Testbed for LoRaWAN Security: Design and Validation through Man-in-the-Middle Attacks Study

Pospíšil, Ondřej; Fujdiak, Radek; Mikhaylov, Konstantin; Ruotsalainen, Henri; Misurec, Jiri

doi:10.3390/app11167642

Cited by 12 publications

(5 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These discoveries led the authors to suggest amendments to the Lo-RaWAN specification to mitigate such attacks. Another framework [21] merges standalone LoRaWAN transceivers with software-defined radio (SDR) and GNU Radio, enabling them to simulate a man-in-the-middle attack.…”

Section: Related Workmentioning

confidence: 99%

Leveraging Larger AES Keys in LoRaWAN: A Practical Evaluation of Energy and Time Costs

Thaenkaew,

Quoitin,

Meddahi

2023

Sensors

View full text Add to dashboard Cite

Internet of Things (IoT) devices increasingly contribute to critical infrastructures, necessitating robust security measures. LoRaWAN, a low-power IoT network, employs the Advanced Encryption Standard (AES) with a 128-bit key for encryption and integrity, balancing efficiency and security. As computational capabilities of devices advance and recommendations for stronger encryption, such as AES-256, emerge, the implications of using longer AES keys (192 and 256 bits) on LoRaWAN devices’ energy consumption and processing time become crucial. Despite the significance of the topic, there is a lack of research on the implications of using larger AES keys in real-world LoRaWAN settings. To address this gap, we perform extensive tests in a real-world LoRaWAN environment, modifying the source code of both a LoRaWAN end device and open-source server stack to incorporate larger AES keys. Our results show that, while larger AES keys increase both energy consumption and processing time, these increments are minimal compared to the time on air. Specifically, for the maximum payload size we used, when comparing AES-256 to AES-128, the additional computational time and energy are, respectively, 750 ms and 236 μJ. However, in terms of time on air costs, these increases represent just 0.2% and 0.13%, respectively. Our observations confirm our intuition that the increased costs correlate to the number of rounds of AES computation. Moreover, we formulate a mathematical model to predict the impact of longer AES keys on processing time, which further supports our empirical findings. These results suggest that implementing longer AES keys in LoRaWAN is a practical solution enhancing its security strength while not significantly impacting energy consumption or processing time.

show abstract

Section: Related Workmentioning

confidence: 99%

Leveraging Larger AES Keys in LoRaWAN: A Practical Evaluation of Energy and Time Costs

Thaenkaew,

Quoitin,

Meddahi

2023

Sensors

View full text Add to dashboard Cite

show abstract

“…This complex approach provides scalability, rented access data gateway networking, optimal coverage, better network security and better data rates, where blockchain reinforces the architecture's decentralized behaviour [29]. Test stands are being built for the experimental validation and security of such networks [30]. Using static keys (as most encryption software does) to authenticate and encrypt the node is not as secure as session keys in LoRaWAN, work is underway on a centralized lightweight session key mechanism for Blom-Yang (BYka) key agreement standards [31].…”

Section: Solutionsmentioning

confidence: 99%

Analysis of Cyber Security Aspects of Data Transmission in Large-Scale Networks Based on the LoRaWAN Protocol Intended for Monitoring Critical Infrastructure Sensors

Czeczot,

Rojek,

Mikołajewski

2023

Electronics

View full text Add to dashboard Cite

Cyber security is nowadays synonymous with the reliability of elements connected to the internet. Better control of factories, security systems or even individual sensors is possible through the use of Internet of Things technology. The security of the aforementioned structures and the data they transmit has been a major concern in the development of IoT solutions for wireless data transmission. If we add to this prospect of low-cost end devices, we can seriously consider implementing such solutions in critical infrastructure areas. This article aims to assess the state of the art and experience and identify the main risks and directions for further development in order to improve the cyber security situation of LoRaWAN-based networks. LoRaWAN meets the three key requirements of IoT applications (low cost, large-scale deployability, high energy efficiency) through an open standard and the construction of autonomous networks without third-party infrastructure. However, many research issues remain to be solved/improved such as resource allocation, link coordination, transmission reliability, performance and, above all, security. Thus, we have defined a research gap in the area of LoRaWAN security. The contribution of this work is to structure the knowledge in the field of LoRaWAN security, based on previous publications and our own experience, in order to identify challenges and their potential solutions. This will help move LoRaWAN security research to the next stage.

show abstract

“… Man-in-the-Middle: Figure 2 shows a diagram of Man-In-the-Middle (MITM) attacks. MITM attackers secretly relay and manipulate the communication between two IoT systems, the remote devices, and eavesdrop the private communications among the parties [ 49 , 50 ]. Privacy leakage: Data protection and privacy should be a priority in IoT system communication.…”

Section: Iot System and Security Issuesmentioning

confidence: 99%

Intrusion Detection in Internet of Things Systems: A Review on Design Approaches Leveraging Multi-Access Edge Computing, Machine Learning, and Datasets

Gyamfi

Jurcut

2022

Sensors

View full text Add to dashboard Cite

The explosive growth of the Internet of Things (IoT) applications has imposed a dramatic increase of network data and placed a high computation complexity across various connected devices. The IoT devices capture valuable information, which allows the industries or individual users to make critical live dependent decisions. Most of these IoT devices have resource constraints such as low CPU, limited memory, and low energy storage. Hence, these devices are vulnerable to cyber-attacks due to the lack of capacity to run existing general-purpose security software. It creates an inherent risk in IoT networks. The multi-access edge computing (MEC) platform has emerged to mitigate these constraints by relocating complex computing tasks from the IoT devices to the edge. Most of the existing related works are focusing on finding the optimized security solutions to protect the IoT devices. We believe distributed solutions leveraging MEC should draw more attention. This paper presents a comprehensive review of state-of-the-art network intrusion detection systems (NIDS) and security practices for IoT networks. We have analyzed the approaches based on MEC platforms and utilizing machine learning (ML) techniques. The paper also performs a comparative analysis on the public available datasets, evaluation metrics, and deployment strategies employed in the NIDS design. Finally, we propose an NIDS framework for IoT networks leveraging MEC.

show abstract

Testbed for LoRaWAN Security: Design and Validation through Man-in-the-Middle Attacks Study

Cited by 12 publications

References 26 publications

Leveraging Larger AES Keys in LoRaWAN: A Practical Evaluation of Energy and Time Costs

Leveraging Larger AES Keys in LoRaWAN: A Practical Evaluation of Energy and Time Costs

Analysis of Cyber Security Aspects of Data Transmission in Large-Scale Networks Based on the LoRaWAN Protocol Intended for Monitoring Critical Infrastructure Sensors

Intrusion Detection in Internet of Things Systems: A Review on Design Approaches Leveraging Multi-Access Edge Computing, Machine Learning, and Datasets

Contact Info

Product

Resources

About