Security Vulnerabilities in LoRaWAN

被引：74

作者：

Yang, Xueying ^{[1
]}

Karampatzakis, Evgenios ^{[2
]}

Doerr, Christian ^{[1
]}

Kuipers, Fernando ^{[1
]}

机构：

[1] Delft Univ Technol, NL-2628 CD Delft, Netherlands

[2] Brightsight, NL-2628 XJ Delft, Netherlands

来源：

2018 IEEE/ACM THIRD INTERNATIONAL CONFERENCE ON INTERNET-OF-THINGS DESIGN AND IMPLEMENTATION (IOTDI 2020) | 2018年

关键词：

LoRaWAN; security; replay attack; eavesdropping; bit flipping; ACK spoofing;

D O I：

10.1109/IoTDI.2018.00022

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

LoRaWAN is a MAC-layer protocol for long-range low-power communication. Since its release in 2015, it has experienced a rapid adoption in the field of Internet-of-Things (IoT). However, given that LoRaWAN is fairly novel, its level of security has not been thoroughly analyzed, which is the main objective of this paper. We highlight the security features present in LoRaWAN, namely activation methods, key management, cryptography, counter management, and message acknowledgement. Subsequently, we discover and analyze several vulnerabilities of LoRaWAN. In particular, we design and describe 5 attacks: (1) a replay attack that leads to a selective denial-of-service on individual IoT devices, (2) plaintext recovery, (3) malicious message modification, (4) falsification of delivery reports, and (5) a battery exhaustion attack. As a proof-of-concept, the attacks are implemented and executed in a controlled LoRaWAN environment. Finally, we discuss how these attacks can be mitigated or protected against.

引用

页码：129 / 140

页数：12

共 50 条

[41] Managing security vulnerabilities in a networked world
Rudd, A
McFarland, J
Olsen, S
JOURNAL OF DIGITAL IMAGING, 1998, 11 (03) : 216 - 218
[42] Vulnerabilities and storage security in Cloud Computing
Derfouf, Mostapha
Mimouni, Amina
Eleuldj, Mohsine
2015 INTERNATIONAL CONFERENCE ON CLOUD TECHNOLOGIES AND APPLICATIONS (CLOUDTECH 15), 2015, : 295 - 299
[43] Security Vulnerabilities in Children's Toys
Ahmed, Ali
Podhradsky, Ashley
AMCIS 2016 PROCEEDINGS, 2016,
[44] Software Metrics as Indicators of Security Vulnerabilities
Medeiros, Nadia
Ivaki, Naghmeh
Costa, Pedro
Vieira, Marco
2017 IEEE 28TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), 2017, : 216 - 227
[45] Introduction to Quantum Systems and Security Vulnerabilities
Astaburuaga, Ignacio
Sengupta, Shamik
2024 IEEE 21ST CONSUMER COMMUNICATIONS & NETWORKING CONFERENCE, CCNC, 2024, : 345 - 351
[46] Security Vulnerabilities in Ethereum Smart Contracts
Dika, Ardit
Nowostawski, Mariusz
IEEE 2018 INTERNATIONAL CONGRESS ON CYBERMATICS / 2018 IEEE CONFERENCES ON INTERNET OF THINGS, GREEN COMPUTING AND COMMUNICATIONS, CYBER, PHYSICAL AND SOCIAL COMPUTING, SMART DATA, BLOCKCHAIN, COMPUTER AND INFORMATION TECHNOLOGY, 2018, : 955 - 962
[47] On the Spectre and Meltdown Processor Security Vulnerabilities
Hill, Mark D.
Masters, Jon
Ranganathan, Parthasarathy
Turner, Paul
Hennessy, John L.
IEEE MICRO, 2019, 39 (02) : 9 - 19
[48] On Relating Code Smells to Security Vulnerabilities
Abu Elkhail, Abdulrahman
Cerny, Tomas
2019 IEEE 5TH INTL CONFERENCE ON BIG DATA SECURITY ON CLOUD (BIGDATASECURITY) / IEEE INTL CONFERENCE ON HIGH PERFORMANCE AND SMART COMPUTING (HPSC) / IEEE INTL CONFERENCE ON INTELLIGENT DATA AND SECURITY (IDS), 2019, : 7 - 12
[49] The Research on Software Security Vulnerabilities Mining
Liu Shuyu
Kong Weiguang
Yang Diwei
PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON TECHNOLOGY MANAGEMENT AND INNOVATION (TMI 2010), 2010, : 333 - 335
[50] Security Vulnerabilities on Implantable Medical Devices
Longras, Ana
Oliveira, Henrique
Paiva, Sara
2020 15TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI'2020), 2020,

← 1 2 3 4 5 →