research-article

ChirpOTLE: a framework for practical LoRaWAN security evaluation

Authors:

Flor ÁlvarezAuthors Info & Claims

WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Pages 306 - 316

https://doi.org/10.1145/3395351.3399423

Published: 21 July 2020 Publication History

Abstract

Low-power wide-area networks (LPWANs) are becoming an integral part of the Internet of Things. As a consequence, businesses, administration, and, subsequently, society itself depend on the reliability and availability of these communication networks.

Released in 2015, LoRaWAN gained popularity and attracted the focus of security research, revealing a number of vulnerabilities. This lead to the revised LoRaWAN 1.1 specification in late 2017. Most of previous work focused on simulation and theoretical approaches. Interoperability and the variety of implementations complicate the risk assessment for a specific LoRaWAN network.

In this paper, we address these issues by introducing ChirpOTLE, a LoRa and LoRaWAN security evaluation framework suitable for rapid iteration and testing of attacks in testbeds and assessing the security of real-world networks. We demonstrate the potential of our framework by verifying the applicability of a novel denial-of-service attack targeting the adaptive data rate mechanism in a testbed using common off-the-shelf hardware. Furthermore, we show the feasibility of the Class B beacon spoofing attack, which has not been demonstrated in practice before.

References

[1]

Khaled Q Abdelfadeel, Victor Cionca, and Dirk Pesch. 2018. Fair Adaptive Data Rate Allocation and Power Control in LoRaWAN. In 2018 IEEE 19th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM). IEEE, Chania, Greece, 14--15.

[2]

Emekcan Aras, Gowri Sankar Ramachandran, Piers Lawrence, and Danny Hughes. 2017. Exploring the Security Vulnerabilities of LoRa. In Cybernetics (CYBCONF), 2017 3rd IEEE International Conference on. IEEE, Exeter, UK, 1--6.

[3]

Emekcan Aras, Nicolas Small, Gowri Sankar Ramachandran, Stéphane Delbruel, Wouter Joosen, and Danny Hughes. 2017. Selective Jamming of LoRaWAN Using Commodity Hardware. In Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous 2017). Association for Computing Machinery, Melbourne, VIC, Australia, 363--372.

Digital Library

[4]

Emmanuel Baccelli, Cenk Gündoğan, Oliver Hahm, Peter Kietzmann, Martine S Lenders, Hauke Petersen, Kaspar Schleiser, Thomas C Schmidt, and Matthias Wählisch. 2018. RIOT: An Open Source Operating System for Low-End Embedded Devices in the IoT. IEEE Internet of Things Journal 5, 6 (2018), 4428--4440.

[5]

Martin Bor and Utz Roedig. 2017. LoRa Transmission Parameter Selection. In 2017 13th International Conference on Distributed Computing in Sensor Systems (DCOSS). IEEE, Ottawa, ON, Canada, 27--34.

[6]

Orne Brocaar. 2020. Chirpstack Network Server. GitHub Repository. https://github.com/brocaar/chirpstack-network-server

[7]

Ismail Butun, Nuno Pereira, and Mikael Gidlund. 2018. Analysis of LoRaWAN v1.1 Security. In Proceedings of the 4th ACM MobiHoc Workshop on Experiences with the Design and Implementation of Smart Objects (SMARTOBJECTS '18). ACM, Association for Computing Machinery, Los Angeles, California, 1--6.

Digital Library

[8]

LoRa Alliance Technical Committee. 2017. LoRaWAN^™ Specification V1.1. Technical Report. LoRa Alliance. https://lora-alliance.org/resource-hub/lorawantm-specification-v11

[9]

LoRa Alliance Technical Committee. 2018. LoRaWAN^™ Specification V1.0.3. Technical Report. LoRa Alliance. https://lora-alliance.org/resource-hub/lorawantm-specification-v103

[10]

Semtech Corporation. 2016. LoRaWAN - simple rate adaptation recommended algorithm. Technical Report. Semtech Corporation.

[11]

Daniele Croce, Michele Gucciardo, Stefano Mangione, Giuseppe Santaromita, and Ilenia Tinnirello. 2018. Impact of LoRa Imperfect Orthogonality: Analysis of Link-Level Performance. IEEE Communications Letters 22, 4 (Jan. 2018), 796--799.

