LoRaWAN is certainly one of the most widely used LPWAN protocol. The LoRaWAN 1.1 specification aims at fixing some serious security vulnerabilities in the 1.0 specification, however there still exist critical points that may affect the IoT security. In this demo, we show an attack that can affect LoRaWAN 1.0 and 1.1 networks, which hijacks the downlink path from the Network Server to an End Device, ruling out the target device from the network. The attack exploits the deduplication procedure and the gateway selection during a downlink scheduling by the Network Server, which is in general implementation-dependent. The attack scheme has been proven to be easy to implement, not requiring physical layer-specific operations such as signal jamming, and could target many LoRaWAN devices at once. We demonstrate this attack and its effects by blocking a device under our control by receiving any downlink communication.
Ruling Out IoT Devices in LoRaWAN / Locatelli, Pierluigi; Spadaccino, Pietro; Cuomo, Francesca. - (2022), pp. 1-2. (Intervento presentato al convegno IEEE Conference on Computer Communications Workshops tenutosi a Online) [10.1109/INFOCOMWKSHPS54753.2022.9798063].
Ruling Out IoT Devices in LoRaWAN
Locatelli, Pierluigi;Spadaccino, Pietro;Cuomo, Francesca
2022
Abstract
LoRaWAN is certainly one of the most widely used LPWAN protocol. The LoRaWAN 1.1 specification aims at fixing some serious security vulnerabilities in the 1.0 specification, however there still exist critical points that may affect the IoT security. In this demo, we show an attack that can affect LoRaWAN 1.0 and 1.1 networks, which hijacks the downlink path from the Network Server to an End Device, ruling out the target device from the network. The attack exploits the deduplication procedure and the gateway selection during a downlink scheduling by the Network Server, which is in general implementation-dependent. The attack scheme has been proven to be easy to implement, not requiring physical layer-specific operations such as signal jamming, and could target many LoRaWAN devices at once. We demonstrate this attack and its effects by blocking a device under our control by receiving any downlink communication.File | Dimensione | Formato | |
---|---|---|---|
Locatelli_Ruling_2022.pdf
solo gestori archivio
Tipologia:
Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
362.19 kB
Formato
Adobe PDF
|
362.19 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.