Recent Low Power Wide Area Networks (LPWAN) protocols are receiving increased attention from industry and academia to offer accessibility for Internet of Things (IoT) connected remote sensors and actuators. In this work, we present a formal study of LoRaWAN security, an increasingly popular technology, which defines the structure and operation of LPWAN networks based on the LoRa physical layer. There are previously known security vulnerabilities in LoRaWAN that lead to the proposal of several improvements, some already incorporated into the latest protocol specification. Our analysis of LoRaWAN security uses Scyther, a formal security analysis tool and focuses on the key exchange portion of versions 1.0 (released in 2015) and 1.1 (the latest, released in 2017). For version 1.0, which is still the most widely deployed version of LoRaWAN, we show that our formal model allowed to uncover weaknesses that can be related to previously reported vulnerabilities. Our model did not find weaknesses in the latest version of the protocol (v1.1), and we discuss what this means in practice for the security of LoRaWAN as well as important aspects of our model and tools employed that should be considered. The Scyther model developed provides realistic models for Lo-RaWAN v1.0 and v1.1 that can be used and extended to formally analyze, inspect, and explore the security features of the protocols. This, in turn, can clarify the methodology for achieving secrecy, integrity, and authentication for designers and developers interested in these LPWAN standards. We believe that our model and discussion of the protocols security properties are beneficial for both researchers and practitioners.
The Internet of Things (IoT) is rapidly becoming an integral component of the industrial market in areas such as automation and analytics, giving rise to what is termed as the Industrial IoT (IIoT). The IIoT promises innovative business models in various industrial domains by providing ubiquitous connectivity, efficient data analytics tools, and better decision support systems for a better market competitiveness. However, IIoT deployments are vulnerable to a variety of security threats at various levels of the connectivity and communications infrastructure. The complex nature of the IIoT infrastructure means that availability, confidentiality and integrity are difficult to guarantee, leading to a potential distrust in the network operations and concerns of loss of critical infrastructure, compromised safety of network end-users and privacy breaches on sensitive information. This work attempts to look at the requirements currently specified for a secure IIoT ecosystem in industry standards, such as Industrial Internet Consortium (IIC) and OpenFog Consortium, and to what extent current IIoT connectivity protocols and platforms hold up to the standards with regard to security and privacy. The paper also discusses possible future research directions to enhance the security, privacy and safety of the IIoT.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.