LoRaWAN Security Analysis : An Experimental Evaluation of Attacks

Low-power wide-area networks (LPWAN) are becoming the wireless backbone for modern business processes and municipal administration. LoRaWAN, which stands for long-range wide-area network, is a recent medium access control (MAC) layer protocol competing for this market. It stands out by its open oper...

Full description

Bibliographic Details
Main Author: Hessel, Frank
Format: Dissertation
Language:en
Published: 2021
Online Access:https://tuprints.ulb.tu-darmstadt.de/17550/1/LoRaWAN-Security-Analysis.pdf
Hessel, Frank <http://tuprints.ulb.tu-darmstadt.de/view/person/Hessel=3AFrank=3A=3A.html> (2021): LoRaWAN Security Analysis : An Experimental Evaluation of Attacks. (Publisher's Version)Darmstadt, Technische Universität, DOI: 10.26083/tuprints-00017550 <https://doi.org/10.26083/tuprints-00017550>, [Master Thesis]
Description
Summary:Low-power wide-area networks (LPWAN) are becoming the wireless backbone for modern business processes and municipal administration. LoRaWAN, which stands for long-range wide-area network, is a recent medium access control (MAC) layer protocol competing for this market. It stands out by its open operator model and a novel modulation technique. With LoRaWAN and other communication technologies are becoming a dependency for more and more aspects of today's society, the question for their security and reliability comes up. Previous researches on the topic have already revealed vulnerabilities in the first LoRaWAN specification, which have been partly mitigated in the most recent LoRaWAN 1.1. However, related studies often provide only theoretical results or consider practical scenarios only on a specific, small scale. In this thesis, we present a LoRaWAN security evaluation framework that allows field-testing the security and reliability characteristics of actual LoRaWAN deployments. This provides not only reproducible results but also allows making a comparison between defined versions of the specification and LoRaWAN software. Before expounding implementation details, we provide a literature survey on LoRaWAN vulnerabilities and attacks to identify interesting aspects for further evaluation. From our experimental results, we show that jamming is a serious threat to the availability of LoRaWAN networks. Furthermore, we demonstrate the practical applicability of two replay attacks against a selection of LoRaWAN software and illustrate why they will remain relevant for years due to backward compatibility.