RFC 9011 SCHC over LoRaWAN April 2021
Gimenez & Petrov Standards Track [Page]
Stream:
Internet Engineering Task Force (IETF)
RFC:
9011
Category:
Standards Track
Published:
ISSN:
2070-1721
Authors:
O. Gimenez, Ed.
Semtech
I. Petrov, Ed.
Acklio

RFC 9011

Static Context Header Compression and Fragmentation (SCHC) over LoRaWAN

Abstract

The Static Context Header Compression and fragmentation (SCHC) specification (RFC 8724) describes generic header compression and fragmentation techniques for Low-Power Wide Area Network (LPWAN) technologies. SCHC is a generic mechanism designed for great flexibility so that it can be adapted for any of the LPWAN technologies.

This document defines a profile of SCHC (RFC 8724) for use in LoRaWAN networks and provides elements such as efficient parameterization and modes of operation.

Status of This Memo

This is an Internet Standards Track document.

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9011.

1. Introduction

The SCHC specification [RFC8724] describes generic header compression and fragmentation techniques that can be used on all Low-Power Wide Area Network (LPWAN) technologies defined in [RFC8376]. Even though those technologies share a great number of common features like star-oriented topologies, network architecture, devices with communications that are mostly quite predictable, etc., they do have some slight differences with respect to payload sizes, reactiveness, etc.

SCHC provides a generic framework that enables those devices to communicate on IP networks. However, for efficient performance, some parameters and modes of operation need to be set appropriately for each of the LPWAN technologies.

This document describes the parameters and modes of operation when SCHC is used over LoRaWAN networks. The LoRaWAN protocol is specified by the LoRa Alliance in [LORAWAN-SPEC].

2. Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

This section defines the terminology and abbreviations used in this document. For all other definitions, please look up the SCHC specification [RFC8724].

AppKey:
Application Key. An AES-128 root key specific to each device.
AppSKey:
Application Session Key. An AES-128 key derived from the AppKey for each new session. It is used to encrypt the payload field of a LoRaWAN applicative frame.
DevAddr:

A 32-bit non-unique identifier assigned to a device either:

Statically:
by the device manufacturer in "Activation-by-Personalization" mode, or
Dynamically:
after a LoRaWAN "Join Procedure" by the Network Gateway in "Over-the-Air-Activation" mode.
DevEUI:
Device Extended Unique Identifier, an IEEE EUI-64 identifier used to identify the device during the procedure while joining the network (Join Procedure). It is assigned by the manufacturer or the device owner and provisioned on the Network Gateway.
Downlink:
A LoRaWAN term for a frame transmitted by the network and received by the device.
EUI:
Extended Unique Identifier
FRMPayload:
Application data in a LoRaWAN frame
IID:
Interface Identifier
LoRaWAN:
LoRaWAN is a wireless technology based on Industrial, Scientific, and Medical (ISM) radio bands that is used for long-range, low-power, low-data-rate applications developed by the LoRa Alliance, a membership consortium: <https://www.lora-alliance.org>.
MSB:
Most Significant Byte
NGW:
Network Gateway
OUI:
Organizationally Unique Identifier. IEEE-assigned prefix for EUI.
RCS:
Reassembly Check Sequence. Used to verify the integrity of the fragmentation-reassembly process.
RGW:
Radio Gateway
RX:
A device's reception window.
RX1/RX2:
LoRaWAN class A devices open two RX windows following an uplink, called "RX1" and "RX2".
SCHC C/D:
SCHC Compression/Decompression
SCHC F/R:
SCHC Fragmentation/Reassembly
SCHC gateway:
The LoRaWAN Application Server that manages translation between an IPv6 network and the Network Gateway (LoRaWAN Network Server).
Tile:
A piece of a fragmented packet as described in Section 8.2.2.1 of [RFC8724].
Uplink:
LoRaWAN term for a frame transmitted by the device and received by the network.

3. SCHC Overview

This section contains a short overview of SCHC. For a detailed description, refer to the full specification [RFC8724].

