LoRa adopts a unique modulation scheme (chirp spread spectrum (CSS)) to enable long range communication at low power consumption. CSS uses the initial frequencies of LoRa chirps to differentiate LoRa symbols, while simply ignoring other RF parameters (e.g., amplitude and phase). Driven by this observation, we build a covert channel (named CLoRa) by embedding covert information with a modulation scheme orthogonal to CSS. We implement CLoRa with a COTS LoRa node (Tx) and a low-cost receive-only SDR dongle (Rx). The experiment results show that CLoRa can send covert information over 250 m. This demo reveals that the LoRa physical layer leaves sufficient room to build a covert channel by embedding covert information with a modulation scheme orthogonal to CSS.
This paper presents the design and implementation of PCube, a phase-based parallel packet decoder for concurrent transmissions of LoRa nodes. The key enabling technology behind PCube is a novel air-channel phase measurement technique which is able to extract phase differences of air-channels between LoRa nodes and multiple antennas of a gateway. PCube leverages the reception diversities of multiple receiving antennas of a gateway and scales the concurrent transmissions of a large number of LoRa nodes, even exceeding the number of receiving antennas at a gateway. As a phase-based parallel decoder, PCube provides a new dimension to resolve collisions and supports more concurrent transmissions by complementing time and frequency based parallel decoders. PCube is implemented and evaluated with synchronized software defined radios and off-the-shelf LoRa nodes in both indoors and outdoors. Results demonstrate that PCube can substantially outperform state-of-the-art works in terms of aggregated throughput by 4.9 × and the number of concurrent nodes by up to 5 ×. More importantly, PCube scales well with the number of receiving antennas of a gateway, which is promising to break the barrier of concurrent transmissions.
LoRaWAN forms a one-hop star topology where LoRa nodes send data via one-hop up-link transmission to a LoRa gateway. If the LoRa gateway can be jammed by attackers, it may not be able to receive any data from any nodes in the network. Our empirical study shows that although LoRa physical layer (PHY) is robust and resilient by design, it is still vulnerable to synchronized jamming chirps. Potential protection solutions (
e.g.
, collision recovery, parallel decoding) may fail to extract LoRa packets if an attacker transmits synchronized jamming chirps at higher power. To protect the LoRa PHY from such attacks, we propose a new protection method that can separate LoRa chirps from jamming chirps by leveraging their difference in power domain. We note that the new protection solution is orthogonal to existing solutions which leverage the chirp misalignment in time domain or the frequency disparity in frequency domain. We conduct experiments with COTS LoRa nodes and software defined radios (SDRs) with varied experiment settings such as different spreading factors, bandwidths, and code rates. Results show that synchronized jamming chirps at high power can jam all previous solutions, while our protection solution can effectively protect LoRa gateways from the jamming attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.