Review of LoRaWAN security framework
Introduction
The field of Internet of Things (IoT) is developing tremendously and hence an increased demand for better security (Conklin et al.,2018). LoRa is among the top most ranked Low Power Wide Area Network (LPWAN) technology that is used to facilitate Internet of Things (IoT)-based applications. LoRa is a short form that stands for Long Range. This technology is built on the spread spectrum modulation method. Its main aim of LoRa Alliance is to reduce natural sources, regulate pollution, improve infrastructure efficiency, prevent disaster, manage energy and other goals (Roland et al.,2019). LoRaWAN is among the protocols that describe the higher layer of the network. LoRaWAN is actually based on cloud Media Access Control (MAC) layer protocol but it is primarily used to manage communication between the LPWAN gateways and nodes acting as protocols for routing (Alliance, 2015). The architecture of LoRaWAN network is normally deployed using the star topology. Gateways are used to send information between nodes and the primary control server. These gateways are linked to the core server for the network through typical IP links. These gateways can be considered as bridges for communication. Their function is to facilitate conversion of RF packets to IP packets and also reverse that action. Wireless communications utilize the LoRaO physical layer’s characteristic of Long Range to single-hop between nodes and multiple or a single gateway. Every mode is capable of bi-directional communication and multicast is also allowed so as to efficiently utilize the spectrum during upgrades and communication. LoRaWAN does not specify the technical implementation, model for commercial use or a deployment type, this makes it interoperable. The industry where it is applied has the freedom to choose how it is applied. LoRaWAN specification is established and upheld by the LoRa Alliance, which is an organization made up of cooperating associates.
LoRaWAN latest security framework
This is Low Power Wide Area Network (LPWAN) protocol which is needed for cheap, mobile, safe two-way communication needed in internet of things (IoT), smart city, machine-to-machine(M2M) and industry application. LoRaWAN technology uses low consumption of power and is able to handle huge networks comprising of many devices (Laveyne et al.,2018). LoRaWAN has excellent features which include, redundancy support, cheap, geolocation and low power requirements. LoRaWAN’s security is made up of several properties. It is designed in such a way that it has low power consumption, easy to implement, cheap and it is highly scalable. The security style follows the state-of-art-principles (de Carvalho Silva et al., 2017). These principles involve; end to end encryption, accurate algorithm as well as appropriate use of standards. In addition, LoRaWAN supports three main properties; integrity, authentication and integrity (Van den Abeele et al.,2017). Mutual authentication is performed among LoRaWAN node and the LoRaWAN network. This practice makes sure that only genuine and authorized devices can access the network. LoRaWAN MAC and application messaging are both authenticated at the origin, integral, relay-protected and also encrypted. This security in collaboration with mutual authentication guarantee that the traffic in the network has not been changed, it is being generated by a genuine device, it is safe from attackers who listen and has no chance of being captured and replayed by an attacker (Fisch et al.,2017). LoRaWAN also uses end-to-end encryption for all communication between applications severs and nodes. The security mechanism implemented by LoRaWAN rely heavily on the use of an accurate and consistent AES algorithms for rncryption. LoRaWAN uses AES alongside, CMAC which protects the integrity of data and CTR which is used for encryption. All the devices in LoRaWAN are customized with a distinct AES key made of 128 bits which is known as AppKey as well as a global unique identifier. These keys are used during authentication of devices. Similarly, the LoRaWAN network is usually identified by the help of an Organizationally Unique Identifier which is allocated by the LoRa Alliance. Application payloads in LoRaWAN use endways encryption within the nodes and the servers. The integrity is maintained using hop by hop method. When on hope is protected by the integrity protection put in place, the other one is protected by safe transportation solutions such as HTTP and VPNs (Dias & Grilo, 2019). Over-the-air Activation as well as end-to-end encryption is used to ensure that the nodes and the network know the AppKey. Assurance of this is done by calculating an AES-CMAC on the device’s request together with then back end receiver. Two keys are them developed; one is used to ensure integrity and encryption while the other one is used to encrypt end-to-end application payloads. NwkSKey is a key distributed over the LoRaWAN networks and is used to verify that packets are authentic and integral while AppKey is distributed to the application server so as to encode or decode that application pay loads. The LoRaWAN security is maintained using two session keys. All payloads are encoded using AES-CTR and relay a frame counter as well as a Message Integrity Code together with AES-CMAC. Session keys and AppKey are stored in the Lora Alliance device and their security is determined by the physical security of that particular device (Naoui et al.,2016). Additional measures such as using secure element to protect those keys can be implemented in case the device is exposed to physical threats. It would be possible to decrypt the traffic if a LoRaWAN operator has the AppKey and can be able to obtain the AppSKey. This possibility is eliminated by ensuring that the server used to manage the AppKey storage, key derivation and mutual authentication is initiated by a body that is beyond the reach of the operator. The backend is composed of network and application servers which handle control and data signaling. Security of communication in the backend is maintained by use of HTTPS and VPNs. The main objective of LoRa is to provide a secure architecture and protocol, while taking into consideration that security in general is dependent on specific deployment and implementation (Johannisson, 2017).
