Mitigating Cyber Attacks in LoRaWAN via Lightweight Secure Key Management Scheme

Junaid Qadir; Ismail Butun; Paolo Gastaldo; Orazio Aiello; Daniele D. Caviglia

doi:10.1109/ACCESS.2023.3291420

IEEE Access (Jan 2023)

Mitigating Cyber Attacks in LoRaWAN via Lightweight Secure Key Management Scheme

Junaid Qadir,
Ismail Butun,
Paolo Gastaldo,
Orazio Aiello,
Daniele D. Caviglia

Affiliations

Junaid Qadir: ORCiD; Division of Network and Systems Engineering, School of Electrical Engineering and Computer Science, KTH Royal Institute of Technology, Stockholm, Sweden
Ismail Butun: ORCiD; Division of Network and Systems Engineering, School of Electrical Engineering and Computer Science, KTH Royal Institute of Technology, Stockholm, Sweden
Paolo Gastaldo: ORCiD; Department of Electrical, Electronic and Telecommunications Engineering and Naval Architecture (DITEN), University of Genoa, Genoa, Italy
Orazio Aiello: Department of Electrical, Electronic and Telecommunications Engineering and Naval Architecture (DITEN), University of Genoa, Genoa, Italy
Daniele D. Caviglia: ORCiD; Department of Electrical, Electronic and Telecommunications Engineering and Naval Architecture (DITEN), University of Genoa, Genoa, Italy

DOI: https://doi.org/10.1109/ACCESS.2023.3291420
Journal volume & issue: Vol. 11
pp. 68301 – 68315

Abstract

Read online

Owing to the geographically scattered end devices (EDs) in long-range wide area networks (LoRaWAN), devices that combat challenging cyber threats and attacks are of critical significance. In this perspective, LoRa Alliance® is continuously evolving the security of LoRaWAN and recently introduced a new version i.e., LoRaWAN 1.1x that is featured with security improvement. However, the wireless nature of LoRaWAN implementation still leaves it vulnerable to security breaches that compromise its integrity. Several problems have been pinpointed in the newer version such as one issue with key distribution in LoRaWAN 1.1 is that the keys are often pre-installed on the devices at the time of manufacturing. It can introduce security risks if the keys are not adequately protected or if the devices are compromised before they are deployed. In other words, the pre-installed keys may not be updated regularly, which can also introduce security risks. Thus, the keys need to be handled securely to maintain the security of the network and the over-the-air firmware updates feature could introduce new security challenges for the key distribution. This paper presents a key generation and distribution (KGD) mechanism that securely exchanges the root key between the ED and the application server (AS). The KGD protocol provides authentication by integrating Advanced Encryption Standard (AES-128) in addition to a secure hash function known as Argon2. The proposed protocol utilizes Elliptic-Curve Diffie-Hellman (ECDH) key exchange method that makes the protocol resilient to cyber threats. The ECDH algorithm exchanges the keys on the insecure channels and is, therefore, vulnerable to Man-in-the-Middle (MITM) attacks in the network. Therefore, to validate the key agreement and avoid adversaries, the KGD protocol considers the Elliptic Curve Digital Signature Algorithm (ECDSA) that authenticates and allows legitimate instances in the network. In last, a formal security analysis using the Scyther tool validates the security enhancement of the KGD protocol.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords