the keys. Keys should be treated in the same way as passwords (although many people are terrible at that too). There’s an old saying, if you wouldn’t write something on the back of a postcard and drop it into a post box, then don’t send it in an email, there’s no way of knowing who might see that email.
Poor quality, non-random or non-unique keys. The most common one is where devices all share the same AppKeys, either from the manufacturer with little consideration given to changing them or installers being lazy and provisioning the same AppKey to all devices because it’s quicker. Also, non-random keys such as the DevEUI repeated twice, 32 zeros, “1234” repeated etc… These are all similar to using “password123” for a login password, they are easily guessable and not secure.
Hard-coded keys which can’t be changed. This one is down to manufacturers of devices. Would you sign up to a social media website and post your photos on it if they forced you to use a set password with no way of changing it (especially if they’d emailed it to you in plain text)? Hopefully the answer is no.
Insecure out-of-band management. Some devices are configurable over Bluetooth or NFC using a mobile app. It seems in some cases, there’s no security on this. You can download the manufacturer’s free app and connect to a device if you are close enough to it, then read the AppKey from it. Personally I think this is a limited attack vector, it requires the attacker to be physically close to the device. Having said that, if you’ve also used the same AppKey on all your devices, now your entire system is compromised because someone got hold of a single sensor.
So what should you do? Should you rip out all your LoRaWAN systems and hide in a cupboard for the rest of the year? Absolutely not, in fact mitigating these risks is not very hard. I can confidently say that I’ve been implementing these measures and instilling secure ways of handling LoRaWAN keys in all our staff for a long time. What this means for us and what I would encourage anyone reading this to do is as follows.
Use unique AppKeys on each and every device you install. Don’t even use common ones for testing, it’s just a bad habit to get in to. This website can be used to generate random 128bit keys for use as AppKeys. When we provision devices for customers, we always use this or similar tools to generate unique keys and securely load them onto the devices.
Keep your keys safe. Don’t email them, an Excel spreadsheet with a password applied is still pretty poor security. We provide a securely encrypted portal to allow our customers to submit keys to us (or for us to send keys to our customers). This software generates a single-use obscure link, without the link it’s not easily possible to decrypt the keys even if someone had access to the server the portal is hosted on. We can also provide a password as an extra layer of security which is sent separately to the link itself. We use open source software called PrivateBin to do this. We also never store keys and I regularly train staff on the virtues of key security.
Keep your infrastructure secure. Your LoRaWAN Network Server has copies of all your keys stored on it. Make sure this is secure, use secure random passwords to log in to it. Make sure any other access to the server (e.g. ssh access) is secure. I wont go into details here, if you’d like to talk about this then feel free to get in touch.
Communicate. If you see someone doing something you feel is bad practise, say so. If you deal with us and we advice you that you are doing something we feel can be improved, don’t take it personally, we are trying to help. Similarly, we are very open to discussion and suggestions you might have for us. We keep in touch with our suppliers and manufacturers to advise and take advice on security. We also actively lobby manufacturers of devices to improve security and keep developing firmware to implement new standards.
I encourage the LoRaWAN community to openly discuss these issues so they can be debated in an organised manner. I have seen the IOActive report being dismissed as FUD, this is counterproductive, there are real issues to address, defensiveness and an unwillingness to debate are not helpful in my opinion (although it’s a reaction I have encountered many times in the technical/computing industry). I am always happy for anyone to talk to me about an issue they feel they have found and I am always willing to assist in talking to device manufacturers about fixing problems and improving security in an open and honest fashion.
After last week’s visit to The Things Conference in Amsterdam, our technical team gave us a little run down of the “ones to watch” for 2020. We talked about the best LoRaWAN sensors on show at the conference, and how they might change our lives in the not-too-distant future!
Smart Parking Sensors
The latest addition to the smart city scene is smart parking sensors. We’re currently testing a product made by Bosch. It works using radar and a magnetometer to detect whether or not there’s a car above it. It then reports the parking space status as “available” or “occupied” using LoRaWAN technology. The best bit for car park operators? The battery lasts for up to 5 years, so minimal maintenance!
We envisage the best use of this LoRaWAN sensor will be guided parking systems. We all know how frustrating it is when you’re looking for a space. In busy city centres, you can spend up to 20 minutes searching for a place to park. That’s 20 minutes of clogging up the traffic and the air with your engine running. This sensor could combine with a lighting system to highlight available spaces, or direct you to a multi-storey level where there are spaces. It could also be used to highlight available eCharging stations for electric cars.
