Exploring the Security Vulnerabilities of LoRa

Aras, Emekcan; Ramachandran, Gowri Sankar; Lawrence, Piers W.; Hughes, Danny

doi:10.1109/cybconf.2017.7985777

Cited by 188 publications

(101 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…By abusing the coexistence issues described above, it is possible to jam LoRa messages using well timed malicious transmissions. Previous work on this topic [3] showed the long air-time of LoRa messages made this triggered jamming (as opposed to continuous) possible and effective. The setup described there jams any LoRa message broadcast on the frequency the jammer is listening to.…”

Section: Lora Jammingmentioning

confidence: 99%

See 1 more Smart Citation

Selective Jamming of LoRaWAN using Commodity Hardware

Aras

Small

Ramachandran

et al. 2017

Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services

Self Cite

View full text Add to dashboard Cite

Long range, low power networks are rapidly gaining acceptance in the Internet of Things (IoT) due to their ability to economically support long-range sensing and control applications while providing multi-year battery life. LoRa is a key example of this new class of network and is being deployed at large scale in several countries worldwide. As these networks move out of the lab and into the real world, they expose a large cyber-physical attack surface. Securing these networks is therefore both critical and urgent. This paper highlights security issues in LoRa and LoRaWAN that arise due to the choice of a robust but slow modulation type in the protocol. We exploit these issues to develop a suite of practical attacks based around selective jamming. These attacks are conducted and evaluated using commodity hardware. The paper concludes by suggesting a range of countermeasures that can be used to mitigate the attacks.Comment: Mobiquitous 2017, November 7-10, 2017, Melbourne, VIC, Australi

show abstract

Section: Lora Jammingmentioning

confidence: 99%

“…We tested this triggered jamming technique in our previous work [3]. For each SF, we sent 100 messages on the 868.1 MHz frequency and only 3 messages out of 600 (0.5%) reached the gateway when the triggered jammer was on.…”

Section: Triggered Jammingmentioning

confidence: 99%

Selective Jamming of LoRaWAN using Commodity Hardware

Aras

Small

Ramachandran

et al. 2017

Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services

Self Cite

View full text Add to dashboard Cite

show abstract

“…There are only a few studies address the LoRaWAN security [80,81]. Studies focus on the most important and the least secure stages of the LoRaWAN network protocol which is activation process [82].…”

Section: Securitymentioning

confidence: 99%

A Survey on LoRaWAN Architecture, Protocol and Technologies

et al. 2019

View full text Add to dashboard Cite

Internet of Things (IoT) expansion led the market to find alternative communication technologies since existing protocols are insufficient in terms of coverage, energy consumption to fit IoT needs. Low Power Wide Area Networks (LPWAN) emerged as an alternative cost-effective communication technology for the IoT market. LoRaWAN is an open LPWAN standard developed by LoRa Alliance and has key features i.e., low energy consumption, long-range communication, builtin security, GPS-free positioning. In this paper, we will introduce LoRaWAN technology, the state of art studies in the literature and provide open opportunities. Several LPWANs emerged on both licensed and unlicensed bands, LoRaWAN, Sigfox and, NB-IoT are widely deployed vital technologies [3].Sigfox is an ultra-narrow band network that is patented and operated by Sigfox. Sigfox occupies 100 Hz and operates at 433MHz, 868MHz and 915MHz frequencies depending on the geographical regions. Technology has strict constraints on the number of packets (140 per day) and the packet size (12 bytes) to be sent. Also, LoRaWAN has similar policies to prevent network congestion allowing channels to be available only %1 duty-cycle for EU 868MHz (See Section 2.4.7). NB-IoT is an ultra-narrow band technology developed by the 3GPP group which can be adopted on GSM and LTE networks. It occupies 200 MHz bandwidth and can reach up to 200 kbps data transmission speed. Compared to LoRaWAN, Sigfox and NB-IoT operated by global network operators which limit deployments of the private networks [4].An overview comparison of the three networks is shown in Table 1. When LPWAN characteristics are considered LoRaWAN becomes a strong candidate for both scientific and industrial uses cases.LoRa referrer to Long Range and a physical layer technology patented by Semtech [5].LoRaWAN is an open protocol proposed by the LoRa Alliance which enables the MAC layer for the network [6].In this study, we will introduce the technological aspects of LoRaWAN and the state of art studies fulfilled about LoRaWAN till today. LoRaWAN protocol was first released in 2015 and had a few minor revisions, the differences in the protocol has been highlighted in the relevant subsection. In the survey, we will introduce LoRaWAN in depth both technological aspects and the use cases of its different areas. We categorized literature studies as in Figure 1. Studies are classified as two main sections; network technology and the applications, each section has own sub-branches. The majority of the work is focused on the coverage tests and applicability of the technology for different fields from large scale smart city applications to personal tracking assets. However, there are still gaps in the literature where researchers can address these problems such as post-disaster communication, decentralized networks, network management, and Adaptive Data Rate.

show abstract

“…Especially, as discussed in [4], LoRaWAN has the best interference immunity characteristics among other LPWAN solutions (e.g., Sigfox). However, as mentioned in [27], novel jamming attacks, such as selective-jamming, can still be successful against LoRaWAN, and these will affect the availability of the network.…”

Section: Related Workmentioning

confidence: 99%

Security Risk Analysis of LoRaWAN and Future Directions

2018

View full text Add to dashboard Cite

LoRa (along with its upper layers definition-LoRaWAN) is one of the most promising Low Power Wide Area Network (LPWAN) technologies for implementing Internet of Things (IoT)-based applications. Although being a popular technology, several works in the literature have revealed vulnerabilities and risks regarding the security of LoRaWAN v1.0 (the official 1st specification draft). The LoRa-Alliance has built upon these findings and introduced several improvements in the security and architecture of LoRa. The result of these efforts resulted in LoRaWAN v1.1, released on 11 October 2017. This work aims at reviewing and clarifying the security aspects of LoRaWAN v1.1. By following ETSI guidelines, we provide a comprehensive Security Risk Analysis of the protocol and discuss several remedies to the security risks described. A threat catalog is presented, along with discussions and analysis in view of the scale, impact, and likelihood of each threat. To the best of the authors' knowledge, this work is one of the first of its kind, by providing a detailed security risk analysis related to the latest version of LoRaWAN. Our analysis highlights important practical threats, such as end-device physical capture, rogue gateway and self-replay, which require particular attention by developers and organizations implementing LoRa networks.

show abstract

Exploring the Security Vulnerabilities of LoRa

Cited by 188 publications

References 8 publications

Selective Jamming of LoRaWAN using Commodity Hardware

Selective Jamming of LoRaWAN using Commodity Hardware

A Survey on LoRaWAN Architecture, Protocol and Technologies

Security Risk Analysis of LoRaWAN and Future Directions

Contact Info

Product

Resources

About