It defines:

  1. Compression mechanisms to avoid transporting information known by both sender and receiver over the air. Known information is part of the "context". This component is called the "SCHC Compression/Decompression" (SCHC C/D).
  2. Fragmentation mechanisms to allow SCHC Packet transportation on a small, and potentially variable, MTU. This component is called the "SCHC Fragmentation/Reassembly" (SCHC F/R).

Context exchange or pre-provisioning is out of scope of this document.

    Device                                                App
+----------------+                                +----+ +----+ +----+
| App1 App2 App3 |                                |App1| |App2| |App3|
|                |                                |    | |    | |    |
|       UDP      |                                |UDP | |UDP | |UDP |
|      IPv6      |                                |IPv6| |IPv6| |IPv6|
|                |                                |    | |    | |    |
|SCHC C/D and F/R|                                |    | |    | |    |
+--------+-------+                                +----+ +----+ +----+
         |  +---+     +----+    +----+    +----+     .      .      .
         +~ |RGW| === |NGW | == |SCHC| == |SCHC|...... Internet ....
            +---+     +----+    |F/R |    |C/D |
                                +----+    +----+
|<- - - - LoRaWAN - - ->|
Figure 1: Architecture

Figure 1 represents the architecture for compression/decompression; it is based on the terminology from [RFC8376]. The device is sending application flows using IPv6 or IPv6/UDP protocols. These flows might be compressed by a SCHC C/D to reduce header size, and fragmented by the SCHC F/R. The resulting information is sent on a Layer 2 (L2) frame to an LPWAN Radio Gateway (RGW) that forwards the frame to a Network Gateway (NGW). The NGW sends the data to a SCHC F/R for reassembly, if required, then to a SCHC C/D for decompression. The SCHC C/D shares the same rules with the device. The SCHC C/D and SCHC F/R can be located on the NGW or in another place as long as a communication is established between the NGW and the SCHC F/R, then SCHC F/R and SCHC C/D. The SCHC C/D and SCHC F/R in the device and the SCHC gateway MUST share the same set of rules. After decompression, the packet can be sent on the Internet to one or several LPWAN Application Servers (App).

The SCHC C/D and SCHC F/R process is bidirectional, so the same principles can be applied to the other direction.

In a LoRaWAN network, the RGW is called a "Gateway", the NGW is a "Network Server", and the SCHC C/D and SCHC F/R are one or more "Application Servers". Application servers can be provided by the NGW or any third-party software. Figure 1 can be mapped in LoRaWAN terminology to:

   End Device                                              App
+--------------+                                   +----+ +----+ +----+
|App1 App2 App3|                                   |App1| |App2| |App3|
|              |                                   |    | |    | |    |
|      UDP     |                                   |UDP | |UDP | |UDP |
|     IPv6     |                                   |IPv6| |IPv6| |IPv6|
|              |                                   |    | |    | |    |
|SCHC C/D & F/R|                                   |    | |    | |    |
+-------+------+                                   +----+ +----+ +----+
        |  +-------+    +-------+    +-----------+    .      .      .
        +~ |Gateway| == |Network| == |Application|..... Internet ....
           +-------+    |server |    |server     |
                        +-------+    | F/R - C/D |
                                     +-----------+
|<- - - - - LoRaWAN - - - ->|
Figure 2: SCHC Architecture Mapped to LoRaWAN

4. LoRaWAN Architecture

An overview of the LoRaWAN protocol and architecture [LORAWAN-SPEC] is described in [RFC8376]. The mapping between the LPWAN architecture entities as described in [RFC8724] and the ones in [LORAWAN-SPEC] is as follows:

