IoT Security Vulnerabilities and Predictive Signal Jamming Attack Analysis in LoRaWAN

Internet of Things (IoT) gains popularity in recent times due to its flexibility, usability, diverse applicability and ease of deployment. However, the issues related to security is less explored. The IoT devices are light weight in nature and have low computation power, low battery life and low memory. As incorporating security features are resource expensive, IoT devices are often found to be less protected and in recent times, more IoT devices have been routinely attacked due to high profile security flaws. This paper aims to explore the security vulnerabilities of IoT devices particularly that use Low Power Wide Area Networks (LPWANs). In this work, LoRaWAN based IoT security vulnerabilities are scrutinised and loopholes are identified. An attack was designed and simulated with the use of a predictive model of the device data generation. The paper demonstrated that by predicting the data generation model, jamming attack can be carried out to block devices from sending data successfully. This research will aid in the continual development of any necessary countermeasures and mitigations for LoRaWAN and LPWAN functionality of IoT networks in general

LoRaWAN device security and energy optimization

Resource-constrained devices are commonly connected to a network and become things that make up the Internet of Things (IoT). Many industries are interested in cost-effective, reliable, and cyber secure sensor networks due to the ever-increasing connectivity and benefits of IoT devices. The full advantages of IoT devices are seen in a long-range and remote context. However, current IoT platforms show many obstacles to achieve a balance between power efficiency and cybersecurity. Battery-powered sensor nodes can reliably send data over long distances with minimal power draw by adopting Long-Range (LoRa) wireless radio frequency technology. With LoRa, these devices can stay active for many years due to a low data bit rate and low power draw during device sleep states. An improvement built on top of LoRa wireless technology, Long-Range Wide Area Networks (LoRaWAN), introduces integrity and confidentiality of the data sent within the IoT network. Although data sent from a LoRaWAN device is encrypted, protocol and implementation vulnerabilities still exist within the network, resulting in security risks to the whole system. In this research, solutions to these vulnerabilities are proposed and implemented on a LoRaWAN testbed environment that contains devices, gateways, and servers. Configurations that involve the transmission of data using AES Round Reduction, Join Scheduling, and Metadata Hiding are proposed in this work. A power consumption analysis is performed on the implemented configurations, resulting in a LoRaWAN system that balances cybersecurity and battery life. The resulting configurations may be harnessed for usage in the safe, secure, and efficient provisioning of LoRaWAN devices in technologies such as Smart-Industry, Smart-Environment, Smart-Agriculture, Smart-Universities, Smart-Cities, et

Digital Signature Method to Overcome Sniffing Attacks on LoRaWAN Network

LoRa or Long Range with LoRaWAN technology is a protocol for low-power wireless networks. The absence of an encryption process on the data payload becomes a challenge for the LoRaWAN network. When the process of sending messages is running inter devices, sniffing might occur, thereby reducing the confidentiality aspect of the data communication process. This paper optimized the digital signature method to secure messages sent by LoRaWAN network devices, along with Advanced Encryption Standard (AES) algorithm and Ed25519 algorithm. AES was used for message encryption, while Ed25519 was used for signature purposes. The aim of applying digital signatures in this paper was to verify that the payload data sent was original and not changed during the transmission process and to ensure data confidentiality. The addition of security mechanisms to the LoRaWAN network, such as the process of encryption, decryption, and verification results, has caused some overheads. The overhead caused by the usage of a digital signature is also analyzed to ensure that the digital signature is feasible to be implemented in LoRa devices. Based on the experimental results, it was found that there was an increase in the size of memory usage and some additional processing delay during the deployment of digital signatures for LoRa devices. The overall overhead caused by implementing digital signatures on the LoRa devices was relatively low, making it possible to implement it on the LoRa network widely

Enhancing Cyber Security of LoRaWAN Gateways under Adversarial Attacks

The Internet of Things (IoT) has disrupted the IT landscape drastically, and Long Range Wide Area Network (LoRaWAN) is one specification that enables these IoT devices to have access to the Internet. Former security analyses have suggested that the gateways in LoRaWAN in their current state are susceptible to a wide variety of malicious attacks, which can be notoriously difficult to mitigate since gateways are seen as obedient relays by design. These attacks, if not addressed, can cause malfunctions and loss of efficiency in the network traffic. As a solution to this unique problem, this paper presents a novel certificate authentication technique that enhances the cyber security of gateways in the LoRaWAN network. The proposed technique considers a public key infrastructure (PKI) solution that considers a two-tier certificate authority (CA) setup, such as a root-CA and intermediate-CA. This solution is promising, as the simulation results validate that about 66.67% of the packets that are arriving from an illegitimate gateway (GW) are discarded in our implemented secure and reliable solution

Enhancing Cyber Security of LoRaWAN Gateways under Adversarial Attacks

The Internet of Things (IoT) has disrupted the IT landscape drastically, and Long Range Wide Area Network (LoRaWAN) is one specification that enables these IoT devices to have access to the Internet. Former security analyses have suggested that the gateways in LoRaWAN in their current state are susceptible to a wide variety of malicious attacks, which can be notoriously difficult to mitigate since gateways are seen as obedient relays by design. These attacks, if not addressed, can cause malfunctions and loss of efficiency in the network traffic. As a solution to this unique problem, this paper presents a novel certificate authentication technique that enhances the cyber security of gateways in the LoRaWAN network. The proposed technique considers a public key infrastructure (PKI) solution that considers a two-tier certificate authority (CA) setup, such as a root-CA and intermediate-CA. This solution is promising, as the simulation results validate that about 66.67% of the packets that are arriving from an illegitimate gateway (GW) are discarded in our implemented secure and reliable solution

Challenges of LoRaWAN technology in smart city solutions

A number of technological application factors can be highlighted in smart city solutions, where small data transmission and long range are of primary considerations. These include monitoring energy consumption, operating a smart waste management system, monitoring and tracking traffic, having smart parking systems, monitoring public lighting, and even detecting various malfunctions. Such smart city systems use IoT technology for data collection. An essential aspect of urban solutions is to ensure the coverage of large areas, both outdoors and indoors, low energy consumption, as well as modularity and mobility. LPWAN technologies can meet these conditions. LPWAN technologies include LTE-M, NB-IoT, LoRaWAN, and Sigfox. Using LoRaWAN technology can be the right solution for these cases. As with any application, it is crucial to clarify the challenges of the application with LoRaWAN. The present study addresses the categorization of LoRaWAN devices and the challenges of technology in smart city solutions. LoRaWAN products used in smart city solutions can be grouped according to several aspects. This article deals with the creation of classifications that facilitate further testing. Smart city application challenge studies are applied to the specified categories. The challenges of the solutions cover several areas. These include technological aspects, aspects of specifications, and aspects of the nature of the application. Another area represents the information security aspects; which is, however, not addressed by this invention. Based on these aspects, the article describes the challenges of LoRaWAN technology in smart cities