LoRa-WAN

Introduction

The long range wide area networking (LoRaWAN) protocol is designed to allow lowpowered devices to communicate with Internet-connected applications over long range (LoRa) wireless connections. It is a MAC layer protocol built on top of LoRa, which is the physical layer (PHY) or the wireless modulation protocol.

As previously mentioned, one of the biggest advantages of LoRaWAN is its long range capability: a single gateway (antenna) can cover an entire city or hundreds of square miles, although it heavily depends on the environment and obstructions in a given location. Furthermore, the LoRaWAN stack does not require a licensed spectrum to transmit messages but rather the opposite, making it a low-cost technology when compared to licensed spectrum solutions.

Interactive Map to Detect LoRa Gateways

LogoThe Things NetworkThe Things Network
The Things Network

LoRaWAN Applications

  • Smart City (i.e. parking, lighting, traffic management, metering, weather monitoring)

  • Industry (i.e. asset tracking, climate control)

  • Security (i.e. panic buttons, gunshot detection, flood monitoring)

  • Smart Home (i.e. alarms systems, home automation)

  • Smart Agriculture

  • Smart Healthcare

Architecture

https://act-on.ioactive.com/acton/attachment/34793/f-87b45f5f-f181-44fc-82a8-8e53c501dc4e/1/-/-/-/-/LoRaWAN%20Networks%20Susceptible%20to%20Hacking.pdf

Security in LoRaWAN

Device Activation

Figure 3. Session Key Generation in LoRaWAN v1.0.*

Data Required for Session Key Derivation

AES(AppKey, 0x1 + AppNonce + NetID + DevNonce) = AppSKey
AES(AppKey, 0x2 + AppNonce + NetID + DevNonce) = NwkSKey

Cyber Security Risks and Threats

  • Reverse Engineering Devices

  • Device Tags

  • Hardcoded Keys in Open Source Code

  • Easy-to-guess Keys

  • Network Servers with Default or Weak Credentials

  • Servers with Security Vulnerabilities

  • Compromised Device Manufacturers

  • Device/Infrastructure Deployment Technicians

  • File Disclosure

  • Service Provider Breach

  • Offline Key Cracking

Compromised keys and Cyber Attacks

  • Denial of Service to Devices and Networks

    • Sending Valid Messages

    • Regenerating Session Keys

    • Sending Valid MAC Commands

  • Sending Fake Data

Cyber Attack Scenarios

  • Utilities and Smart Meters

  • Smart Industry

  • Smart Cities

  • Smart Home

Auditing Insecure Networks and Detecting Cyber Attacks

  • Message Replay

  • Fake Messages and Denial of Service (Simultaneous Sessions)

  • ABP Devices

  • Well-known or Non-random Keys

REFERENCES

PreviousProtocolsNextActive Directory Post Exploitation

Last updated

Was this helpful?