  • Devices are LoRaWAN End Devices (e.g., sensors, actuators, etc.). There can be a very high density of devices per radio gateway (LoRaWAN gateway). This entity maps to the LoRaWAN end device.
  • The RGW is the endpoint of the constrained link. This entity maps to the LoRaWAN Gateway.
  • The NGW is the interconnection node between the Radio Gateway and the SCHC gateway (LoRaWAN Application Server). This entity maps to the LoRaWAN Network Server.
  • The SCHC C/D and SCHC F/R are handled by the LoRaWAN Application Server.
  • The LPWAN-AAA Server is the LoRaWAN Join Server. Its role is to manage and deliver security keys in a secure way so that the devices root key is never exposed.
                                         (LPWAN-AAA Server)
    ()   ()   ()       |                      +------+
     ()  () () ()     / \       +---------+   | Join |
    () () () () ()   /   \======|    ^    |===|Server|  +-----------+
     () ()  ()      |           | <--|--> |   +------+  |Application|
    () ()  ()  ()  / \==========|    v    |=============|  Server   |
     ()  ()  ()   /   \         +---------+             +-----------+
    End devices  Gateways     Network Server          (SCHC C/D and F/R)
     (devices)    (RGW)            (NGW)
Figure 3: LPWAN Architecture

The SCHC C/D and SCHC F/R are performed on the LoRaWAN end device and the Application Server (called the SCHC gateway). While the point-to-point link between the device and the Application Server constitutes a single IP hop, the ultimate endpoint of the IP communication may be an Internet node beyond the Application Server. In other words, the LoRaWAN Application Server (SCHC gateway) acts as the first-hop IP router for the device. The Application Server and Network Server may be co-located, which effectively turns the Network/Application Server into the first-hop IP router.

4.1. Device Classes (A, B, C) and Interactions

The LoRaWAN Medium Access Control (MAC) layer supports three classes of devices named A, B, and C. All devices implement Class A, and some devices may implement Class B or Class C. Class B and Class C are mutually exclusive.

Class A:
Class A is the simplest class of devices. The device is allowed to transmit at any time, randomly selecting a communication channel. The Network Gateway may reply with a downlink in one of the two receive windows immediately following the uplinks. Therefore, the Network Gateway cannot initiate a downlink; it has to wait for the next uplink from the device to get a downlink opportunity. Class A is the lowest power consumption class.
Class B:

Class B devices implement all the functionalities of Class A devices but also schedule periodic listen windows. Therefore, as opposed to Class A devices, Class B devices can receive downlinks that are initiated by the Network Gateway and not following an uplink. There is a trade-off between the periodicity of those scheduled Class B listen windows and the power consumption of the device:

High periodicity:
Downlinks from the NGW will be sent faster but the device wakes up more often and power consumption is increased.
Low periodicity:
Downlinks from the NGW will have higher latency but lower power consumption.
Class C:
Class C devices implement all the functionalities of Class A devices but keep their receiver open whenever they are not transmitting. Class C devices can receive downlinks at any time at the expense of a higher power consumption. Battery-powered devices can only operate in Class C for a limited amount of time (for example, for a firmware upgrade over-the-air). Most of the Class C devices are grid powered (for example, Smart Plugs).

4.2. Device Addressing

LoRaWAN end devices use a 32-bit network address (DevAddr) to communicate with the Network Gateway over the air; this address might not be unique in a LoRaWAN network. Devices using the same DevAddr are distinguished by the Network Gateway based on the cryptographic signature appended to every LoRaWAN frame.

To communicate with the SCHC gateway, the Network Gateway MUST identify the devices by a unique 64-bit device identifier called the "DevEUI".

The DevEUI is assigned to the device during the manufacturing process by the device's manufacturer. It is built like an Ethernet MAC address by concatenating the manufacturer's IEEE OUI field with a vendor unique number. For example, a 24-bit OUI is concatenated with a 40-bit serial number. The Network Gateway translates the DevAddr into a DevEUI in the uplink direction and reciprocally on the downlink direction.

