IoT Security Vulnerabilities and Predictive Signal Jamming Attack Analysis in LoRaWAN

Internet of Things (IoT) gains popularity in recent times due to its flexibility, usability, diverse applicability and ease of deployment. However, the issues related to security is less explored. The IoT devices are light weight in nature and have low computation power, low battery life and low memory. As incorporating security features are resource expensive, IoT devices are often found to be less protected and in recent times, more IoT devices have been routinely attacked due to high profile security flaws. This paper aims to explore the security vulnerabilities of IoT devices particularly that use Low Power Wide Area Networks (LPWANs). In this work, LoRaWAN based IoT security vulnerabilities are scrutinised and loopholes are identified. An attack was designed and simulated with the use of a predictive model of the device data generation. The paper demonstrated that by predicting the data generation model, jamming attack can be carried out to block devices from sending data successfully. This research will aid in the continual development of any necessary countermeasures and mitigations for LoRaWAN and LPWAN functionality of IoT networks in general

ChirpOTLE: A Framework for Practical LoRaWAN Security Evaluation

Low-power wide-area networks (LPWANs) are becoming an integral part of the Internet of Things. As a consequence, businesses, administration, and, subsequently, society itself depend on the reliability and availability of these communication networks. Released in 2015, LoRaWAN gained popularity and attracted the focus of security research, revealing a number of vulnerabilities. This lead to the revised LoRaWAN 1.1 specification in late 2017. Most of previous work focused on simulation and theoretical approaches. Interoperability and the variety of implementations complicate the risk assessment for a specific LoRaWAN network. In this paper, we address these issues by introducing ChirpOTLE, a LoRa and LoRaWAN security evaluation framework suitable for rapid iteration and testing of attacks in testbeds and assessing the security of real-world networks.We demonstrate the potential of our framework by verifying the applicability of a novel denial-of-service attack targeting the adaptive data rate mechanism in a testbed using common off-the-shelf hardware. Furthermore, we show the feasibility of the Class B beacon spoofing attack, which has not been demonstrated in practice before.Comment: 11 pages, 14 figures, accepted at ACM WiSec 2020 (13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Data-driven classification of low-power communication signals by an unauthenticated user using a software-defined radio

Many large-scale distributed multi-agent systems exchange information over low-power communication networks. In particular, agents intermittently communicate state and control signals in robotic network applications, often with limited power over an unlicensed spectrum, prone to eavesdropping and denial-of-service attacks. In this paper, we argue that a widely popular low-power communication protocol known as LoRa is vulnerable to denial-of-service attacks by an unauthenticated attacker if it can successfully identify a target signal's bandwidth and spreading factor. Leveraging a structural pattern in the LoRa signal's instantaneous frequency representation, we relate the problem of jointly inferring the two unknown parameters to a classification problem, which can be efficiently implemented using neural networks.Comment: Accepted for presentation at Asilomar Conference on Signals, Systems, and Computers, 202

Development and Testing of a Real-Time LoRawan Sniffer Based on GNU-Radio

En este documento se muestran las vulnerabilidades presentes en una red de sensores inalámbricas implementada sobre una red de área amplia de largo alcance (LoRaWAN por sus siglas en inglés) LoRaWAN y se identifican los posibles ataques que se podrían realizar a la red usando sniffing y/o replay. Los ataques a la red se realizaron implementando un analizador de protocolos (Sniffer) para capturar los paquetes. El Sniffer se implementó utilizando el hardware RTL2832U y se visualizó en Wireshark, a través de GNU-Radio. Las pruebas mostraron que se pueden amenazar la disponibilidad y confidencialidad de los datos a través de ataques de replay con verificación en el LoRa server utilizando hardware HackRF One y GNU-Radio. Aunque la especificación LoRaWAN tiene contadores para evitar ataques de replay, bajo condiciones adecuadas se lograría vulnerar la red llegando a realizar la denegación del servicio del nodo en el servidor.This paper shows the vulnerabilities present in a wireless sensor network implemented over a long-range wide area network (LoRaWAN) LoRaWAN, and identifies possible attacks that could be made to the network using sniffing and/or replay. Attacks on the network were performed by implementing a protocol analyzer (Sniffer) to capture packets. The Sniffer was implemented using the RTL2832U hardware and visualized in Wireshark, through GNU-Radio. Tests showed that data availability and confidentiality could be threatened through replay attacks with LoRa server verification using HackRF One and GNU-Radio hardware. Although the LoRaWAN specification has, frame counters to avoid replay attacks, under given the right conditions, this measure could be violated even deny service to the node on the server

Integrated Satellite-terrestrial networks for IoT: LoRaWAN as a Flying Gateway

When the Internet of Things (IoT) was introduced, it causes an immense change in human life. Recently, different IoT emerging use cases, which will involve an even higher number of connected devices aimed at collecting and sending data with different purposes and over different application scenarios, such as smart city, smart factory, and smart agriculture. In some cases, the terrestrial infrastructure is not enough to guarantee the typical performance indicators due to its design and intrinsic limitations. Coverage is an example, where the terrestrial infrastructure is not able to cover certain areas such as remote and rural areas. Flying technologies, such as communication satellites and Unmanned Aerial Vehicles (UAVs), can contribute to overcome the limitations of the terrestrial infrastructure, offering wider coverage, higher resilience and availability, and improving user\u2019s Quality of Experience (QoE). IoT can benefit from the UAVs and satellite integration in many ways, also beyond the coverage extension and the increase of the available bandwidth that these objects can offer. This thesis proposes the integration of both IoT and UAVs to guarantee the increased coverage in hard to reach and out of coverage areas. Its core focus addresses the development of the IoT flying gateway and data mule and testing both approaches to show their feasibility. The first approach for the integration of IoT and UAV results in the implementing of LoRa flying gateway with the aim of increasing the IoT communication protocols\u2019 coverage area to reach remote and rural areas. This flying gateway examines the feasibility for extending the coverage in a remote area and transmitting the data to the IoT cloud in real-time. Moreover, it considers the presence of a satellite between the gateway and the final destination for areas with no Internet connectivity and communication means such as WiFi, Ethernet, 4G, or LTE. The experimental results have shown that deploying a LoRa gateway on board a flying drone is an ideal option for the extension of the IoT network coverage in rural and remote areas. The second approach for the integration of the aforementioned technologies is the deployment of IoT data mule concept for LoRa networks. The difference here is the storage of the data on board of the gateway and not transmitting the data to the IoT cloud in real time. The aim of this approach is to receive the data from the LoRa sensors installed in a remote area, store them in the gateway up until this flying gateway is connected to the Internet. The experimental results have shown the feasibility of our flying data mule in terms of signal quality, data delivery, power consumption and gateway status. The third approach considers the security aspect in LoRa networks. The possible physical attacks that can be performed on any LoRa device can be performed once its location is revealed. Position estimation was carried out using one of the LoRa signal features: RSSI. The values of RSSI are fed to the Trilateration localization algorithm to estimate the device\u2019s position. Different outdoor tests were done with and without the drone, and the results have shown that RSSI is a low cost option for position estimation that can result in a slight error due to different environmental conditions that affect the signal quality. In conclusion, by adopting both IoT technology and UAV, this thesis advances the development of flying LoRa gateway and LoRa data mule for the aim of increasing the coverage of LoRa networks to reach rural and remote areas. Moreover, this research could be considered as the first step towards the development of high quality and performance LoRa flying gateway to be tested and used in massive LoRa IoT networks in rural and remote areas