LoRaWAN Physical Layer-Based Attacks and Countermeasures, A Review

As LoRaWAN is one of the most popular long-range wireless protocols among low-power IoT applications, more and more focus is shifting towards security. In particular, physical layer topics become relevant to improve the security of LoRaWAN nodes, which are often limited in terms of computational power and communication resources. To this end, e.g., detection methods for wireless attacks improve the integrity and robustness of LoRaWAN access. Further, wireless physical layer techniques have potential to enhance key refreshment and device authentication. In this work, we aim to provide a comprehensive review of various vulnerabilities, countermeasures and security enhancing features concerning the LoRaWAN physical layer. Afterwards, we discuss the impact of the reviewed topics on LoRaWAN security and, subsequently, we identify research gaps as well as promising future research directions

Intrusion Detection System based on time related features and Machine Learning

The analysis of the behavior of network communications over time allows the extraction of statistical features capable of characterizing the network traffic flows. These features can be used to create an Intrusion Detection System (IDS) that can automatically classify network traffic. But introducing an IDS into a network changes the latency of its communications. From a different viewpoint it is possible to analyze the latencies of a network to try to identifying the presence or absence of the IDS. The proposed method can be used to extract a set of phisical or time related features that characterize the communication behavior of an Internet of Things (IoT) infrastructure. For example the number of packets sent every 5 minutes. Then these features can help identify anomalies or cyber attacks. For example a jamming of the radio channel. This method does not necessarily take into account the content of the network packet and therefore can also be used on encrypted connections where is impossible to carry out a Deep Packet Inspection (DPI) analysis

A lightweight blockchain based two factor authentication mechanism for LoRaWAN join procedure

Recently, there has been increasing interest in employing blockchain in different applications, other than crypto-currencies. Blockchains allow a peer to peer distributed network where different nodes communicate with each other, in a trustless manner. Long Range Wide Area Network (LoRaWAN) is an Internet of Things (IoT) technology, which enables long range communication. Although LoRaWAN networks are secure, the LoRaWAN join procedure is susceptible to replay and jamming attacks. Moreover, trust between network server and LoRa end device is the basic foundation of LoRaWAN network however, the centralized nature of network servers raise trust issues between network operators and customers. To solve this problem, we propose a lightweight two factor authentication mechanism for LoRaWAN join procedure, based on blockchain technology. The proposed blockchain based framework provides an extra layer of security for LoRaWAN join procedure and build trust among LoRaWAN network components. The proposed framework is validated using the Ethereum blockchain. The results demonstrate that the proposed framework provides efficient system performance in terms of throughput and latency. The proposed blockchain architecture is a cost effective solution, which can be utilized in the LoRaWAN network with few network servers and LoRa end device, having no strict requirement of throughput and latency

