With the rise of the IoT, many protocols have been developed in order to fulfill the need for a wireless connectivity that assures energy efficiency and low-data rates. LoRaWAN is certainly one of the most widely used protocols. The LoRaWAN 1.1 specification aims to fix some serious security vulnerabilities in the 1.0 specification, however there still exist critical points to address. In this paper, we identify an attack that can affect LoRaWAN 1.0 and 1.1 networks, which hijacks the downlink path from the Network Server to an End Device. The attack exploits the deduplication procedure and the gateway selection during a downlink scheduling by the Network Server, which is in general implementation-dependent. The attack scheme has been proven to be easy to implement, not requiring physical layer-specific operations such as signal jamming, and could target many LoRaWAN devices at once. We discuss the implications of this attack and identify the possible mitigations that could be adopted by network providers to address this vulnerability.
Hijacking downlink path selection in LoRaWAN / Locatelli, Pierluigi; Spadaccino, Pietro; Cuomo, Francesca. - (2021), pp. 1-6. (Intervento presentato al convegno 2021 IEEE Global Communications Conference, GLOBECOM 2021 tenutosi a Madrid; Spain) [10.1109/GLOBECOM46510.2021.9685973].
Hijacking downlink path selection in LoRaWAN
Locatelli, Pierluigi;Spadaccino, Pietro;Cuomo, Francesca
2021
Abstract
With the rise of the IoT, many protocols have been developed in order to fulfill the need for a wireless connectivity that assures energy efficiency and low-data rates. LoRaWAN is certainly one of the most widely used protocols. The LoRaWAN 1.1 specification aims to fix some serious security vulnerabilities in the 1.0 specification, however there still exist critical points to address. In this paper, we identify an attack that can affect LoRaWAN 1.0 and 1.1 networks, which hijacks the downlink path from the Network Server to an End Device. The attack exploits the deduplication procedure and the gateway selection during a downlink scheduling by the Network Server, which is in general implementation-dependent. The attack scheme has been proven to be easy to implement, not requiring physical layer-specific operations such as signal jamming, and could target many LoRaWAN devices at once. We discuss the implications of this attack and identify the possible mitigations that could be adopted by network providers to address this vulnerability.| File | Dimensione | Formato | |
|---|---|---|---|
|
Locatelli_Hijacking_2021.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.21 MB
Formato
Adobe PDF
|
1.21 MB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
