Catalogo dei prodotti della ricerca

LoRaWAN is certainly one of the most widely used LPWAN protocol. The LoRaWAN 1.1 specification aims at fixing some serious security vulnerabilities in the 1.0 specification, however there still exist critical points that may affect the IoT security. In this demo, we show an attack that can affect LoRaWAN 1.0 and 1.1 networks, which hijacks the downlink path from the Network Server to an End Device, ruling out the target device from the network. The attack exploits the deduplication procedure and the gateway selection during a downlink scheduling by the Network Server, which is in general implementation-dependent. The attack scheme has been proven to be easy to implement, not requiring physical layer-specific operations such as signal jamming, and could target many LoRaWAN devices at once. We demonstrate this attack and its effects by blocking a device under our control by receiving any downlink communication.

Ruling Out IoT Devices in LoRaWAN / Locatelli, Pierluigi; Spadaccino, Pietro; Cuomo, Francesca. - (2022), pp. 1-2. (Intervento presentato al convegno IEEE Conference on Computer Communications Workshops tenutosi a Online) [10.1109/INFOCOMWKSHPS54753.2022.9798063].

Ruling Out IoT Devices in LoRaWAN

Locatelli, Pierluigi;Spadaccino, Pietro;Cuomo, Francesca
2022

Abstract

LoRaWAN is certainly one of the most widely used LPWAN protocol. The LoRaWAN 1.1 specification aims at fixing some serious security vulnerabilities in the 1.0 specification, however there still exist critical points that may affect the IoT security. In this demo, we show an attack that can affect LoRaWAN 1.0 and 1.1 networks, which hijacks the downlink path from the Network Server to an End Device, ruling out the target device from the network. The attack exploits the deduplication procedure and the gateway selection during a downlink scheduling by the Network Server, which is in general implementation-dependent. The attack scheme has been proven to be easy to implement, not requiring physical layer-specific operations such as signal jamming, and could target many LoRaWAN devices at once. We demonstrate this attack and its effects by blocking a device under our control by receiving any downlink communication.
2022
IEEE Conference on Computer Communications Workshops
LoRaWAN; security; denial of service; replay attack; vulnerability analysis
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Ruling Out IoT Devices in LoRaWAN / Locatelli, Pierluigi; Spadaccino, Pietro; Cuomo, Francesca. - (2022), pp. 1-2. (Intervento presentato al convegno IEEE Conference on Computer Communications Workshops tenutosi a Online) [10.1109/INFOCOMWKSHPS54753.2022.9798063].
04b Atto di convegno in volume
File allegati a questo prodotto
File Dimensione Formato  
Locatelli_Ruling_2022.pdf

solo gestori archivio

Tipologia: Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 362.19 kB
Formato Adobe PDF
  Contatta l'autore
362.19 kB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1649369
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 2
social impact