Integrated Satellite-terrestrial networks for IoT: LoRaWAN as a Flying Gateway

When the Internet of Things (IoT) was introduced, it causes an immense change in human life. Recently, different IoT emerging use cases, which will involve an even higher number of connected devices aimed at collecting and sending data with different purposes and over different application scenarios, such as smart city, smart factory, and smart agriculture. In some cases, the terrestrial infrastructure is not enough to guarantee the typical performance indicators due to its design and intrinsic limitations. Coverage is an example, where the terrestrial infrastructure is not able to cover certain areas such as remote and rural areas. Flying technologies, such as communication satellites and Unmanned Aerial Vehicles (UAVs), can contribute to overcome the limitations of the terrestrial infrastructure, offering wider coverage, higher resilience and availability, and improving user\u2019s Quality of Experience (QoE). IoT can benefit from the UAVs and satellite integration in many ways, also beyond the coverage extension and the increase of the available bandwidth that these objects can offer. This thesis proposes the integration of both IoT and UAVs to guarantee the increased coverage in hard to reach and out of coverage areas. Its core focus addresses the development of the IoT flying gateway and data mule and testing both approaches to show their feasibility. The first approach for the integration of IoT and UAV results in the implementing of LoRa flying gateway with the aim of increasing the IoT communication protocols\u2019 coverage area to reach remote and rural areas. This flying gateway examines the feasibility for extending the coverage in a remote area and transmitting the data to the IoT cloud in real-time. Moreover, it considers the presence of a satellite between the gateway and the final destination for areas with no Internet connectivity and communication means such as WiFi, Ethernet, 4G, or LTE. The experimental results have shown that deploying a LoRa gateway on board a flying drone is an ideal option for the extension of the IoT network coverage in rural and remote areas. The second approach for the integration of the aforementioned technologies is the deployment of IoT data mule concept for LoRa networks. The difference here is the storage of the data on board of the gateway and not transmitting the data to the IoT cloud in real time. The aim of this approach is to receive the data from the LoRa sensors installed in a remote area, store them in the gateway up until this flying gateway is connected to the Internet. The experimental results have shown the feasibility of our flying data mule in terms of signal quality, data delivery, power consumption and gateway status. The third approach considers the security aspect in LoRa networks. The possible physical attacks that can be performed on any LoRa device can be performed once its location is revealed. Position estimation was carried out using one of the LoRa signal features: RSSI. The values of RSSI are fed to the Trilateration localization algorithm to estimate the device\u2019s position. Different outdoor tests were done with and without the drone, and the results have shown that RSSI is a low cost option for position estimation that can result in a slight error due to different environmental conditions that affect the signal quality. In conclusion, by adopting both IoT technology and UAV, this thesis advances the development of flying LoRa gateway and LoRa data mule for the aim of increasing the coverage of LoRa networks to reach rural and remote areas. Moreover, this research could be considered as the first step towards the development of high quality and performance LoRa flying gateway to be tested and used in massive LoRa IoT networks in rural and remote areas

Security issues in Internet of Things

The main idea behind the concept of the Internet of Things (IoT) is to connect all kinds of everyday objects, thus enabling them to communicate to each other and enabling people to communicate to them. IoT is an extensive concept that encompasses a wide range of technologies and applications. This document gives an introduction to what the IoT is, its fundamental characteristics and the enabling technologies that are currently being used. However, the technologies for the IoT are still evolving and maturing, leading to major challenges that need to be solved for a successful deployment of the IoT. Security is one of the most significant ones. Security issues may represent the greatest obstacle to general acceptance of the IoT. This document presents an assessment of the IoT security goals, its threats and the security requirements to achieve the goals. A survey on a representative set of already deployed IoT technologies is done to assess the current state of the art with regards to security. For each solution, a description of its functionality, its security options and the issues found in the literature is given. Finally, the common issues are identified and a set of future solutions are given.La idea principal detrás del concepto de Internet de las cosas (IoT) es conectar todo tipo de objetos cotidianos, para permitir comunicarse entre sí y que personas se comuniquen con ellos. IoT es un amplio concepto que abarca una extensa gama de tecnologías y aplicaciones. Este documento da una introducción a lo que es el IoT, sus características fundamentales y las tecnologías que se están utilizando actualmente. Sin embargo, las tecnologías usadas en el IoT todavía están en evolución y madurando, dando lugar a grandes desafíos que deben resolverse para un despliegue exitoso del IoT. La seguridad es uno de las más significativos. Los problemas de seguridad pueden representar el mayor obstáculo para la aceptación general del IoT. Este documento presenta una evaluación de los objetivos de seguridad en el IoT, sus amenazas y los requisitos necesarios para alcanzar dichos objetivos. Se realiza un estudio sobre un conjunto representativo de tecnologías IoT en uso para evaluar su estado actual respecto a la seguridad. Para cada solución, se da una descripción de su funcionalidad, sus protecciones y los problemas encontrados. Finalmente, se identifican los problemas comunes y se dan un conjunto de soluciones futuras.La idea principal darrera del concepte d'Internet de les coses (IoT) és connectar tot tipus d'objectes quotidians, per permetre comunicar-se entre sí i que les persones es comuniquin amb ells. IoT és un ampli concepte que engloba una extensa gamma de tecnologies i aplicacions. Aquest document dona una introducció al que és el IoT, les seves característiques fonamentals i les tecnologies que s'estan utilitzant actualment. No obstant, les tecnologies utilitzades en el IoT encara estan evolucionant i madurant, donant lloc a grans reptes que s'han de resoldre per a un desplegament exitós del IoT. La seguretat és un dels reptes més significatius. Els problemes de seguretat poden representar el major obstacle per l'acceptació general de l'IoT. Aquest document presenta una avaluació dels objectius de seguretat en el Iot, les seves amenaces i els requisits necessaris per assolir aquests objectius. Es realitza un estudi sobre un conjunt representatiu de tecnologies IoT en ús per avaluar el seu estat actual respecte a la seguretat. Per cada solució, es dona una descripció de la seva funcionalitat, les seves proteccions i els problemes trobats. Finalment, s'identifiquen els problemes comuns i es donen un conjunt de solucions futures

