IEEE Access (Jan 2023)
Mitigating Cyber Attacks in LoRaWAN via Lightweight Secure Key Management Scheme
Abstract
Owing to the geographically scattered end devices (EDs) in long-range wide area networks (LoRaWAN), devices that combat challenging cyber threats and attacks are of critical significance. In this perspective, LoRa Alliance® is continuously evolving the security of LoRaWAN and recently introduced a new version i.e., LoRaWAN 1.1x that is featured with security improvement. However, the wireless nature of LoRaWAN implementation still leaves it vulnerable to security breaches that compromise its integrity. Several problems have been pinpointed in the newer version such as one issue with key distribution in LoRaWAN 1.1 is that the keys are often pre-installed on the devices at the time of manufacturing. It can introduce security risks if the keys are not adequately protected or if the devices are compromised before they are deployed. In other words, the pre-installed keys may not be updated regularly, which can also introduce security risks. Thus, the keys need to be handled securely to maintain the security of the network and the over-the-air firmware updates feature could introduce new security challenges for the key distribution. This paper presents a key generation and distribution (KGD) mechanism that securely exchanges the root key between the ED and the application server (AS). The KGD protocol provides authentication by integrating Advanced Encryption Standard (AES-128) in addition to a secure hash function known as Argon2. The proposed protocol utilizes Elliptic-Curve Diffie-Hellman (ECDH) key exchange method that makes the protocol resilient to cyber threats. The ECDH algorithm exchanges the keys on the insecure channels and is, therefore, vulnerable to Man-in-the-Middle (MITM) attacks in the network. Therefore, to validate the key agreement and avoid adversaries, the KGD protocol considers the Elliptic Curve Digital Signature Algorithm (ECDSA) that authenticates and allows legitimate instances in the network. In last, a formal security analysis using the Scyther tool validates the security enhancement of the KGD protocol.
Keywords