LoRaWAN (Long Range WAN) is one of the well-known emerging technologies for the Internet of Things (IoT). Many IoT applications involve simple devices that transmit their data toward network gateways or access points that, in turn, redirect the data to application servers. While several security issues have been faced in the LoRaWAN v1.1 specification from the very beginning, there are still some aspects that may undermine the privacy and the security of the IoT devices. In this paper we tackle the privacy aspect in the LoRaWAN device identity. The proposed approach, by monitoring the traffic of a LoRaWAN Network, is able to derive, in a probabilistic way, the unique identifier of the device from the temporal address assigned from the network. In other words, the method identifies the relationship between the LoRaWAN DevAddress and the device manufacturer DevEUI. The proposed approach, named DEVIL (DEVice Identification and privacy Leakage), is based on temporal patterns arising in the packet transmissions by LoRaWAN devices, and it is evaluated on the dataset extracted from real applications scenario deployed in Italy by a network operator. The results of our analysis show how device identification, during the time, can expose users to privacy leakage.

Discovery privacy threats via device de-anonymization in LoRaWAN / Spadaccino, Pietro; Garlisi, Domenico; Cuomo, Francesca; Pillon, Giorgio; Pisani, Patrizio. - (2021). (Intervento presentato al convegno 19th Mediterranean Communication and Computer Networking Conference tenutosi a Virtuale) [10.1109/MedComNet52149.2021.9501247].

Discovery privacy threats via device de-anonymization in LoRaWAN

Pietro Spadaccino
;
Francesca Cuomo;
2021

Abstract

LoRaWAN (Long Range WAN) is one of the well-known emerging technologies for the Internet of Things (IoT). Many IoT applications involve simple devices that transmit their data toward network gateways or access points that, in turn, redirect the data to application servers. While several security issues have been faced in the LoRaWAN v1.1 specification from the very beginning, there are still some aspects that may undermine the privacy and the security of the IoT devices. In this paper we tackle the privacy aspect in the LoRaWAN device identity. The proposed approach, by monitoring the traffic of a LoRaWAN Network, is able to derive, in a probabilistic way, the unique identifier of the device from the temporal address assigned from the network. In other words, the method identifies the relationship between the LoRaWAN DevAddress and the device manufacturer DevEUI. The proposed approach, named DEVIL (DEVice Identification and privacy Leakage), is based on temporal patterns arising in the packet transmissions by LoRaWAN devices, and it is evaluated on the dataset extracted from real applications scenario deployed in Italy by a network operator. The results of our analysis show how device identification, during the time, can expose users to privacy leakage.
2021
19th Mediterranean Communication and Computer Networking Conference
internet of things; lora; lorawan; security; privacy; network optimization
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Discovery privacy threats via device de-anonymization in LoRaWAN / Spadaccino, Pietro; Garlisi, Domenico; Cuomo, Francesca; Pillon, Giorgio; Pisani, Patrizio. - (2021). (Intervento presentato al convegno 19th Mediterranean Communication and Computer Networking Conference tenutosi a Virtuale) [10.1109/MedComNet52149.2021.9501247].
File allegati a questo prodotto
File Dimensione Formato  
Spadaccino_post-print_Discovery_2021.pdf

solo gestori archivio

Tipologia: Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 748.47 kB
Formato Adobe PDF
748.47 kB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1559019
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? 3
social impact