IoT Security Vulnerabilities and Predictive Signal Jamming Attack Analysis in LoRaWAN

Internet of Things (IoT) gains popularity in recent times due to its flexibility, usability, diverse applicability and ease of deployment. However, the issues related to security is less explored. The IoT devices are light weight in nature and have low computation power, low battery life and low memory. As incorporating security features are resource expensive, IoT devices are often found to be less protected and in recent times, more IoT devices have been routinely attacked due to high profile security flaws. This paper aims to explore the security vulnerabilities of IoT devices particularly that use Low Power Wide Area Networks (LPWANs). In this work, LoRaWAN based IoT security vulnerabilities are scrutinised and loopholes are identified. An attack was designed and simulated with the use of a predictive model of the device data generation. The paper demonstrated that by predicting the data generation model, jamming attack can be carried out to block devices from sending data successfully. This research will aid in the continual development of any necessary countermeasures and mitigations for LoRaWAN and LPWAN functionality of IoT networks in general

Development and Testing of a Real-Time LoRawan Sniffer Based on GNU-Radio

En este documento se muestran las vulnerabilidades presentes en una red de sensores inalámbricas implementada sobre una red de área amplia de largo alcance (LoRaWAN por sus siglas en inglés) LoRaWAN y se identifican los posibles ataques que se podrían realizar a la red usando sniffing y/o replay. Los ataques a la red se realizaron implementando un analizador de protocolos (Sniffer) para capturar los paquetes. El Sniffer se implementó utilizando el hardware RTL2832U y se visualizó en Wireshark, a través de GNU-Radio. Las pruebas mostraron que se pueden amenazar la disponibilidad y confidencialidad de los datos a través de ataques de replay con verificación en el LoRa server utilizando hardware HackRF One y GNU-Radio. Aunque la especificación LoRaWAN tiene contadores para evitar ataques de replay, bajo condiciones adecuadas se lograría vulnerar la red llegando a realizar la denegación del servicio del nodo en el servidor.This paper shows the vulnerabilities present in a wireless sensor network implemented over a long-range wide area network (LoRaWAN) LoRaWAN, and identifies possible attacks that could be made to the network using sniffing and/or replay. Attacks on the network were performed by implementing a protocol analyzer (Sniffer) to capture packets. The Sniffer was implemented using the RTL2832U hardware and visualized in Wireshark, through GNU-Radio. Tests showed that data availability and confidentiality could be threatened through replay attacks with LoRa server verification using HackRF One and GNU-Radio hardware. Although the LoRaWAN specification has, frame counters to avoid replay attacks, under given the right conditions, this measure could be violated even deny service to the node on the server

LoRaWAN AS PART OF A SMART CITY STRATEGY

The LoRaWAN technology is repeatedly mentioned in connection with smart city initiatives, as it moves in the field of connectivity and IoT environment. This paper examines the role of LoRaWAN in smart city strategy and what vulnerabilities are known in the project using LoRaWAN. With help of a concrete use case of the city of Pforzheim (Germany), a SWOT model is set up and tested with experts. From this it can be deduced that the LoRaWAN technology is currently undergoing an interesting development but also has to overcome any hurdles in the urban environment

Selective Jamming of LoRaWAN using Commodity Hardware

Long range, low power networks are rapidly gaining acceptance in the Internet of Things (IoT) due to their ability to economically support long-range sensing and control applications while providing multi-year battery life. LoRa is a key example of this new class of network and is being deployed at large scale in several countries worldwide. As these networks move out of the lab and into the real world, they expose a large cyber-physical attack surface. Securing these networks is therefore both critical and urgent. This paper highlights security issues in LoRa and LoRaWAN that arise due to the choice of a robust but slow modulation type in the protocol. We exploit these issues to develop a suite of practical attacks based around selective jamming. These attacks are conducted and evaluated using commodity hardware. The paper concludes by suggesting a range of countermeasures that can be used to mitigate the attacks.Comment: Mobiquitous 2017, November 7-10, 2017, Melbourne, VIC, Australi

Analysis of vulnerabilities in low-power wide-area networks by example of the LoRaWan

The increasing number of automated systems using the global network for management has led to the need to search for new technologies for transmitting data from various sensors over long distances with minimal energy consumption. Today, there are several similar technologies on the market that claim to be the world standard in the concept of the Internet of things, but none of them has yet been studied in detail from the point of view of security. This article is devoted to the analysis of one of the most common protocols in order to identify potential vulnerabilities

ChirpOTLE: A Framework for Practical LoRaWAN Security Evaluation

Low-power wide-area networks (LPWANs) are becoming an integral part of the Internet of Things. As a consequence, businesses, administration, and, subsequently, society itself depend on the reliability and availability of these communication networks. Released in 2015, LoRaWAN gained popularity and attracted the focus of security research, revealing a number of vulnerabilities. This lead to the revised LoRaWAN 1.1 specification in late 2017. Most of previous work focused on simulation and theoretical approaches. Interoperability and the variety of implementations complicate the risk assessment for a specific LoRaWAN network. In this paper, we address these issues by introducing ChirpOTLE, a LoRa and LoRaWAN security evaluation framework suitable for rapid iteration and testing of attacks in testbeds and assessing the security of real-world networks.We demonstrate the potential of our framework by verifying the applicability of a novel denial-of-service attack targeting the adaptive data rate mechanism in a testbed using common off-the-shelf hardware. Furthermore, we show the feasibility of the Class B beacon spoofing attack, which has not been demonstrated in practice before.Comment: 11 pages, 14 figures, accepted at ACM WiSec 2020 (13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

LoRaWAN device security and energy optimization

Resource-constrained devices are commonly connected to a network and become things that make up the Internet of Things (IoT). Many industries are interested in cost-effective, reliable, and cyber secure sensor networks due to the ever-increasing connectivity and benefits of IoT devices. The full advantages of IoT devices are seen in a long-range and remote context. However, current IoT platforms show many obstacles to achieve a balance between power efficiency and cybersecurity. Battery-powered sensor nodes can reliably send data over long distances with minimal power draw by adopting Long-Range (LoRa) wireless radio frequency technology. With LoRa, these devices can stay active for many years due to a low data bit rate and low power draw during device sleep states. An improvement built on top of LoRa wireless technology, Long-Range Wide Area Networks (LoRaWAN), introduces integrity and confidentiality of the data sent within the IoT network. Although data sent from a LoRaWAN device is encrypted, protocol and implementation vulnerabilities still exist within the network, resulting in security risks to the whole system. In this research, solutions to these vulnerabilities are proposed and implemented on a LoRaWAN testbed environment that contains devices, gateways, and servers. Configurations that involve the transmission of data using AES Round Reduction, Join Scheduling, and Metadata Hiding are proposed in this work. A power consumption analysis is performed on the implemented configurations, resulting in a LoRaWAN system that balances cybersecurity and battery life. The resulting configurations may be harnessed for usage in the safe, secure, and efficient provisioning of LoRaWAN devices in technologies such as Smart-Industry, Smart-Environment, Smart-Agriculture, Smart-Universities, Smart-Cities, et