LoRaWAN security strengths and vulnerabilities
LoRaWAN has been faced by some security challenges which in turn result to vulnerabilities (Yang et al.,2018). The security risks can be categorized as follows;
- Gateway related
In the LoRaWAN network, gateways are made up of the weakest links and are also deployed in few numbers most of the time. This situation results to a risk because a capture or physical attack is capable of destroying communication link between the EDs and the network as a whole (Butun et al., 2019).
- Servers related
Several Ns’s are required in the LoRaWAN network i.e. the serving, home and forwarding. A joint server and an application server is also necessary. The following challenges are as a result of these; the networks management is difficult, all keys are installed to the end devices and the sessions are not defined.
- End-device related
It is paramount to ensure the security of physical attacks. This will guarantee safety from device capture attacks. It is therefore advisable to use tamper-resistant hardware (Kak, 2015).
- Implementation related
These vulnerabilities occur as a result of mistakes and errors that occur during development and installation (Aras et al., 2017). During the exit procedure, it is important to handle this process using the application-layer programming. However, there is not standard definition of the exit procedure and this can raise vulnerabilities in the case of long-term operations (Bankov et al., 2017). Another issue can be related to the fact that there is no procedure define for the process of renewing DevEUI or revoking it. security flaws have also been associated with poor frame counting in OTAA devices. In addition, due to the fact that there is not joinEUI procedure defined, device with joinEUI already stored in them are rendered useless in the event that the join server needs a joinEUI change.
Regardless of these vulnerabilities, LoRaWAN is associated with many benefits as well. The LoRaWAN protocol offers encryption and signing in for LoRaWAN packets. This procedure is performed using symmetric keys that are known to the node as well as the network server. Data sent over LoRa network is signed in and encrypted using the NwkSKey as well as the AppSKey. These two keys are only known to the network server and the specific nodes, it is impossible for any attacker to gain access to the message in plain text. Data encryption is accomplished using AES128 in counter mode (CTR) while signing in is done to protect the manipulation of messages in form of cipher text. Other strengths of the LoRaWAN is linked to the fact it uses ISM bands 868 and 915 MHz which are free to use world-wide. LoRa devices are also associated with low per consumption therefore making it possible to be used with devices that are powered by batteries. The low power usage is achieved using Adaptive
Data Rate that changes the output data rate depending on the payload collaborated with the use of chirp spread spectrum technology. It can also send signals and also receive signals from a distance of up to 15 kilometers suburban areas and five kilometers in urban areas. Lastly, LoRaWAN protocol has a high network capacity as it uses gateways that single handedly accommodate a thousand end-node devices.
Tools on LoRaWAN packet sniffing and security analysis
The security of LoRaWAN is made up of many dimensions. They include, issues related to protocols, user behavior, aspects of implementation, weaknesses associated with the cryptography methods and others. LoRaWAN v1.0 OTAA, ED transmits a join-request message in order to authenticate itself. The server responds to this request using a join-accept message if the validation is successful. The joint accept message is composed of unique key parameters like AppNonce and NetID (Tomasin et al.,2017).