+--------+         +---------+        +---------+          +----------+
| Device | <=====> | Network | <====> | SCHC    | <======> | Internet |
|        | DevAddr | Gateway | DevEUI | Gateway | IPv6/UDP |          |
+--------+         +---------+        +---------+          +----------+
Figure 4: LoRaWAN Addresses

4.3. General Frame Types

LoRaWAN implements the possibility to send confirmed or unconfirmed frames:

Confirmed frame:
The sender asks the receiver to acknowledge the frame.
Unconfirmed frame:
The sender does not ask the receiver to acknowledge the frame.

As SCHC defines its own acknowledgment mechanisms, SCHC does not require the use of LoRaWAN Confirmed frames (FType = 0b100 as per [LORAWAN-SPEC]).

4.4. LoRaWAN MAC Frames

In addition to regular data frames, LoRaWAN implements JoinRequest and JoinAccept frame types, which are used by a device to join a network:

JoinRequest:
This frame is used by a device to join a network. It contains the device's unique identifier DevEUI and a random nonce that will be used for session key derivation.
JoinAccept:
To onboard a device, the Network Gateway responds to the JoinRequest issued by a device with a JoinAccept frame. That frame is encrypted with the device's AppKey and contains (among other fields) the network's major settings and a random nonce used to derive the session keys.
Data:
This refers to MAC and application data. Application data is protected with AES-128 encryption. MAC-related data is AES-128 encrypted with another key.

4.5. LoRaWAN FPort

The LoRaWAN MAC layer features a frame port field in all frames. This field (FPort) is 8 bits long and the values from 1 to 223 can be used. It allows LoRaWAN networks and applications to identify data.

4.6. LoRaWAN Empty Frame

A LoRaWAN empty frame is a LoRaWAN frame without FPort (cf. Section 5.1) and FRMPayload.

4.7. Unicast and Multicast Technology

LoRaWAN technology supports unicast downlinks but also multicast; a multicast packet sent over a LoRaWAN radio link can be received by several devices. It is useful to address many devices with the same content: either a large binary file (firmware upgrade) or the same command (e.g., lighting control). As IPv6 is also a multicast technology, this feature can be used to address a group of devices.

5. SCHC over LoRaWAN

5.1. LoRaWAN FPort and RuleID

The FPort field is part of the SCHC Message, as shown in Figure 5. The SCHC C/D and the SCHC F/R SHALL concatenate the FPort field with the LoRaWAN payload to recompose the SCHC Message.

| FPort | LoRaWAN payload  |
+ ------------------------ +
|       SCHC Message       |
Figure 5: SCHC Message in LoRaWAN

A fragmented datagram with application payload transferred from device to Network Gateway is called an "uplink-fragmented datagram". It uses an FPort for data uplink and its associated SCHC control downlinks, named "FPortUp" in this document. The other way, a fragmented datagram with application payload transferred from Network Gateway to device is called a "downlink-fragmented datagram". It uses another FPort for data downlink and its associated SCHC control uplinks, named "FPortDown" in this document.

All RuleIDs can use arbitrary values inside the FPort range allowed by the LoRaWAN specification [LORAWAN-SPEC] and MUST be shared by the device and SCHC gateway prior to the communication with the selected rule. The uplink and downlink fragmentation FPorts MUST be different.

5.2. RuleID Management

The RuleID MUST be 8 bits and encoded in the LoRaWAN FPort as described in Section 5.1. LoRaWAN supports up to 223 application FPorts in the range [1..223] as defined in Section 4.3.2 of [LORAWAN-SPEC]; it implies that the RuleID MSB SHOULD be inside this range. An application can send non-SCHC traffic by using FPort values different from the ones used for SCHC.

In order to improve interoperability, RECOMMENDED fragmentation RuleID values are:

  • RuleID = 20 (8-bit) for uplink fragmentation, named FPortUp.
  • RuleID = 21 (8-bit) for downlink fragmentation, named FPortDown.
  • RuleID = 22 (8-bit) for which SCHC compression was not possible (i.e., no matching compression Rule was found), as described in Section 6 of [RFC8724].

