This research outlines a comprehensive security framework for LoRaWAN Firmware Updates Over-The-Air (FUOTA), which is essential for ensuring the reliability of IoT devices in critical infrastructures. It addresses multiple security threats specific to the wireless transmission of firmware updates, initiating an assessment of the vulnerabilities faced by the LoRaWAN FUOTA process. The framework incorporates several security measures, including secure transmission using lightweight encryption to maintain data confidentiality, robust authentication and authorization strategies to prevent unauthorized access, and digital signatures for integrity verification to ensure only authentic firmware updates are installed. It also includes anti-replay measures like sequence numbers and timestamps to protect against replay attacks and emphasizes efficient resource management to optimize power and computational resources for IoT devices. Additionally, secure multicast management techniques are employed to handle the challenges of simultaneously distributing updates to multiple devices. The framework provides an integrated and detailed approach to enhancing the security and operational efficiency of LoRaWAN FUOTA, making it an invaluable resource for practitioners and researchers in the field.

J. Catalano, “LoRaWAN Firmware Update Over-The-Air (FUOTA),” JICTS, Apr. 2021, doi: 10.13052/jicts2245-800X.913.

M. Pule and A. M. Abu-Mahfouz, “Firmware Updates Over the Air Mechanisms for Low Power Wide Area Networks: A Review,” in 2019 International Multidisciplinary Information Technology and Engineering Conference (IMITEC), Vanderbijlpark, South Africa: IEEE, Nov. 2019, pp. 1–7. doi: 10.1109/IMITEC45504.2019.9015851.

N. Sornin, “LoRaWAN®: Firmware Updates Over-the-Air,” 2020.

K. Abdelfadeel, T. Farrell, D. McDonald, and D. Pesch, “How to Make Firmware Updates over LoRaWAN Possible,” in 2020 IEEE 21st International Symposium on “A World of Wireless, Mobile and Multimedia Networks” (WoWMoM), Cork, Ireland: IEEE, Aug. 2020, pp. 16–25. doi: 10.1109/WoWMoM49955.2020.00018.

C. Nicolas, B. Naila, and R.-C. Amar, “Energy efficient Firmware Over The Air Update for TinyML models in LoRaWAN agricultural networks,” in 2022 32nd International Telecommunication Networks and Applications Conference (ITNAC), Wellington, New Zealand: IEEE, Nov. 2022, pp. 21–27. doi: 10.1109/ITNAC55475.2022.9998338.

S. El Jaouhari, “Toward a Secure Firmware OTA Updates for constrained IoT devices,” in 2022 IEEE International Smart Cities Conference (ISC2), Pafos, Cyprus: IEEE, Sep. 2022, pp. 1–6. doi: 10.1109/ISC255366.2022.9922087.

W. Mao et al., “Reliable and Energy-Efficient Reprogramming for Smart LoRaWAN,” in 2023 IEEE Smart World Congress (SWC), Portsmouth, United Kingdom: IEEE, Aug. 2023, pp. 1–8. doi: 10.1109/SWC57546.2023.10449002.

A. Anastasiou, P. Christodoulou, K. Christodoulou, V. Vassiliou, and Z. Zinonos, “IoT Device Firmware Update over LoRa: The Blockchain Solution,” in 2020 16th International Conference on Distributed Computing in Sensor Systems (DCOSS), Marina del Rey, CA, USA: IEEE, May 2020, pp. 404–411. doi: 10.1109/DCOSS49796.2020.00070.

N. Hayati, S. Windarta, M. Suryanegara, B. Pranggono, and K. Ramli, “A Novel Session Key Update Scheme for LoRaWAN,” IEEE Access, vol. 10, pp. 89696–89713, 2022, doi: 10.1109/ACCESS.2022.3200397.

N. Hayati, K. Ramli, M. Suryanegara, and Y. Suryanto, “Potential Development of AES 128-bit Key Generation for LoRaWAN Security,” in 2019 2nd International Conference on Communication Engineering and Technology (ICCET), Nagoya, Japan: IEEE, Apr. 2019, pp. 57–61. doi: 10.1109/ICCET.2019.8726884.

J. Qadir, I. Butun, P. Gastaldo, O. Aiello, and D. D. Caviglia, “Mitigating Cyber Attacks in LoRaWAN via Lightweight Secure Key Management Scheme,” IEEE Access, vol. 11, pp. 68301–68315, 2023, doi: 10.1109/ACCESS.2023.3291420.

N. Hayati, K. Ramli, S. Windarta, and M. Suryanegara, “A Novel Secure Root Key Updating Scheme for LoRaWANs Based on CTR_AES DRBG 128,” IEEE Access, vol. 10, pp. 18807–18819, 2022, doi: 10.1109/ACCESS.2022.3150281.

D. K. Nilsson and U. E. Larson, “Secure Firmware Updates over the Air in Intelligent Vehicles,” in ICC Workshops - 2008 IEEE International Conference on Communications Workshops, Beijing, China: IEEE, May 2008, pp. 380–384. doi: 10.1109/ICCW.2008.78.

J. Navarro-Ortiz, N. Chinchilla-Romero, F. Delgado-Ferro, and J. J. Ramos-Munoz, “A LoRaWAN Network Architecture with MQTT2MULTICAST,” Electronics, vol. 11, no. 6, p. 872, Mar. 2022, doi: 10.3390/electronics11060872.

F. Samiullah, M.-L. Gan, S. Akleylek, and Y. Aun, “Group Key Management in Internet of Things: A Systematic Literature Review,” IEEE Access, vol. 11, pp. 77464–77491, 2023, doi: 10.1109/ACCESS.2023.3298024.