The LoRaWAN protocol stack is made up of the MAC layer, PHY layer as well as the application layer. Data obtained in the application layer s is usually charted into the MAC payload. The MAC layer develops a MAC frame by utilizing the MAC payload. The MAC payload is made up of frame headers, which has the source and destination address as well the frame counter, and the frame payload, which carries data from this application. The purpose of the frame port is to analyze if the frame consists of MAC commands or specific data for that application. The PHY layer utilizes the MAC frame as the PHY load and the n construct the PHY frame. This is after injecting the preamble, the PHY header and the CRC. The RF parameters consist of frequencies, modulations, power levels, and the primary RF protocols. All the components are in the LoRaWAN RF or the physical layer parameters. LoRaWAN employs two layers of security. One security layer is for the network and the other is for the application layer. Safety of the application layer authenticates the devices in the network. Application layer security also ensures that that the network operator is not able to access application data from the end user. Any end node must be activated to be able to communicate on the LoRaWAN network. There are two methods of activation in LoRaWAN network. The first on is over-the-air-activation (OTAA). This technique is composed of over the air join request incorporated with join accept messages. All the nodes are equipped with a DevEUI made of 64 bits, AppEUI which is 64-bit and an AppKey with 128-bit. DevEUI is a distinctive global distinguisher for devices that use 64-bit addresses. They signing in uses AppKey to send encrypted join request. These values are also provided for the applications server to which the devices are intended to gain access to. The node sends join message requests which are made up of the AppEUI and DevEUI. In addition to that it transmits a DevNonce that is a two-bit randomly produced value and is also unique. This value helps prevent replay attacks. The three value are now signed using a 4-byte Message Integrated Code which uses the devices AppKey. The server agrees to Join Requests from devices that have a known DevEUI and AppEUI values while in the process of validating MIC using the AppKey. When the server accepts the join request, it does so by sending back a join accept message (Sanchez-Iborra et al.,2018). The accept message contains the AppNonce, end device address, and NetID together with configuration data for the RF delays and channels to be used. This give the network and application server to use accurate encryption keys and also interpret data properly. When data is being sent back it is encoded using the AppKey. The node also uses the AppKey to decrypt data and derive the AppSKey as well as the NwkSKey with the help of the AppNonce value that was receives in the join accept message. The other method of activation is Activation by Personalization (ABP). In this technique, nodes are sent bearing the DevAddr together with two session keys (NwkSKey and AppSKey) which are distinct. The nodes start communicating with the networks server because they already have information and keys they require (Blenn et al.,2017).
Packet sniffing of LoRaWAN packets can be executed using RNode. For this process to be successful, RNode must be in host-control mode. At this state, the device can now listen to LoRaWAN packets. LoRamon is a tool that can be downloaded from GitHub and it is used to analyze LoRa packets. To run LoRamon, it is mandatory to specify the key serial port that RNode is connected to, the frequency being used to listen as well as LoRa parameters in use. The coding rate (-cr flag) is used to specify the coding rate in any case where LoRamon is used to inject packets. All packets captured by this software are stored in the console and also saved to specific directories (Adelantado et al.,2017).
Overview of LoRaWAN security and its future enhancements
LoRaWAN is among the top most adopted LPWAN technologies and is still rapidly growing in the Internet of Things applications, mostly in the intelligent meters, gas and oil processes. LoRaWAN v1.0 was associated with safety issues but they were fixed when the latest version of LoRaWAN was introduced. Even though the new version has tried to fix these issues, it also has its own security issues. Despite this, the security improvements found in the v1.1 LoRaWAN are much better improved. The security issues related to v1.1 of LoRaWAN resulted from the new framework for safety used while the rest were not covered during the description. In the future, a conclusive analysis of the LoRaWAN latest version is to be performed to clearly document is capabilities. From the study, new techniques will be proposed as a way to combat security implications. Also secure key distribution mechanisms will be analyzed and suggestions provided for the new version of LoRaWAN to incorporate so as to make it even better and robust.
Conclusion
LoRaWAN is developed with techniques that shows security is their main concern such as application of end-to-end encryption. It is also concerned with establishment of a low power and scalable network for IOT solutions. Such features have made LoRaWAN technology popular and is therefore adopted by many networks for Internet of Things.
Business mission
To ensure there is continuous, reliable, effective and secure communication for my customers and all organizations.