Energy aware optimization for low power radio technologies

The explosive growth of IoT is pushing the market towards cheap, very low power devices with a strong focus on miniaturization, for applications such as in-body sensors, personal health monitoring and microrobots. Proposing procedures for energy efficiency in IoT is a difficult task, as it is a rapidly growing market comprised of many and very diverse product categories using technologies that are not stable, evolving at a high pace. The research in this field proposes solutions that go from physical layer optimization up to the network layer, and the sensor network designer has to select the techniques that are best for its application specific architecture and radio technology used. This work is focused on exploring new techniques for enhancing the energy efficiency and user experience of IoT networks. We divide the proposed techniques in frame and chip level optimization techniques, respectively. While the frame level techniques are meant to improve the performance of existing radio technologies, the chip level techniques aim at replacing them with crystal-free architectures. The identified frame level techniques are the use of preamble authentication and packet fragmentation, advisable for Low Power Wide Area Networks (LPWANs), a technology that offers the lowest energy consumption per provided service, but is vulnerable in front of energy exhaustion attacks and does not perform well in dense networks. The use of authenticated preambles between the sensors and gateways becomes a defence mechanism against the battery draining intended by attackers. We show experimentally that this approach is able to reduce with 91% the effect of an exhaustion attack, increasing the device's lifetime from less than 0.24 years to 2.6 years. The experiments were conducted using Loadsensing sensor nodes, commercially used for critical infrastructure control and monitoring. Even if exemplified on LoRaWAN, the use of preamble authentication is extensible to any wireless protocol. The use of packet fragmentation despite the packet fits the frame, is shown to reduce the probability of collisions while the number of users in the duty-cycle restricted network increases. Using custom-made Matlab simulations, important goodput improvement was obtained with fragmentation, with higher impact in slower and denser networks. Using NS3 simulations, we showed that combining packet fragmentation with group NACK can increase the network reliability, while reducing the energy consumed for retransmissions, at the cost of adding small headers to each fragment. It is a strategy that proves to be effective in dense duty-cycle restricted networks only, where the headers overhead is negligible compared to the network traffic. As a chip level technique, we consider using radios for communication that do not use external frequency references such as crystal oscillators. This would enable having all sensor's elements on a single piece of silicon, rendering it even ten times more energy efficient due to the compactness of the chip. The immediate consequence is the loss of communication accuracy and ability to easily switch communication channels. In this sense, we propose a sequence of frequency synchronization algorithms and phases that have to be respected by a crystal-free device so that it can be able to join a network by finding the beacon channel, synthesize all communication channels and then maintain their accuracy against temperature change. The proposed algorithms need no additional network overhead, as they are using the existing network signaling. The evaluation is made in simulations and experimentally on a prototype implementation of an IEEE802.15.4 crystal-free radio. While in simulations we are able to change to another communication channel with very good frequency accuracy, the results obtained experimentally show an initial accuracy slightly above 40ppm, which will be later corrected by the chip to be below 40 ppm.El crecimiento significativo de la IoT está empujando al mercado hacia el desarrollo de dispositivos de bajo coste, de muy bajo consumo energético y con un fuerte enfoque en la miniaturización, para aplicaciones que requieran sensores corporales, monitoreo de salud personal y micro-robots. La investigación en el campo de la eficiencia energética en la IoT propone soluciones que van desde la optimización de la capa física hasta la capa de red. Este trabajo se centra en explorar nuevas técnicas para mejorar la eficiencia energética y la experiencia del usuario de las redes IoT. Dividimos las técnicas propuestas en técnicas de optimización de nivel de trama de red y chip, respectivamente. Si bien las técnicas de nivel de trama están destinadas a mejorar el rendimiento de las tecnologías de radio