The FPortUp value MUST be different from the FPortDown value. The remaining RuleIDs are available for compression. RuleIDs are shared between uplink and downlink sessions. A RuleID not in the set(s) of FPortUp or FPortDown means that the fragmentation is not used; thus, on reception, the SCHC Message MUST be sent to the SCHC C/D layer.

The only uplink frames using the FPortDown port are the fragmentation SCHC control messages of a downlink-fragmented datagram (for example, SCHC ACKs). Similarly, the only downlink frames using the FPortUp port are the fragmentation SCHC control messages of an uplink-fragmented datagram.

An application can have multiple fragmented datagrams between a device and one or several SCHC gateways. A set of FPort values is REQUIRED for each SCHC gateway instance the device is required to communicate with. The application can use additional uplinks or downlink-fragmented parameters but SHALL implement at least the parameters defined in this document.

The mechanism for context distribution across devices and gateways is outside the scope of this document.

5.3. Interface IDentifier (IID) Computation

In order to mitigate the risks described in [RFC8064] and [RFC8065], implementations MUST implement the following algorithm and SHOULD use it.

  1. key = LoRaWAN AppSKey
  2. cmac = aes128_cmac(key, DevEUI)
  3. IID = cmac[0..7]

The aes128_cmac algorithm is described in [RFC4493]. It has been chosen as it is already used by devices for the LoRaWAN protocol.

As AppSKey is renewed each time a device joins or rejoins a LoRaWAN network, the IID will change over time; this mitigates privacy concerns, for example, location tracking or correlation over time. Join periodicity is defined at the application level.

Address-scan risk is mitigated thanks to the entropy added to the IID by the inclusion of AppSKey.

Using this algorithm will also ensure that there is no correlation between the hardware identifier (DevEUI) and the IID, so an attacker cannot use the manufacturer OUI to target devices.

Example with:

  • DevEUI: 0x1122334455667788
  • AppSKey: 0x00AABBCCDDEEFF00AABBCCDDEEFFAABB
1. key: 0x00AABBCCDDEEFF00AABBCCDDEEFFAABB
2. cmac: 0x4E822D9775B2649928F82066AF804FEC
3. IID: 0x4E822D9775B26499
Figure 6: Example of IID Computation

There is a small probability of IID collision in a LoRaWAN network. If this occurs, the IID can be changed by rekeying the device at the L2 level (i.e., triggering a LoRaWAN join). The way the device is rekeyed is out of scope of this document and left to the implementation.

5.4. Padding

All padding bits MUST be 0.

5.5. Decompression

The SCHC C/D MUST concatenate FPort and LoRaWAN payload to retrieve the SCHC Packet as per Section 5.1.

RuleIDs matching FPortUp and FPortDown are reserved for SCHC fragmentation.

5.6. Fragmentation

The L2 Word Size used by LoRaWAN is 1 byte (8 bits). The SCHC fragmentation over LoRaWAN uses the ACK-on-Error mode for uplink fragmentation and ACK-Always mode for downlink fragmentation. A LoRaWAN device cannot support simultaneous interleaved fragmented datagrams in the same direction (uplink or downlink).

The fragmentation parameters are different for uplink- and downlink-fragmented datagrams and are successively described in the next sections.

5.6.1. DTag

Section 8.2.4 of [RFC8724] describes the possibility to interleave several fragmented SCHC datagrams for the same RuleID. This is not used in the SCHC-over-LoRaWAN profile. A device cannot interleave several fragmented SCHC datagrams on the same FPort. This field is not used, and its size is 0.

5.7. SCHC Fragment Format

5.7.1. All-0 SCHC Fragment

Uplink Fragmentation (Ack-on-Error):

All-0 is distinguishable from a SCHC ACK REQ, as [RFC8724] states "This condition is also met if the SCHC Fragment Header is a multiple of L2 Words", the following condition being met: SCHC header is 2 bytes.

Downlink fragmentation (ACK-Always):

As per [RFC8724], SCHC All-1 MUST contain the last tile, and implementations MUST ensure that SCHC All-0 message Payload will be at least the size of an L2 Word.

5.7.2. All-1 SCHC Fragment

All-1 is distinguishable from a SCHC Sender-Abort, as [RFC8724] states "This condition is met if the RCS is present and is at least the size of an L2 Word", the following condition being met: RCS is 4 bytes.

5.7.3. Delay after Each LoRaWAN Frame to Respect Local Regulation

This profile does not define a delay to be added after each LoRaWAN frame; local regulation compliance is expected to be enforced by the LoRaWAN stack.

6. Security Considerations

This document is only providing parameters that are expected to be best suited for LoRaWAN networks for [RFC8724]. IID security is discussed in Section 5.3. As such, this document does not contribute to any new security issues beyond those already identified in [RFC8724]. Moreover, SCHC data (LoRaWAN payload) are protected at the LoRaWAN level by an AES-128 encryption with a session key shared by the device and the SCHC gateway. These session keys are renewed at each LoRaWAN session (i.e., each join or rejoin to the LoRaWAN network).

7. IANA Considerations

This document has no IANA actions.

8. References

8.1. Normative References

[LORAWAN-SPEC]
LoRa Alliance, "LoRaWAN 1.0.4 Specification Package", <https://lora-alliance.org/resource_hub/lorawan-104-specification-package/>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC4291]
Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, DOI 10.17487/RFC4291, , <https://www.rfc-editor.org/info/rfc4291>.
[RFC4493]
Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, , <https://www.rfc-editor.org/info/rfc4493>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC8724]
Minaburo, A., Toutain, L., Gomez, C., Barthel, D., and JC. Zúñiga, "SCHC: Generic Framework for Static Context Header Compression and Fragmentation", RFC 8724, DOI 10.17487/RFC8724, , <https://www.rfc-editor.org/info/rfc8724>.

8.2. Informative References

[LORAWAN-REMOTE-MULTICAST-SET]
LoRa Alliance, "LoRaWAN Remote Multicast Setup Specification v1.0.0", <https://lora-alliance.org/resource_hub/lorawan-remote-multicast-setup-specification-v1-0-0/>.
[RFC8064]
Gont, F., Cooper, A., Thaler, D., and W. Liu, "Recommendation on Stable IPv6 Interface Identifiers", RFC 8064, DOI 10.17487/RFC8064, , <https://www.rfc-editor.org/info/rfc8064>.
[RFC8065]
Thaler, D., "Privacy Considerations for IPv6 Adaptation-Layer Mechanisms", RFC 8065, DOI 10.17487/RFC8065, , <https://www.rfc-editor.org/info/rfc8065>.
[RFC8376]
Farrell, S., Ed., "Low-Power Wide Area Network (LPWAN) Overview", RFC 8376, DOI 10.17487/RFC8376, , <https://www.rfc-editor.org/info/rfc8376>.

Appendix A. Examples

In the following examples, "applicative data" refers to the IPv6 payload sent by the application to the SCHC layer.

Acknowledgements

Thanks to all those listed in the Contributors Section for the excellent text, insightful discussions, reviews, and suggestions, and also to (in alphabetical order) Dominique Barthel, Arunprabhu Kandasamy, Rodrigo Munoz, Alexander Pelov, Pascal Thubert, and Laurent Toutain for useful design considerations, reviews, and comments.

LoRaWAN is a registered trademark of the LoRa Alliance.

Contributors

Contributors ordered by family name.

Vincent Audebert
EDF R&D
Julien Catalano
Kerlink
Michael Coracin
Semtech
Marc Le Gourrierec
Sagemcom
Nicolas Sornin
Chirp Foundation
Alper Yegin
Actility

Authors' Addresses

Olivier Gimenez (editor)
Semtech
14 Chemin des Clos
Meylan
France
Ivaylo Petrov (editor)
Acklio
1137A Avenue des Champs Blancs
35510 Cesson-Sévigné Cedex
France