Testbed for LoRaWAN Security: Design and Validation through Man-in-the-Middle Attacks Study

journal article in Web of Science

English

The low-power wide-area (LPWA) technologies, which enable cost and energy-efficient wireless connectivity for massive deployments of autonomous machines, have enabled and boosted the development of many new Internet of things (IoT) applications; however, the security of LPWA technologies in general, and specifically those operating in the license-free frequency bands, have received somewhat limited attention so far. This paper focuses specifically on the security and privacy aspects of one of the most popular license-free-band LPWA technologies, which is named LoRaWAN. The paper's key contributions are the details of the design and experimental validation of a security-focused testbed, based on the combination of software-defined radio (SDR) and GNU Radio software with a standalone LoRaWAN transceiver. By implementing the two practical man-in-the-middle attacks (i.e., the replay and bit-flipping attacks through intercepting the over-the-air activation procedure by an external to the network attacker device), we demonstrate that the developed testbed enables practical experiments for on-air security in real-life conditions. This makes the designed testbed perspective for validating the novel security solutions and approaches and draws attention to some of the relevant security challenges extant in LoRaWAN.

LoRa; LoRaWAN; security; encryption; testbed; SDR; IoT; LPWAN

POSPÍŠIL, O.; FUJDIAK, R.; MIKHAYLOV, K.; RUOTSALAINEN, H.; MIŠUREC, J.

20. 8. 2021

MDPI

BASEL

2076-3417

Applied Sciences - Basel

11

16

Swiss Confederation

1

17

17

https://www.mdpi.com/2076-3417/11/16/7642/htm

http://hdl.handle.net/11012/201486