People were impressed by the small size and overall design of this product when we displayed it in the flesh in Amsterdam. We have these available now.
We’ve been talking to Tekelek about their waste bin sensor. We think it’s great for a range of applications; from waste management companies to local councils, and even charity collection bins.
The LoRaWAN sensor can be positioned inside the bin and uses ultrasound to measure the level of waste. This allows you to optimise waste collections, adding or removing collections when you need them. This type of LoRaWAN sensor is already being trialled in the Netherlands and promises to cut costs and improve accountability for hazardous waste.
This particular sensor boasts a battery life of up to 14 years, thanks to LoRaWAN technology. It also has a communication range of up to 15km to the nearest gateway. We think this is one of the best LoRaWAN sensors for waste management and recycling.
Air Quality Monitoring
There are a wide range of air quality monitoring sensors on the market. Which is the best LoRaWAN sensor for air quality depends on what you want to measure:
CO2. We already offer a carbon dioxide monitor that also measures temperature and humidity. Measuring carbon dioxide can give you an idea of how well your ventilation systems are working. Research suggests that increased CO2 levels in the workplace can decrease productivity!
Carbon monoxide. Carbon monoxide can be toxic in high concentrations. Many homes and commercial buildings have carbon monoxide monitors surrounding equipment such as boilers or heating equipment. This is a safety precaution, but using LoRaWAN CO sensors can help your systems to alert you more quickly to changes in carbon monoxide levels.
VOCs. VOC stands for volatile organic compound. It’s a measure of potentially harmful substances in the air, and a fairly standard method of defining air quality.
Particulate matter. This is a useful way of measuring pollution levels in an outdoor environment. Particles from car exhausts, smoke and other sources can reduce the quality of the air we breathe.
At The Things Conference there were a few different manufacturers who supply different air quality monitors. We’re looking to collaborate with some of them over the coming months to supply sensors to our European client base.
We loved the concept of adding air quality sensors to street lighting; another tool for smart cities of the future. They can also be a great method for monitoring and improving air quality in workplaces, hospitals and schools.
LoRaWAN People Counting Sensor
Knowing how many people are visiting your premises or passing by the front can be really helpful. You can actively measure your busiest times and ensure that staffing levels are adapted accordingly. You can measure footfall in specific areas accurately and tailor your marketing strategies. There are all sorts of possibilities for commercial applications.
We liked the idea of being able to measure the number of people without using cameras. And, like all LoRaWAN sensors, we love the long battery life. We liked the look of the PCR2, made by Swiss company Parametric. They have a range of indoor and outdoor sensors that we’re launching now.
We had a great time at last week’s conference and we’re really excited about the future of LoRaWAN technology. We particularly enjoyed a presentation by Edge Impulse, which involved Johan Stokking (CTO The Things Industries) dressing up as a sheep:
Not only was it an engaging presentation, the concept of a programmable activity tracker that can “learn” different activities and transmit data via LoRaWAN is pretty amazing! We look forward to seeing it at work in the world of smart agriculture – just hope we don’t catch our sheep drinking beer!
If you met us at The Things Conference 2020, we’d love to hear from you again. Get in touch to find out more about the products we have on offer and our in-house test methods.
We’re excited to be heading to Amsterdam later this month for our first event of 2020. As the World’s largest LoRaWAN® Conference, The Things Conference brings together over 2000 IoT leaders from around the world.
Designed to equip visitors with a rich insight into the latest and greatest innovations in LoRaWAN®, visitors can expect to:
Meet with LoRaWAN® industry experts
Learn from industry leaders and boost their IoT skillset
Do business with key players in the LoRaWAN® space
Throughout the two-day event (30th – 31st January 2020) there will be a host of seminars held by guest speakers along with product showcases and plenty of networking opportunities!
We have no doubt there will be a great vibe at the show, there’s lots of exciting things happening in IoT and LoRaWAN®. With an impeccable speaker line up, we’re sure there will be plenty of inspiration for your projects!
Connect at The Things Conference
In an industry where we rely on electronic communication it can be great to have some physical interaction too!
Alliot will be showcasing a range of industry-leading products in the main exhibition hall, to the right of the entrance. If you’re attending the show be sure to drop by and say hello to our team – we’ve got lots of new products and information to share!
We’re also arranging meetings at the show, if you’d like to arrange a time to meet with us and discuss your projects, please feel free to get in touch.
