Dragino LearnDragino Learn
  • LoRaWAN

    • What is LoRaWAN?
    • Benefits of LoRa Technology and LoRaWAN
    • Understanding the Difference Between the LoRaWAN Network Server and Application Server
    • LoRaWAN 1.0.4
    • Regional Parameters
    • End Device Activation
    • Device Classes
    • Message Types
    • Radio Propergation
    • Security
    • Security Mechanisms
    • Spreading Factors
    • Adaptive Data Rate (ADR)
    • LoRaWAN Relay (Based on TS011-1.0.1)
    • LoRaWAN Roaming
    • LoRaWAN Roaming in Practice: Asset Tracking and Wildlife Tracking Use Cases
    • Understanding Firmware Updates Over The Air in LoRaWAN
    • Glossary
    • Use Cases
      • LC01
        • Smart Irrigation
        • LC01 ThingsBoard Integration
      • LHT65N-VIB
        • Monitoring Vibration Anomalies of an Electric Motor Pump
      • Cattle Tracking
      • Asset Tracking and Logistics Monitoring
      • Smart Utilities
  • NB-IoT

    • What is NB-IoT?
    • Prerequisites
    • SIM Cards
    • Frequency Bands
    • Power Saving Modes in NB-IoT
    • NB-IoT Network Architecture
    • NB-IoT Application Layer and Cloud Integration
  • LTE-M

    • What is LTE-M?
    • LTE-M Architecture
    • LTE-M Communication Process
    • Power Saving Mechanisms in LTE-M
    • Mobility and Handover in LTE-M
    • Security and Authentication in LTE-M
    • Data Transmission Procedures
    • Industry Use Cases and Future Trends
    • LTE-M Challenges and Network Limitations

Security and Authentication in LTE-M

Security is one of the most important parts of LTE-M. Because LTE-M devices often operate in remote places, collect sensitive data, and stay connected for many years, they must be protected against unauthorized access, data manipulation, network attacks, and identity theft. This lesson explains how LTE-M ensures strong security using SIM-based authentication, encrypted communication, integrity protection, and secure key management.

Why Security Matters in LTE-M

LTE-M is used in applications such as:

  • Smart meters
  • Healthcare devices
  • GPS trackers
  • Industrial sensors
  • Payment terminal
  • Environmental monitoring

These devices exchange data through mobile networks, sometimes continuously. If security is weak, attackers could:

  • Steal device identities
  • Inject fake data into cloud platforms
  • Track device locations
  • Gain unauthorized access to networks
  • Manipulate firmware or commands
  • Disrupt essential services (energy, water, logistics)

This is why LTE-M uses the same strong security framework as LTE and 5G.

SIM-Based Security in LTE-M

LTE-M devices use a SIM, also called a USIM (Universal Subscriber Identity Module), just like LTE phones. The SIM holds confidential keys that identify the device to the network.

What is stored inside the USIM?

  • IMSI (International Mobile Subscriber Identity) – the device's unique identity
  • Authentication key (K) – a secret key shared only between the SIM and the mobile operator
  • Algorithms for encryption and authentication
  • Operator-specific parameters

These keys never leave the SIM, which protects them from being read by malicious software or attackers.

Authentication in LTE-M

Authentication confirms that the device belongs to the network and the network is genuine.

LTE-M uses mutual authentication, meaning:

  • The network verifies the device
  • The device verifies the network

This prevents fake base stations, also called rogue towers.

Authentication Procedure

  • Device → Network: Sends its temporary identity.
  • Network: Creates a random challenge (RAND).
  • SIM: Calculates a response using the secret key (K).
  • Network: Checks if the response is correct.
  • Both sides: Generate encryption and integrity keys for the session.

All of this happens automatically inside the modem and SIM.

Encryption in LTE-M

Encryption ensures that no one can read the data being sent over the air.

LTE-M supports strong algorithms such as:

  • AES (Advanced Encryption Standard)
  • SNOW 3G / UEA2
  • ZUC (128-EEA3)

These encryption algorithms protect:

  • Uplink data (from device → network)
  • Downlink data (from network → device)
  • Paging messages
  • Control-plane communication

Even if someone intercepts the radio signals, they cannot understand the content.

Integrity Protection

Integrity protection ensures that data is not modified while being transmitted.

This prevents attackers from:

  • Injecting bogus messages
  • Modifying device commands
  • Corrupting session information

Integrity protection uses algorithms such as:

  • UIA2 (SNOW 3G)
  • 128-EIA1, 128-EIA2, 128-EIA3

The device and network calculate a Message Authentication Code (MAC). If the MAC does not match, the message is rejected.

NAS Security and AS Security

LTE-M has two layers of security:

NAS Security (Non-Access Stratum)

Protects signaling messages between the device and the core network.

Covers:

  • Attach procedures
  • Authentication
  • Mobility updates
  • Session management

AS Security (Access Stratum)

Protects communication between the device and the radio access network (eNodeB).

Covers:

  • Radio resource control (RRC) messages
  • Data transfer over the radio
  • Handover procedures

AS security is especially important during mobility and handover (Lesson 7).

Secure Key Management

After authentication, both the device and the network generate a series of security keys:

  • KASME – main key for the session
  • KeNB – key used at the radio base station
  • KNASenc – encryption key for NAS
  • KNASint – integrity key for NAS
  • KRRCenc / KRRCint – encryption and integrity keys for RRC
  • KUPenc – user-plane encryption key

Fast key changes help reduce the impact of compromised sessions and protect long-running devices.

Security Enhancements Specific to LTE-M

LTE-M includes additional considerations because its devices:

  • Sleep for long periods
  • Use low-power modes (PSM, eDRX)
  • Operate in remote or hostile environments

Protection During Idle and Sleep Modes

Even when the device is sleeping:

  • Keys remain valid and protected
  • Paging messages remain encrypted
  • Unauthorized tracking is prevented

Roaming Security

When LTE-M devices travel across networks:

  • Authentication still uses the SIM’s home-network key
  • Keys are not exposed to visited networks
  • Secure roaming ensures continuity for GPS trackers and mobile sensors

Simplified Device Identity Protection

LTE-M uses temporary identifiers (GUTI) so that the permanent identity (IMSI) is never sent in clear text, protecting privacy in:

  • Smart utility meters
  • Healthcare devices
  • Logistics trackers

End-to-End Security in IoT Applications

While LTE-M provides network-level security, IoT platforms often add end-to-end encryption for additional protection.

Examples:

  • TLS encryption for MQTT
  • DTLS for CoAP
  • HTTPS connections to cloud servers
  • Device-to-cloud certificates

End-to-end security prevents attackers from reading the data even inside the core network.

Best Practices for LTE-M Device Developers

Developers should consider:

  • Use secure APNs or private APNs
  • Use hardware security elements where possible
  • Regularly rotate keys and certificates
  • Always use TLS on the application layer
  • Avoid exposing AT command interfaces
  • Protect firmware to avoid tampering
  • Use encrypted bootloaders
  • Track suspicious behavior through device logs

Summary

In this lesson, you learned that LTE-M follows strong and proven security principles inherited from LTE. It protects devices and networks using:

  • SIM-based identification
  • Mutual authentication
  • Strong encryption
  • Integrity protection
  • Secure key management
  • Privacy protection
  • End-to-end security options

Security is essential for building safe, reliable IoT systems. Understanding these concepts prepares you for designing secure LTE-M applications.

Prev
Mobility and Handover in LTE-M
Next
Data Transmission Procedures