existentes, las técnicas de nivel de chip tienen como objetivo reemplazarlas por arquitecturas que no requieren de cristales. Las técnicas de nivel de trama desarrolladas en este trabajo son el uso de autenticación de preámbulos y fragmentación de paquetes, aconsejables para redes LPWAN, una tecnología que ofrece un menor consumo de energía por servicio prestado, pero es vulnerable frente a los ataques de agotamiento de energía y no escalan frente la densificación. El uso de preámbulos autenticados entre los sensores y las pasarelas de enlace se convierte en un mecanismo de defensa contra el agotamiento del batería previsto por los atacantes. Demostramos experimentalmente que este enfoque puede reducir con un 91% el efecto de un ataque de agotamiento, aumentando la vida útil del dispositivo de menos de 0.24 años a 2.6 años. Los experimentos se llevaron a cabo utilizando nodos sensores de detección de carga, utilizados comercialmente para el control y monitoreo de infrastructura crítica. Aunque la técnica se ejemplifica en el estándar LoRaWAN, el uso de autenticación de preámbulo es extensible a cualquier protocolo inalámbrico. En esta tesis se muestra también que el uso de la fragmentación de paquetes a pesar de que el paquete se ajuste a la trama, reduce la probabilidad de colisiones mientras aumenta el número de usuarios en una red con restricciones de ciclos de transmisión. Mediante el uso de simulaciones en Matlab, se obtiene una mejora importante en el rendimiento de la red con la fragmentación, con un mayor impacto en redes más lentas y densas. Usando simulaciones NS3, demostramos que combinar la fragmentación de paquetes con el NACK en grupo se puede aumentar la confiabilidad de la red, al tiempo que se reduce la energía consumida para las retransmisiones, a costa de agregar pequeños encabezados a cada fragmento. Como técnica de nivel de chip, consideramos el uso de radios para la comunicación que no usan referencias de frecuencia externas como los osciladores basados en un cristal. Esto permitiría tener todos los elementos del sensor en una sola pieza de silicio, lo que lo hace incluso diez veces más eficiente energéticamente debido a la integración del chip. La consecuencia inmediata, en el uso de osciladores digitales en vez de cristales, es la pérdida de precisión de la comunicación y la capacidad de cambiar fácilmente los canales de comunicación. En este sentido, proponemos una secuencia de algoritmos y fases de sincronización de frecuencia que deben ser respetados por un dispositivo sin cristales para que pueda unirse a una red al encontrar el canal de baliza, sintetizar todos los canales de comunicación y luego mantener su precisión contra el cambio de temperatura. Los algoritmos propuestos no necesitan una sobrecarga de red adicional, ya que están utilizando la señalización de red existente. La evaluación se realiza en simulaciones y experimentalmente en una implementación prototipo de una radio sin cristal IEEE802.15.4. Los resultados obtenidos experimentalmente muestran una precisión inicial ligeramente superior a 40 ppm, que luego será corregida por el chip para que sea inferior a 40 ppm.Postprint (published version

Security and Privacy for Modern Wireless Communication Systems

The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks

Internet of Things From Hype to Reality

The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions

Using smartphones to enable low-cost secure consumer IoT devices

This paper proposes a solution for low-cost consumer IoT devices to employ end-to-end security without requiring additional hardware. Manufacturers of consumer IoT devices often sacrifice security in favour of features, user-friendliness, time to market or cost, in order to stay ahead of their competitors. However, this is unwise, as demonstrated by recent hacks on consumer IoT devices. Low-cost embedded devices struggle to create suitable entropy for key generation; on the other hand, smartphones are both abundant and have multiple sources of entropy for strong key generation. The proposed architecture takes advantage of these properties and offloads key generation and transfer to the user's smartphone, removing the need for constrained IoT devices to perform public key infrastructure and generate symmetric keys. The authors implemented the design on a \$1 general-purpose microcontroller and then analysed the performance. The design allows all communication to and from the device to be encrypted while being simple to setup, low-cost and responsive without any additional manufacturing cost. The architecture presents a general solution, which could be implemented on any microcontroller. Since the architecture does not require any additional hardware, it can be retroactively applied to deployed devices through a firmware update