Is it possible to build a private network with TTN LoRa gateway? I see unknown devices are being connected to my gateway and i want to restrict the access.
For better understanding, security can be achieved on gateway (hardware) level or just on application (WAN) level?
LoRaWAN is not WiFi. In WiFi a client connects to a specific gateway, in LoRaWAN all gateways within radio range receive a nodes transmission. All received data will be forwarded to the back-end and there all non TTN traffic will be dropped.
The very essence of the TTN Lorawan gateway network (think of it as a star network that listens) is the selfless nature, all gateways listen and forward transmissions - yes end to end security is built into the system, if your gateway is receiving and forwarding TTN data then this good, just as other gateways would support your own devices too.
Its worth remembering TTN is not the only Lorawan solution, there is a lot of Lorawan traffic bouncing around from other solutions both public, commercial and private - your gateway will will also listen and see this data but will reject it as not destined for TTN.
Gateways do not reject data. The data will be received and forwarded to the TTN back-end. The TTN back-end will drop any non TTN data.
Your right, still surprises me that NetID filtering does not happen at gateway - would be easy for the backend to maintain and push out valid id lists
There is no protocol defined for that.
Is this the way that LoRa works with every gateway model or brand? Or does it work like this because we have TTN Community gateway?
Can it be possible to build a private network with security key on hardware level?
This is the way LoRaWAN works. (LoRa is just a radio modulation, LoRaWAN the standard on top if it)
By combining the network server and gateway on one device you can build a private network. However that is out of scope for TTN and this forum.