Development and Testing of a Real-Time LoRawan Sniffer Based on GNU-Radio

En este documento se muestran las vulnerabilidades presentes en una red de sensores inalámbricas implementada sobre una red de área amplia de largo alcance (LoRaWAN por sus siglas en inglés) LoRaWAN y se identifican los posibles ataques que se podrían realizar a la red usando sniffing y/o replay. Los ataques a la red se realizaron implementando un analizador de protocolos (Sniffer) para capturar los paquetes. El Sniffer se implementó utilizando el hardware RTL2832U y se visualizó en Wireshark, a través de GNU-Radio. Las pruebas mostraron que se pueden amenazar la disponibilidad y confidencialidad de los datos a través de ataques de replay con verificación en el LoRa server utilizando hardware HackRF One y GNU-Radio. Aunque la especificación LoRaWAN tiene contadores para evitar ataques de replay, bajo condiciones adecuadas se lograría vulnerar la red llegando a realizar la denegación del servicio del nodo en el servidor.This paper shows the vulnerabilities present in a wireless sensor network implemented over a long-range wide area network (LoRaWAN) LoRaWAN, and identifies possible attacks that could be made to the network using sniffing and/or replay. Attacks on the network were performed by implementing a protocol analyzer (Sniffer) to capture packets. The Sniffer was implemented using the RTL2832U hardware and visualized in Wireshark, through GNU-Radio. Tests showed that data availability and confidentiality could be threatened through replay attacks with LoRa server verification using HackRF One and GNU-Radio hardware. Although the LoRaWAN specification has, frame counters to avoid replay attacks, under given the right conditions, this measure could be violated even deny service to the node on the server

Selective Jamming of LoRaWAN using Commodity Hardware

Long range, low power networks are rapidly gaining acceptance in the Internet of Things (IoT) due to their ability to economically support long-range sensing and control applications while providing multi-year battery life. LoRa is a key example of this new class of network and is being deployed at large scale in several countries worldwide. As these networks move out of the lab and into the real world, they expose a large cyber-physical attack surface. Securing these networks is therefore both critical and urgent. This paper highlights security issues in LoRa and LoRaWAN that arise due to the choice of a robust but slow modulation type in the protocol. We exploit these issues to develop a suite of practical attacks based around selective jamming. These attacks are conducted and evaluated using commodity hardware. The paper concludes by suggesting a range of countermeasures that can be used to mitigate the attacks.Comment: Mobiquitous 2017, November 7-10, 2017, Melbourne, VIC, Australi

LoRaWAN communication implementation platforms

A key role in the development of smart Internet of Things (IoT) solutions is played by wireless communication technologies, especially LPWAN (Low-Power Wide-Area Network), which are becoming increasingly popular due to their advantages: long range, low power consumption and the ability to connect multiple edge devices. However, in addition to the advantages of communication and low power consumption, the security of transmitted data is also important. End devices very often have a small amount of memory, which makes it impossible to implement advanced cryptographic algorithms on them. The article analyzes the advantages and disadvantages of solutions based on LPWAN communication and reviews platforms for IoT device communication in the LoRaWAN (LoRa Wide Area Network) standard in terms of configuration complexity. It describes how to configure an experimental LPWAN system being built at the Department of Computer Science and Telecommunications at Poznan University of Technology for research related to smart buildings

LoRaWAN device security and energy optimization

Resource-constrained devices are commonly connected to a network and become things that make up the Internet of Things (IoT). Many industries are interested in cost-effective, reliable, and cyber secure sensor networks due to the ever-increasing connectivity and benefits of IoT devices. The full advantages of IoT devices are seen in a long-range and remote context. However, current IoT platforms show many obstacles to achieve a balance between power efficiency and cybersecurity. Battery-powered sensor nodes can reliably send data over long distances with minimal power draw by adopting Long-Range (LoRa) wireless radio frequency technology. With LoRa, these devices can stay active for many years due to a low data bit rate and low power draw during device sleep states. An improvement built on top of LoRa wireless technology, Long-Range Wide Area Networks (LoRaWAN), introduces integrity and confidentiality of the data sent within the IoT network. Although data sent from a LoRaWAN device is encrypted, protocol and implementation vulnerabilities still exist within the network, resulting in security risks to the whole system. In this research, solutions to these vulnerabilities are proposed and implemented on a LoRaWAN testbed environment that contains devices, gateways, and servers. Configurations that involve the transmission of data using AES Round Reduction, Join Scheduling, and Metadata Hiding are proposed in this work. A power consumption analysis is performed on the implemented configurations, resulting in a LoRaWAN system that balances cybersecurity and battery life. The resulting configurations may be harnessed for usage in the safe, secure, and efficient provisioning of LoRaWAN devices in technologies such as Smart-Industry, Smart-Environment, Smart-Agriculture, Smart-Universities, Smart-Cities, et

ChirpOTLE: A Framework for Practical LoRaWAN Security Evaluation

Low-power wide-area networks (LPWANs) are becoming an integral part of the Internet of Things. As a consequence, businesses, administration, and, subsequently, society itself depend on the reliability and availability of these communication networks. Released in 2015, LoRaWAN gained popularity and attracted the focus of security research, revealing a number of vulnerabilities. This lead to the revised LoRaWAN 1.1 specification in late 2017. Most of previous work focused on simulation and theoretical approaches. Interoperability and the variety of implementations complicate the risk assessment for a specific LoRaWAN network. In this paper, we address these issues by introducing ChirpOTLE, a LoRa and LoRaWAN security evaluation framework suitable for rapid iteration and testing of attacks in testbeds and assessing the security of real-world networks.We demonstrate the potential of our framework by verifying the applicability of a novel denial-of-service attack targeting the adaptive data rate mechanism in a testbed using common off-the-shelf hardware. Furthermore, we show the feasibility of the Class B beacon spoofing attack, which has not been demonstrated in practice before.Comment: 11 pages, 14 figures, accepted at ACM WiSec 2020 (13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Prospectiva de seguridad de las redes de sensores inalámbricos

En las Redes de Sensores Inalámbricos (WSN), los nodos son vulnerables a los ataques de seguridad porque están instalados en un entorno difícil, con energía y memoria limitadas, baja capacidad de procesamiento y transmisión de difusión media; por lo tanto, identificar las amenazas, los retos y las soluciones de seguridad y privacidad es un tema candente hoy en día. En este artículo se analizan los trabajos de investigación que se han realizado sobre los mecanismos de seguridad para la protección de las WSN frente a amenazas y ataques, así como las tendencias que surgen en otros países junto con futuras líneas de investigación. Desde el punto de vista metodológico, este análisis se muestra a través de la visualización y estudio de trabajos indexados en bases de datos como IEEE, ACM, Scopus y Springer, con un rango de 7 años como ventana de observación, desde 2013 hasta 2019. Se obtuvieron un total de 4.728 publicaciones, con un alto índice de colaboración entre China e India. La investigación planteó desarrollos, como avances en los principios de seguridad y mecanismos de defensa, que han llevado al diseño de contramedidas en la detección de intrusiones. Por último, los resultados muestran el interés de la comunidad científica y empresarial por el uso de la inteligencia artificial y el aprendizaje automático (ML) para optimizar las medidas de rendimiento.In Wireless Sensor Networks (WSN), nodes are vulnerable to security attacks because they are installed in a harsh environment with limited power and memory, low processing power, and medium broadcast transmission. Therefore, identifying threats, challenges, and solutions of security and privacy is a talking topic today. This article analyzes the research work that has been carried out on the security mechanisms for the protection of WSN against threats and attacks, as well as the trends that emerge in other countries combined with future research lines. From the methodological point of view, this analysis is shown through the visualization and study of works indexed in databases such as IEEE, ACM, Scopus, and Springer, with a range of 7 years as an observation window, from 2013 to 2019. A total of 4,728 publications were obtained, with a high rate of collaboration between China and India. The research raised developments, such as advances in security principles and defense mechanisms, which have led to the design of countermeasures in intrusion detection. Finally, the results show the interest of the scientific and business community in the use of artificial intelligence and machine learning (ML) to optimize performance measurements