Security vulnerabilities and risks in industrial usage of wireless communication

Plósz, Sándor; Farshad, Arsham; Tauber, Markus; Lesjak, Christian; Ruprechter, Thomas; Pereira, Nuno

doi:10.1109/etfa.2014.7005129

Cited by 25 publications

(14 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In this section, we have used the security analysis methodology of Plosz et al [36], which have been designed by following ETSI guidelines [37]. The methodology includes likelihood and impact assessment of the threats in order to obtain a detailed and categorized security risk analysis as described below:…”

Section: Risk Assessment Methodologymentioning

confidence: 99%

Security Risk Analysis of LoRaWAN and Future Directions

2018

View full text Add to dashboard Cite

LoRa (along with its upper layers definition-LoRaWAN) is one of the most promising Low Power Wide Area Network (LPWAN) technologies for implementing Internet of Things (IoT)-based applications. Although being a popular technology, several works in the literature have revealed vulnerabilities and risks regarding the security of LoRaWAN v1.0 (the official 1st specification draft). The LoRa-Alliance has built upon these findings and introduced several improvements in the security and architecture of LoRa. The result of these efforts resulted in LoRaWAN v1.1, released on 11 October 2017. This work aims at reviewing and clarifying the security aspects of LoRaWAN v1.1. By following ETSI guidelines, we provide a comprehensive Security Risk Analysis of the protocol and discuss several remedies to the security risks described. A threat catalog is presented, along with discussions and analysis in view of the scale, impact, and likelihood of each threat. To the best of the authors' knowledge, this work is one of the first of its kind, by providing a detailed security risk analysis related to the latest version of LoRaWAN. Our analysis highlights important practical threats, such as end-device physical capture, rogue gateway and self-replay, which require particular attention by developers and organizations implementing LoRa networks.

show abstract

Section: Risk Assessment Methodologymentioning

confidence: 99%

Security Risk Analysis of LoRaWAN and Future Directions

2018

View full text Add to dashboard Cite

show abstract

“…In this section, we have used the security analysis methodology of Plosz et al [21], which have been designed by following ETSI guidelines [22]. The methodology includes likelihood and impact assessment of the threats in order to obtain a detailed and categorized security risk analysis as described below.…”

Section: Risk Assessment Methodologymentioning

confidence: 99%

Demystifying Security of LoRaWAN v1.1

Bütün¹,

Pereira²,

Gidlund³

2018

Preprint

View full text Add to dashboard Cite

LoRa and its upper layers definition LoRaWAN is one of the most promising LPWAN technologies for implementing the Internet of Things (IoT). Although being a popular technology, several works in the literature have revealed various weaknesses regarding the security of LoRaWAN v1.0 (the official 1st draft). By using all these recommendations from the academia and industry, the LoRa-Alliance has worked on the v1.0 to develop an enhanced version and provide more secure and trustable architecture. The result of these efforts ended-up with LoRaWAN v1.1, which was released on Oct 11, 2017. This manuscript aims at demystifying the security aspects and provide a comprehensive Security Risk Analysis related to latest version of LoRaWAN. Besides, it provides several remedies to the recognized vulnerabilities. To the best of authors’ knowledge, this work is one of its first kind by providing a detailed security analysis related to latest version of LoRaWAN. According to our analysis, end-device physical capture, rogue gateway and replay attacks are found to be threating for safety operation of the network. Eventually, v1.1 of LoRaWAN is found to be less vulnerable to attacks compared to v1.0, yet possesses several security implications that need to be addressed and fixed for the upcoming releases.

show abstract

“…As the example in [43], a threat catalogue for wireless connections was specified which can be used as an input for FMVEA. Reusability of CHASSIS elements is mostly not possible.…”

Section: Reusability Of Analysis Artefactsmentioning

confidence: 99%

A Case Study of FMVEA and CHASSIS as Safety and Security Co-Analysis Method for Automotive Cyber-physical Systems

Schmittner

Schoitsch

et al. 2015

Proceedings of the 1st ACM Workshop on Cyber-Physical System Security

View full text Add to dashboard Cite

The increasing integration of computational components and physical systems creates cyber-physical system, which provide new capabilities and possibilities for humans to control and interact with physical machines. However, the correlation of events in cyberspace and physical world also poses new safety and security challenges. This calls for holistic approaches to safety and security analysis for the identification of safety failures and security threats and a better understanding of their interplay. This paper presents the application of two promising methods, i.e. Failure Mode, Vulnerabilities and Effects Analysis (FMVEA) and Combined Harm Assessment of Safety and Security for Information Systems (CHASSIS), to a case study of safety and security co-analysis of cyber-physical systems in the automotive domain. We present the comparison, discuss their applicabilities, and identify future research needs.

show abstract

Security vulnerabilities and risks in industrial usage of wireless communication

Cited by 25 publications

References 10 publications

Security Risk Analysis of LoRaWAN and Future Directions

Security Risk Analysis of LoRaWAN and Future Directions

Demystifying Security of LoRaWAN v1.1

A Case Study of FMVEA and CHASSIS as Safety and Security Co-Analysis Method for Automotive Cyber-physical Systems

Contact Info

Product

Resources

About