Applied Sciences (Aug 2021)

Testbed for LoRaWAN Security: Design and Validation through Man-in-the-Middle Attacks Study

  • Ondrej Pospisil,
  • Radek Fujdiak,
  • Konstantin Mikhaylov,
  • Henri Ruotsalainen,
  • Jiri Misurec

DOI
https://doi.org/10.3390/app11167642
Journal volume & issue
Vol. 11, no. 16
p. 7642

Abstract

Read online

The low-power wide-area (LPWA) technologies, which enable cost and energy-efficient wireless connectivity for massive deployments of autonomous machines, have enabled and boosted the development of many new Internet of things (IoT) applications; however, the security of LPWA technologies in general, and specifically those operating in the license-free frequency bands, have received somewhat limited attention so far. This paper focuses specifically on the security and privacy aspects of one of the most popular license-free-band LPWA technologies, which is named LoRaWAN. The paper’s key contributions are the details of the design and experimental validation of a security-focused testbed, based on the combination of software-defined radio (SDR) and GNU Radio software with a standalone LoRaWAN transceiver. By implementing the two practical man-in-the-middle attacks (i.e., the replay and bit-flipping attacks through intercepting the over-the-air activation procedure by an external to the network attacker device), we demonstrate that the developed testbed enables practical experiments for on-air security in real-life conditions. This makes the designed testbed perspective for validating the novel security solutions and approaches and draws attention to some of the relevant security challenges extant in LoRaWAN.

Keywords