The LoRaWAN standard comes from a Low Power Wide Area Network (LPWAN) technology suitable for developing Internet of Things (IoT) systems that are poised to disrupt the semiconductor industry. Even as a widespread technology used for diverse applications, security issues of long range (LoRa) networks and devices still remain a major challenge. Although the LoRa-Alliance enhanced the security and the network architecture of LoRaWAN from version 1.0 to version 1.1, the last version still faces some drawbacks such as being vulnerable to attacks. Some works in the literature have assessed LoRaWAN (v1.0 and v1.1) security risks and vulnerabilities. Moreover, all these specifications must coexist with each other, which makes compatibility an important factor in ensuring the sustainability of this technology. It is for this reason that we study the vulnerability of the LoRaWAN protocol in the context of compatibility. Hence, We consider four compatibility scenarios and possible cyber-attacks when connecting devices from the two mentioned versions. In this paper, we analyze the LoRaWAN architectures and then discuss the basic security concepts related to the compatibility scenarios between homogeneous or heterogeneous systems integrating the two LoRaWAN versions. After that, we investigate and then identify the potential security risks and network vulnerabilities in LoRaWAN technology. We establish a catalog of vulnerabilities for LoRaWAN on a methodological framework. The catalog contains 5 vulnerabilities related to LoRaWAN v1.0.x and v1.1 and 7 vulnerabilities related to LoRaWAN v1.0.x. After that, we check if these vulnerabilities could be applied to the compatibility scenarios. We observe that the majority of vulnerabilities mitigated in LoRaWAN v1.1 remain present in the compatibility scenarios.INDEX TERMS Internet of Things, Threats, LPWAN, LoRa, Risk assessment, Vulnerability.
I. INTRODUCTIONT HE main goal of the Internet of Things (IoT), which is no mean feat of semiconductor engineering, is to connect a large number of physical objects (sensors, actuators, devices, etc.) deployed in the physical world within the cyber world for control and monitoring objectives via heterogeneous networks (providing short and long range connectivity). Actually, the cost reduction of sensors, IoT devices connectivity,intelligent microchip technologies as well as the increased computing power of the embedded devices, boost the development of IoT systems and their deployment for several applications [1]. Connected physical objects become smart by exploiting IoT technologies: ubiquitous and pervasive computing, embedded devices, communication technologies, sensors networks, Internet protocols, and advanced services [2]. Many researchers have focused on various communication technologies for massive IoT systems. According to [3], the connectivity requirements for massive IoT can be divided into three categories: technical, commercial, and ecosystem. The technical category looks at the coverage, battery efficiency, latency, and throug...