To address the challenge of supporting HTTPS security over low-power, wide-area LoRa networks, this paper proposes the first end-to-end TLS 1.3 transport architecture fully realized on LoRa. Methodologically, we design a lightweight TLS record reassembly layer and a session multiplexing mechanism, integrated with a TCP tunnel, edge-side proxy, and cloud-side relay to establish a secure tunnel for HTTPS request forwarding and response delivery. Our approach innovatively resolves critical issues in TLS handshake execution and record fragmentation/reassembly under LoRa’s severe bandwidth constraints and high latency. Experimental evaluation on real hardware demonstrates a TLS 1.3 handshake completion time of 9.9 seconds and an average API response latency of 3.58 seconds. To the best of our knowledge, this is the first practical validation of HTTPS feasibility, security, and utility over LoRa, confirming its viability for secure IoT communications.

We present TLoRa, an end-to-end architecture for HTTPS communication over LoRa by integrating TCP tunneling and a complete TLS 1.3 handshake. It enables a seamless and secure communication channel between WiFi-enabled end devices and the Internet over LoRa using an End Hub (EH) and a Net Relay (NR). The EH tethers a WiFi hotspot and a captive portal for user devices to connect and request URLs. The EH forwards the requested URLs to the NR using a secure tunnel over LoRa. The NR, which acts as a server-side proxy, receives and resolves the request from the Internet-based server. It then relays back the encrypted response from the server over the same secure tunnel. TLoRa operates in three phases -session setup, secure tunneling, and rendering. In the first phase, it manages the TCP socket and initiates the TLS handshake. In the second, it creates a secure tunnel and transfers encrypted TLS data over LoRa. Finally, it delivers the URL content to the user. TLoRa also implements a lightweight TLS record reassembly layer and a queuing mechanism for session multiplexing. We evaluate TLoRa on real hardware using multiple accesses to a web API. Results indicate that it provides a practical solution by successfully establishing a TLS session over LoRa in 9.9 seconds and takes 3.58 seconds to fulfill API requests. To the best of our knowledge, this is the first work to comprehensively design, implement, and evaluate the performance of HTTPS access over LoRa using full TLS.