« Back to Glossary Index
OTAA is the secure way for a LoRaWAN device to join a network. When the device powers up, it broadcasts a join request. The network server verifies it, generates fresh encryption keys for this session only, and sends them back. The keys change every time the device joins – so a compromised session does not expose past or future ones.
OTAA is more involved to provision than ABP (you must register the device’s DevEUI and AppKey with the network server before deployment), but it is the correct default for every new deployment.
- DevEUI – globally unique device identifier, like a serial number for the LoRaWAN network
- AppKey – the root secret stored on the device; never transmitted over the air
- Session keys – generated fresh for each join session from the AppKey using AES; the AppKey itself is never exposed
- Re-join – keys rotate automatically every time the device joins or re-joins the network