Security Vulnerabilities in LoRaWAN

Conference paper (2018)

Authors

Xueying Yang

Evgenios Karampatzakis

C. Dörr

F.A. Kuipers Embedded Systems -

Research Group

Embedded Systems () (TU Delft)

DOI: https://doi.org/10.1109/IoTDI.2018.00022

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:b1bcff30-612c-4364-8d87-99edf23f7904

Published Date

19-04-2018

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Department

Software Technology

Research Group

Embedded Systems

Abstract

LoRaWAN is a MAC-layer protocol for long-range low-power communication. Since its release in 2015, it has experienced a rapid adoption in the field of Internet-of-Things (IoT). However, given that LoRaWAN is fairly novel, its level of security has not been thoroughly analyzed, which is the main objective of this paper. We highlight the security features present in LoRaWAN, namely activation methods, key management, cryptography, counter management, and message acknowledgement. Subsequently, we discover and analyze several vulnerabilities of LoRaWAN. In particular, we design and describe 5 attacks: (1) a replay attack that leads to a selective denial-of-service on individual IoT devices, (2) plaintext recovery, (3) malicious message modification, (4) falsification of delivery reports, and (5) a battery exhaustion attack. As a proof-of-concept, the attacks are implemented and executed in a controlled LoRaWAN environment. Finally, we discuss how these attacks can be mitigated or protected against.

Files

IoTDI2018.pdf

(.pdf | 1.03 Mb)