We stock a range of LoRaWAN GPS asset tracking sensors including Abeeway’s Micro Tracker (plus their industrial version) . Each of them list a variety of tracking technologies and how they can be used. But was do these different types of location monitoring actually mean? And which one should you be using? Here’s a list of the different types of geolocation technologies.
Here’s an overview of the different geolocation technologies available for LoRaWAN asset trackers:
The same technology as your sat-nav in your car or your smart phone uses. It relies on receiving signals from multiple satellites in orbit around the planet.
Location accuracy can be as good as a couple of metres. But this depends on getting signal from a lot of satellites. 10m accuracy is the generally accepted level for standard GPS.
GPS can be quite “power hungry”. Even though GPS is a “receive only” system, it uses more power because it takes a long time (minutes rather than seconds or even milliseconds) to lock on to multiple satellites.
It’s free to use and there is global coverage.
GPS works best outside. If you are inside a building it sometimes works near a window, but GPS is generally recommended for tracking over long distances; for example monitoring fleet vehicles or keeping track of a runaway pet.
Most of the location processing is done on a server instead of the device itself. This means that time, CPU usage and battery power is saved. I can’t comment on the operation of this at the moment as I am yet to give it a try.
3. Wifi Sniffing
Technically this isn’t LoRaWAN GPS. But it does provide pretty accurate device locations using surrounding wifi networks.
Because there are wifi networks literally all over the place these days, you are usually within range of several of them anywhere (except really remote or rural areas). Companies such as Google or Apple collect the IDs and locations of wifi networks and store them anonymously.
Your smart phone makes use of this data to determine it’s own location quicker than waiting for a GPS lock. Your smart phone also collects this data and sends it back to the databases of the likes of Apple and Google. I find this technology really interesting and yet a bit scary at the same time.
The Abeeway tracker makes use of this technology as a way of getting a pretty accurate location by simply “sniffing” for wifi networks in range. The tracker sends the IDs of nearby wifi networks to the LoRaWAN Network Server. It is then up to you to convert this into a normal location (latitude & longitude) on your own application. The raw data looks like this:
That’s a list of wifi bssids and rssis my tracker has sniffed. It doesn’t connect to any wifi network, it simply scans for their IDs. Any wifi network broadcasts these ID numbers (along with the SSID you more commonly see in a list of networks to connect to on your computer). The RSSI numbers are the signal strengths for each network which can optionally be used to get a more accurate location .
To do something useful with this information you need to convert that raw data into a location. Google provide an API to their mapping system called GeoLocate, it does many things but one of them is converting these wifi networks into a real location just like you’d get from GPS – a latitude and longitude.
‘True’ LoRaWAN GPS
The Abeeway Micro Tracker is a pocket sized geolocation device that supports multiple location technologies. It’s a small battery powered unit that can either be put in your pocket, attached to a key-ring or put inside something else.
At Alliot Technologies, we also stock a simpler, more affordable asset tracker for indoor use. This one is manufactured by Netvox (Netvox 718MA) and relies on Received Signal Strength Ratio (RSSI) and Signal to Noise Ratio (SNR). It basically alerts your LoRaWAN network when the device leaves the network. Perfect for making sure your equipment stays on your business premises, but not really a ‘true’ asset tracker.
If you’d like information or advice on choosing the right LoRaWAN GPS trackers for your IoT project, get in touch with our technical team. We’re passionate about IoT products and how they can create help your business run more smoothly!
As we near the end of the year, we’d like to wish all Alliot customers a very Merry Christmas and a Happy New Year!
We hope you will have chance to relax over the festive period, but rest assured, we are here if you need us! We will be operating a reduced service between Christmas and New Year, more details are listed below.
Christmas Eve (24/12)
09:00 – 13:00
Christmas Day (25/12)
Boxing Day (26/12)
Friday 27th December
10:00 – 16:00
Monday 30th December
10:00 – 16:00
New Year’s Eve (31/12)
10:00 – 16:00
New Year’s Day (01/01)
Thursday 2nd January
Normal service resumes
We’ve come a long way over the last year, and look forward to entering 2020 with even more exciting products and partner announcements to come! We’d like to take this opportunity to thank our customers and vendor partners for their support over the last 12 months, we look forward to seeing what 2020 has to bring.
It stands for Narrowband Internet-of-Things. It is a low powered wide area network (LPWAN) radio technology that is part of the LTE/4G family.
Essentially a cut down version of the LTE technology that your mobile phone probably uses but using a narrower bandwidth (hence the name).
