Before a LoRaWAN device can start to send data to the network, a process called “activation” (also called “join procedure”) has to be completed first. As a part of the activation process, a device has to prove it’s identity by using credentials (also called root keys) that are stored on a device. LoRaWAN supports two ways to for device activation: OTAA (Over the air activation) and ABP (Activation by personalization).
OTAA vs ABP
OTAA should be preferred over ABP as it is more secure. When using OTAA, temporary session keys are derived from root keys on each activation. ABP uses static keys, is less secure and should be not used if not explicitly required by the use-case.
Though AWS IoT Core for LoRaWAN supports both OTAA and ABP, this workshop only contains guidelines for OTAA.
When using OTAA, so-called root keys are the shared secrets between the LoRaWAN device and the AWS IoT Core for LoRaWAN. The names for root keys differ depending on a LoRaWAN version supported by the device: