Challenges and opportunities in LoRaWAN security: exploring protocol vulnerabilities, privacy threats and the role of edge computing

The Internet of Things (IoT) paradigm is nowadays adopted by many applications, involving several communication technologies. In this context, Low-Power Wide-Area Network (LPWAN) protocols are quickly developing, achieving high range communication while maintaining a low energy consumption. Such protocols had to be designed from scratch to cope with the scarce computational resources offered by an IoT device. LoRaWAN is one of the most rapidly expanding LPWAN protocols, thanks to its low cost of devices and operation. During the years, LoRaWAN underwent extensive security assessments, discovering and mitigating new vulnerabilities, and the newest standard version 1.1 is considered to be secure. However, in this thesis we discover new vulnerabilities that could be exploited by a malicious third party to achieve different goals. One vulnerability deals with a Denial-of-Service of downlink messages, impacting application operation as well as network control. The other one deals with the de-anonymization of a device, discovering the correlation between DevAddr and DevEUI, causing information leakages and privacy concerns. Moreover, we consider the role of Edge computing in LoRaWAN and how one can leverage it in order to enhance the security and to optimize network operation in a LoRaWAN environment.