It has similar design goals to other LPWAN technologies (such as LoRa and Sigfox). These are mostly ultra-low power usage, long range, low cost, small data usage.
The main difference between NB-IoT and LoRa/LoRaWAN is that an NB-IoT network is provided by a mobile network operator rather than individuals buying and operating their own gateway devices.
It’s a brand new technology, the standard was only finalised in mid-2016, as yet there are no commercially available NB-IoT services in the UK. There are some available in central Europe. At the moment, Vodafone UK are the only operator currently rolling out the service but as I understand it, O2 and EE will soon follow. The Vodafone service is currently in the trial stage and coverage is limited to certain areas of the country.
It’s my opinion that NB-IoT will become a popular LPWAN standard in years to come so I am excited to be able to give it a try. Alliot’s plan is to offer NB-IoT related services and sensors as soon as they are commercially available.
Trying out NB-IoT
As I said, Vodafone are currently trialling their NB-IoT service, this means that they are making SIMs available to certain partners for testing. I have obtained some SIMs for testing, I cannot get any for anyone else at the moment. Alliot plan to provide SIMs as soon as we can.
Because it’s so new, there’s not much hardware around at the moment that supports NB-IoT. So to test I have so far bought a Pycom Fipy development board:
The NB-IoT node will send and receive data via the network operator’s network, they will assign an IP address to the node and it can then communicate with the Internet. To test, you will need a server/computer that is publicly accessible on the Internet. In my case, the Vodafone trial limits usage to UDP only so I made a simple Python script on a test Amazon AWS server that accepts UDP packets and logs the contents to a file. All very simple stuff and not very useful but it’s pretty cool all the same! It all works as expected.
The Pycom board simply sends a “hello world” message every ten minutes, the Arduino board does this too but I also made it report it’s battery voltage since I’m powering that from a rechargable LiPo battery.
What next, what use is this?
I’ll expand on this to connect some real sensors to both devices so they are sending something more useful. I will then make the server part log to a database and produce some graphs in Grafana to visualise the data.
I have also sourced some commerically available sensor devices so will be testing them, another post on that will follow.
Verdict on NB-IoT testing
This experimentation has taught me a few things.
This is very new technology indeed, it’s much less mature than LoRaWAN for example. There’s scant information on the Internet so far, getting the Arduino board to work for example involved finding and reading the low level documentation for the uBlox chip on the board and the Arduino source code for their NB-IoT library.
You’re at the mercy of a network provider. If you have no coverage then it’s tough luck, no buying a gateway as with LoRaWAN or Sigfox. Although if there is coverage, then great, you don’t need to buy a gateway (also the case for Sigfox). You will always have to pay a network operator for use of the network.
It needs more power than LoRaWAN, considerably so in my opinion. For example, just connecting to the network takes multiple seconds and this will eat batteries. In comparison to LoRaWAN where a sensor can wake up, fire off a message and go back to sleep in a matter of milliseconds. Feel free to get in touch and correct me but I cannot see how NB-IoT can be anywhere near as frugal as LoRaWAN.
It’s more synchronous than LoRaWAN. It’s still designed for tiny amounts of data but connections involving multiple requests & their responses are possible. A protocol called Constrained Application Protocol (CoAP) can be used which is like a cut down version of HTTP.
The technology is a reality and the mobile networks are starting to roll it out. I think NB-IoT will be big and sit alongside other LPWAN technologies.
The UK seems to be behind central Europe again. There’s much more evidence online for people using NB-IoT in places like Germany.
We’re delighted to share our latest news with you! We have today been announced as Kerlink’s official UK distributor. This appointment marks a big step for Alliot and our mission to make IoT accessible to all. Distributing a comprehensive range of their leading LoRaWAN® equipment, software and services, here’s an insight in to what Kerlink could offer to you and your IoT projects.
As a key component to any IoT project, Kerlink cover every eventuality with gateway options to suit every budget and use. From the Wirnet IFemtoCell, to the robust Wirnet IBTS outdoor gateway, Kerlink have you covered.
Kerlink Wanesy Management
Remotely manage and monitor your Kerlink gateways with Wanesy. Whether you have a single gateway on a small private network or multiple gateways on a commercial network, with Wanesy you can remotely deploy, operate and manage your LoRaWAN® IoT connections.
Offering a truly flexible approach, Alliot enables you to take as much or as little as you require to build your solution. Get in touch to find out more and discuss your requirements today.