search

tower-broadcastLoRa-WAN

hashtag
Introduction

The long range wide area networking (LoRaWAN) protocol is designed to allow lowpowered devices to communicate with Internet-connected applications over long range (LoRa) wireless connections. It is a MAC layer protocol built on top of LoRa, which is the physical layer (PHY) or the wireless modulation protocol.

As previously mentioned, one of the biggest advantages of LoRaWAN is its long range capability: a single gateway (antenna) can cover an entire city or hundreds of square miles, although it heavily depends on the environment and obstructions in a given location. Furthermore, the LoRaWAN stack does not require a licensed spectrum to transmit messages but rather the opposite, making it a low-cost technology when compared to licensed spectrum solutions.

hashtag
Interactive Map to Detect LoRa Gateways

LogoThe Things NetworkThe Things Networkchevron-right
The Things Network

hashtag
LoRaWAN Applications

  • Smart City (i.e. parking, lighting, traffic management, metering, weather monitoring)

  • Industry (i.e. asset tracking, climate control)

  • Security (i.e. panic buttons, gunshot detection, flood monitoring)

  • Smart Home (i.e. alarms systems, home automation)

  • Smart Agriculture

  • Smart Healthcare

hashtag
Architecture

https://act-on.ioactive.com/acton/attachment/34793/f-87b45f5f-f181-44fc-82a8-8e53c501dc4e/1/-/-/-/-/LoRaWAN%20Networks%20Susceptible%20to%20Hacking.pdfarrow-up-right

hashtag
Security in LoRaWAN

hashtag
Device Activation

Figure 3. Session Key Generation in LoRaWAN v1.0.*

hashtag
Data Required for Session Key Derivation

hashtag
Cyber Security Risks and Threats

  • Reverse Engineering Devices

  • Device Tags

  • Hardcoded Keys in Open Source Code

  • Easy-to-guess Keys

  • Network Servers with Default or Weak Credentials

  • Servers with Security Vulnerabilities

  • Compromised Device Manufacturers

  • Device/Infrastructure Deployment Technicians

  • File Disclosure

  • Service Provider Breach

  • Offline Key Cracking

hashtag
Compromised keys and Cyber Attacks

  • Denial of Service to Devices and Networks

    • Sending Valid Messages

    • Regenerating Session Keys

    • Sending Valid MAC Commands

  • Sending Fake Data

hashtag
Cyber Attack Scenarios

  • Utilities and Smart Meters

  • Smart Industry

  • Smart Cities

  • Smart Home

hashtag
Auditing Insecure Networks and Detecting Cyber Attacks

  • Message Replay

  • Fake Messages and Denial of Service (Simultaneous Sessions)

  • ABP Devices

  • Well-known or Non-random Keys

hashtag
REFERENCES

PreviousProtocolsNextActive Directory Post Exploitation

Last updated