LoRaWAN is a wireless technology developed to transmit over long distances using low power. It runs over the proprietary LoRa radio modulation and provides fundamental IoT requirements such as bi-directional communication, end-toend security, key management, mobility, and localization services. Despite LoRaWAN guarantees confidentiality and integrity of application payload, the wireless nature of the medium causes that an eavesdropper, listening to the network communications, can collect non-encrypted information stored in the packets. In particular, it can obtain two sensible metadata elements, called DevAddress e DevEUI. Since the association between these elements can involve privacy issues, LoRaWAN forces endpoints to expose their DevEUI only during the association procedure to avoid the association with the corresponding DevAddress. In the first part of this work, we prove how an adversary can link them nevertheless. Then we explain the consequences for the privacy of devices and users that joined the network and propose PIVOT (Privacy-Monitoring), an analyzer system for LoRaWAN that detects in real-time vulnerable endpoints. Furthermore, we explain how the metrics used in PIVOT can support the operator in applying adequate countermeasures. Finally, we test our scheme on a simulated LoRaWAN application and examine the results obtained.
Privacy monitoring of LoRaWAN devices through traffic stream analysis / Terenzi, Francesco; Spadaccino, Pietro; Cuomo, Francesca. - (2022), pp. 425-433. (Intervento presentato al convegno 23rd International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2022 tenutosi a Virtual) [10.1109/WoWMoM54355.2022.00062].
Privacy monitoring of LoRaWAN devices through traffic stream analysis
Spadaccino, Pietro
;Cuomo, Francesca
2022
Abstract
LoRaWAN is a wireless technology developed to transmit over long distances using low power. It runs over the proprietary LoRa radio modulation and provides fundamental IoT requirements such as bi-directional communication, end-toend security, key management, mobility, and localization services. Despite LoRaWAN guarantees confidentiality and integrity of application payload, the wireless nature of the medium causes that an eavesdropper, listening to the network communications, can collect non-encrypted information stored in the packets. In particular, it can obtain two sensible metadata elements, called DevAddress e DevEUI. Since the association between these elements can involve privacy issues, LoRaWAN forces endpoints to expose their DevEUI only during the association procedure to avoid the association with the corresponding DevAddress. In the first part of this work, we prove how an adversary can link them nevertheless. Then we explain the consequences for the privacy of devices and users that joined the network and propose PIVOT (Privacy-Monitoring), an analyzer system for LoRaWAN that detects in real-time vulnerable endpoints. Furthermore, we explain how the metrics used in PIVOT can support the operator in applying adequate countermeasures. Finally, we test our scheme on a simulated LoRaWAN application and examine the results obtained.| File | Dimensione | Formato | |
|---|---|---|---|
|
Spadaccino_Traffic-stream-analysis_2022.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Creative commons
Dimensione
1.24 MB
Formato
Adobe PDF
|
1.24 MB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
