Testbed for LoRaWAN Security: Design and Validation through Man-in-the-Middle Attacks Study

Testbed for LoRaWAN Security: Design and Validation through Man-in-the-Middle Attacks Study

Článek WoS

The low-power wide-area (LPWA) technologies, which enable cost and energy-efficient wireless connectivity for massive deployments of autonomous machines, have enabled and boosted the development of many new Internet of things (IoT) applications; however, the security of LPWA technologies in general, and specifically those operating in the license-free frequency bands, have received somewhat limited attention so far. This paper focuses specifically on the security and privacy aspects of one of the most popular license-free-band LPWA technologies, which is named LoRaWAN. The paper's key contributions are the details of the design and experimental validation of a security-focused testbed, based on the combination of software-defined radio (SDR) and GNU Radio software with a standalone LoRaWAN transceiver. By implementing the two practical man-in-the-middle attacks (i.e., the replay and bit-flipping attacks through intercepting the over-the-air activation procedure by an external to the network attacker device), we demonstrate that the developed testbed enables practical experiments for on-air security in real-life conditions. This makes the designed testbed perspective for validating the novel security solutions and approaches and draws attention to some of the relevant security challenges extant in LoRaWAN.

The low-power wide-area (LPWA) technologies, which enable cost and energy-efficient wireless connectivity for massive deployments of autonomous machines, have enabled and boosted the development of many new Internet of things (IoT) applications; however, the security of LPWA technologies in general, and specifically those operating in the license-free frequency bands, have received somewhat limited attention so far. This paper focuses specifically on the security and privacy aspects of one of the most popular license-free-band LPWA technologies, which is named LoRaWAN. The paper's key contributions are the details of the design and experimental validation of a security-focused testbed, based on the combination of software-defined radio (SDR) and GNU Radio software with a standalone LoRaWAN transceiver. By implementing the two practical man-in-the-middle attacks (i.e., the replay and bit-flipping attacks through intercepting the over-the-air activation procedure by an external to the network attacker device), we demonstrate that the developed testbed enables practical experiments for on-air security in real-life conditions. This makes the designed testbed perspective for validating the novel security solutions and approaches and draws attention to some of the relevant security challenges extant in LoRaWAN.

LoRa; LoRaWAN; security; encryption; testbed; SDR; IoT; LPWAN

LoRa; LoRaWAN; security; encryption; testbed; SDR; IoT; LPWAN

POSPÍŠIL, O.; FUJDIAK, R.; MIKHAYLOV, K.; RUOTSALAINEN, H.; MIŠUREC, J.

2022

20.08.2021

MDPI

BASEL

2076-3417

Applied Sciences-Basel

11

16

Švýcarská konfederace

1

17

17

https://www.mdpi.com/2076-3417/11/16/7642/htm

http://hdl.handle.net/11012/201486

applsci-11-07642