References
Adelantado, F., Vilajosana, X., Tuset-Peiro, P., Martinez, B., Melia-Segui, J. and Watteyne, T., 2017. Understanding the limits of LoRaWAN. IEEE Communications magazine, 55(9), pp.34-40.
Alliance, L., 2015. A technical overview of LoRa and LoRaWAN. White Paper, November.
Aras, E., Ramachandran, G.S., Lawrence, P. and Hughes, D., 2017, June. Exploring the security vulnerabilities of LoRa. In 2017 3rd IEEE International Conference on Cybernetics (CYBCONF) (pp. 1-6). IEEE.
Bankov, D., Khorov, E. and Lyakhov, A., 2016, November. On the limits of LoRaWAN channel access. In 2016 International Conference on Engineering and Telecommunication (EnT) (pp. 10-14). IEEE.
Blenn, N. and Kuipers, F., 2017. LoRaWAN in the wild: Measurements from the things network. arXiv preprint arXiv:1706.03086.
Butun, I., Pereira, N. and Gidlund, M., 2019. Security risk analysis of LoRaWAN and future directions. Future Internet, 11(1), p.3.
Conklin, W.A., White, G., Cothren, C., Davis, R. and Williams, D., 2015. Principles of computer security. McGraw-Hill Education Group.
de Carvalho Silva, J., Rodrigues, J.J., Alberti, A.M., Solic, P. and Aquino, A.L., 2017, July. LoRaWAN—A low power WAN protocol for Internet of Things: A review and opportunities. In 2017 2nd International Multidisciplinary Conference on Computer and Energy Science (SpliTech) (pp. 1-6). IEEE.
Dias, J. and Grilo, A., 2019. Multi-hop LoRaWAN uplink extension: specification and prototype implementation. Journal of Ambient Intelligence and Humanized Computing, pp.1-15.
Fisch, E.A., White, G.B. and Pooch, U.W., 2017. Computer system and network security. CRC press.
Johannisson, B., 2017. Networking and entrepreneurial growth. The Blackwell handbook of entrepreneurship, pp.368-386.
Kak, A., 2015. Lecture Notes on “Computer and Network Security”. Purdue University.
Kim, J. and Song, J., 2017. A dual key-based activation scheme for secure LoRaWAN. Wireless Communications and Mobile Computing, 2017.
Laveyne, J., Van Eetvelde, G. and Vandevelde, L., 2018. Application of LoRaWAN for smart metering: an experimental verification. Int. J. Contemp. Energy, 4, pp.61-67.
Naoui, S., Elhdhili, M.E. and Saidane, L.A., 2016, November. Enhancing the security of the IoT LoraWAN architecture. In 2016 International Conference on Performance Evaluation and Modeling in Wired and Wireless Networks (PEMWN) (pp. 1-7). IEEE.
Roland, F., Debauche, O. and Bette, S., 2019. Geolocation of Tools on Construction Sites and LoRa Performance.
Sanchez-Iborra, R., Sánchez-Gómez, J., Perez, S., Fernández, P.J., Santa, J., Hernández-Ramos, J.L. and Skarmeta, A.F., 2018, June. Internet Access for LoRaWAN Devices Considering Security Issues. In 2018 Global Internet of Things Summit (GIoTS) (pp. 1-6). IEEE.
Tomasin, S., Zulian, S. and Vangelista, L., 2017, March. Security analysis of LoRaWAN join procedure for Internet of Things networks. In 2017 IEEE Wireless Communications and Networking Conference Workshops (WCNCW) (pp. 1-6). IEEE.
Van den Abeele, F., Haxhibeqiri, J., Moerman, I. and Hoebeke, J., 2017. Scalability analysis of large-scale LoRaWAN networks in ns-3. IEEE Internet of Things Journal, 4(6), pp.2186-2198.
Wixted, A.J., Kinnaird, P., Larijani, H., Tait, A., Ahmadinia, A. and Strachan, N., 2016, October. Evaluation of LoRa and LoRaWAN for wireless sensor networks. In 2016 IEEE SENSORS (pp. 1-3). IEEE.
Yang, X., Karampatzakis, E., Doerr, C. and Kuipers, F., 2018, April. Security Vulnerabilities in LoRaWAN. In 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI) (pp. 129-140). IEEE.