LoRaWAN : Difference between OTAA and ABP

Introduction : In LoRaWAN, device activation is the process by which an end device joins the network and establishes secure communication. Two methods are defined for this in LoRWAN viz. Over The Air Activation (OTAA) and Activation By Personalization (ABP). OTAA dynamically generates session keys while ABP uses pre-configured session keys. Both approaches have their advantages and trade-offs, and understanding them is crucial for selecting the most suitable activation method in IoT deployments.

LoRaWAN OTAA (Over The Air Activation)

The device performs a join procedure with the network. The recommended and most secure method.

• Device sends a Join Request (containing DevEUI, AppEUI/JoinEUI, DevNonce).
• The Join Server authenticates it.
• The Join Server generates session keys:
  • NwkSKey (Network Session Key) for MAC/network integrity.
  • AppSKey (Application Session Key) for end to end payload encryption.
• Sends a Join Accept back to the device.
• Device and Network Server now share unique session keys.

LoRaWAN ABP (Activation By Personalization)

• A manual / static method.
• The session keys (NwkSKey, AppSKey) and device address (DevAddr) are hard coded into the device before deployment.
• Device does not perform a join procedure.

Key differences

Conclusion: OTAA and ABP provide different pathways for bringing LoRaWAN devices into the network. OTAA is the preferred method for most deployments due to its strong security and adaptability, while ABP is simpler and can be useful in controlled or resource limited environments.