Security Vulnerabilities in LPWANs—An Attack Vector Analysis for the IoT Ecosystem

Torres, Nuno; Pinto, Pedro; Lopes, Sérgio Ivan

doi:10.3390/app11073176

Cited by 42 publications

(17 citation statements)

References 95 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This becomes more important in some IoT categories (Industry 4.0, smart city) and it is a drawback. Therefore, providing a reliable security mechanism based on their limitations is a challenging and open issue task [15,138].…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

GNSS-Free Outdoor Localization Techniques for Resource-Constrained IoT Architectures: A Literature Review

et al. 2021

Self Cite

View full text Add to dashboard Cite

Large-scale deployments of the Internet of Things (IoT) are adopted for performance improvement and cost reduction in several application domains. The four main IoT application domains covered throughout this article are smart cities, smart transportation, smart healthcare, and smart manufacturing. To increase IoT applicability, data generated by the IoT devices need to be time-stamped and spatially contextualized. LPWANs have become an attractive solution for outdoor localization and received significant attention from the research community due to low-power, low-cost, and long-range communication. In addition, its signals can be used for communication and localization simultaneously. There are different proposed localization methods to obtain the IoT relative location. Each category of these proposed methods has pros and cons that make them useful for specific IoT systems. Nevertheless, there are some limitations in proposed localization methods that need to be eliminated to meet the IoT ecosystem needs completely. This has motivated this work and provided the following contributions: (1) definition of the main requirements and limitations of outdoor localization techniques for the IoT ecosystem, (2) description of the most relevant GNSS-free outdoor localization methods with a focus on LPWAN technologies, (3) survey the most relevant methods used within the IoT ecosystem for improving GNSS-free localization accuracy, and (4) discussion covering the open challenges and future directions within the field. Some of the important open issues that have different requirements in different IoT systems include energy consumption, security and privacy, accuracy, and scalability. This paper provides an overview of research works that have been published between 2018 to July 2021 and made available through the Google Scholar database.

show abstract

Section: Discussionmentioning

confidence: 99%

“…The information which is collected by IoT and IoT communication signals in LPWAN should be sent securely, otherwise, it can lead to security (disclose sensitive information about environment) and privacy problems (potentially disclose end-node location). Poor authentication and encryption methods can lead to end-node privacy violence [15].…”

mentioning

confidence: 99%

GNSS-Free Outdoor Localization Techniques for Resource-Constrained IoT Architectures: A Literature Review

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…A review of vulnerabilities, threats and common defense strategies in some LPWAN protocols, in particular LoRaWAN and SigFox, is performed in [14]. This work discusses critical aspects of security in LPWAN technologies and identifies attack vectors, while also proposing defense strategies to mitigate the identified risks in the context of relevant IoT technologies.…”

Section: Related Workmentioning

confidence: 99%

Energy-Aware Security Adaptation for Low-Power IoT Applications

Rosendo

Granjal

2022

Network

View full text Add to dashboard Cite

The constant evolution in communication infrastructures will enable new Internet of Things (IoT) applications, particularly in areas that, up to today, have been mostly enabled by closed or proprietary technologies. Such applications will be enabled by a myriad of wireless communication technologies designed for all types of IoT devices, among which are the Long-Range Wide-Area Network (LoRaWAN) or other Low-power and Wide-Area Networks (LPWAN) communication technologies. This applies to many critical environments, such as industrial control and healthcare, where wireless communications are yet to be broadly adopted. Two fundamental requirements to effectively support upcoming critical IoT applications are those of energy management and security. We may note that those are, in fact, contradictory goals. On the one hand, many IoT devices depend on the usage of batteries while, on the other hand, adequate security mechanisms need to be in place to protect devices and communications from threats against their stability and security. With thismotivation in mind, we propose a solution to address the management, in tandem, of security and energy in LoRaWAN IoT communication environments. We propose and evaluate an architecture in the context of which adaptation logic is used to manage security and energy dynamically, with the goal of guaranteeing appropriate security, while promoting the lifetime of constrained sensing devices. The proposed solution was implemented and experimentally evaluated and was observed to successfully manage security and energy. Security and energy are managed in line with the requirements of the application at hand, the characteristics of the constrained sensing devices employed and the detection, as well as the threat, of particular types of attacks.

show abstract

“…In what follows we detail the results of several studies, which deal with the replay and bit-flipping attacks, and thus are relevant to the scenarios emulated by us. The interested readers can find a more comprehensive overview of the other attack types and challenges in, e.g., [25].…”

Section: Related Workmentioning

confidence: 99%

Testbed for LoRaWAN Security: Design and Validation through Man-in-the-Middle Attacks Study

et al. 2021

View full text Add to dashboard Cite

The low-power wide-area (LPWA) technologies, which enable cost and energy-efficient wireless connectivity for massive deployments of autonomous machines, have enabled and boosted the development of many new Internet of things (IoT) applications; however, the security of LPWA technologies in general, and specifically those operating in the license-free frequency bands, have received somewhat limited attention so far. This paper focuses specifically on the security and privacy aspects of one of the most popular license-free-band LPWA technologies, which is named LoRaWAN. The paper’s key contributions are the details of the design and experimental validation of a security-focused testbed, based on the combination of software-defined radio (SDR) and GNU Radio software with a standalone LoRaWAN transceiver. By implementing the two practical man-in-the-middle attacks (i.e., the replay and bit-flipping attacks through intercepting the over-the-air activation procedure by an external to the network attacker device), we demonstrate that the developed testbed enables practical experiments for on-air security in real-life conditions. This makes the designed testbed perspective for validating the novel security solutions and approaches and draws attention to some of the relevant security challenges extant in LoRaWAN.

show abstract

Security Vulnerabilities in LPWANs—An Attack Vector Analysis for the IoT Ecosystem

Cited by 42 publications

References 95 publications

GNSS-Free Outdoor Localization Techniques for Resource-Constrained IoT Architectures: A Literature Review

GNSS-Free Outdoor Localization Techniques for Resource-Constrained IoT Architectures: A Literature Review

Energy-Aware Security Adaptation for Low-Power IoT Applications

Testbed for LoRaWAN Security: Design and Validation through Man-in-the-Middle Attacks Study

Contact Info

Product

Resources

About