[12]

Francesca Cuomo, Manuel Campo, Alberto Caponi, Giuseppe Bianchi, Giampaolo Rossini, and Patrizio Pisani. 2017. EXPLoRa: Extending the performance of LoRa by suitable spreading factor allocations. In 2017 IEEE 13th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). IEEE, Rome, Italy, 1--8.

[13]

Tahsin CM Dönmez and Ethiopia Nigussie. 2018. Security of LoRaWAN v1.1 in Backward Compatibility Scenarios. Procedia computer science 134 (2018), 51--58.

[14]

ETSI. 2012. ETSI EN 300 220-1: Electromagnetic compatibility and Radio spectrum Matters (ERM); Short Range Devices (SRD); Radio equipment to be used in the 25 MHz to 1 000 MHz frequency range with power levels ranging up to 500 mW; Part 1: Technical characteristics and test methods. Technical Report. European Telecommunications Standards Institute.

[15]

Claire Goursaud and Jean-Marie Gorce. 2015. Dedicated networks for IoT: PHY/MAC state of the art and challenges. EAI Endorsed Transactions on Internet of Things 1, 1 (Oct. 2015), 1--11.

[16]

Shengyang Li, Usman Raza, and Aftab Khan. 2018. How Agile is the Adaptive Data Rate Mechanism of LoRaWAN?. In 2018 IEEE Global Communications Conference (GLOBECOM). IEEE, Abu Dhabi, United Arab Emirates, United Arab Emirates, 206--212.

[17]

Robert Miller. 2016. Lora Security: Building a Secure LoRa Solution. MWR Labs Whitepaper.

[18]

The Things Network. 2020. The Things Stack. GitHub Repository. https://github.com/TheThingsNetwork/lorawan-stack

[19]

Brecht Reynders, Wannes Meert, and Sofie Pollin. 2017. Power and spreading factor control in low power wide area networks. In 2017 IEEE International Conference on Communications (ICC). IEEE, Paris, France, 1--6.

[20]

Nicolas Sornin, Miguel Luis, Thomas Eirich, Thorsten Kramp, and Olivier Hersent. 2016. LoRaWAN^™ Specification V1.0.2. Technical Report. LoRa Alliance. https://lora-alliance.org/resource-hub/lorawantm-specification-v102

[21]

Daniel Steinmetzer, Milan Stute, and Matthias Hollick. 2018. TPy: A Lightweight Framework for Agile Distributed Network Experiments. In Proceedings of the 12th International Workshop on Wireless Network Testbeds, Experimental Evaluation & Characterization (WiNTECH '18). Association for Computing Machinery, New Delhi, India, 38--45.

Digital Library

[22]

Eef van Es, Harald Vranken, and Arjen Hommersom. 2018. Denial-of-Service Attacks on LoRaWAN. In Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018). ACM, Association for Computing Machinery, Hamburg, Germany, 1--6.

Digital Library

[23]

Xueying Yang. 2017. LoRaWAN: Vulnerability Analysis and Practical Exploitation. Master's thesis. Delft University of Technology.

[24]

Xueying Yang, Evgenios Karampatzakis, Christian Doerr, and Fernando Kuipers. 2018. Security Vulnerabilities in LoRaWAN. In 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI). IEEE, IEEE, Orlando, FL, USA, 129--140.

Cited By

Katsini CEpiphaniou GMaple C(2024)Towards an Evaluation Framework for Extended Reality Authentication SchemesExtended Abstracts of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613905.3651021(1-6)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613905.3651021
He WWu WGu XChen Z(2024)Diff-ADF: Differential Adjacent-dual-frame Radio Frequency Fingerprinting for LoRa DevicesIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621079(2089-2098)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621079
Thaenkaew PQuoitin BMeddahi A(2023)Leveraging Larger AES Keys in LoRaWAN: A Practical Evaluation of Energy and Time CostsSensors10.3390/s2322917223:22(9172)Online publication date: 14-Nov-2023
https://doi.org/10.3390/s23229172
Show More Cited By

Index Terms

ChirpOTLE: a framework for practical LoRaWAN security evaluation

Recommendations

Denial-of-Service Attacks on LoRaWAN
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

LoRaWAN is the dominant protocol for communication in low-power Wide Area Networks in several European countries, and is being used increasingly in other parts of the world. We identified three vulnerabilities in the LoRaWAN protocol specification that ...
A Simple and Efficient Replay Attack Prevention Scheme for LoRaWAN
ICCNS '17: Proceedings of the 2017 7th International Conference on Communication and Network Security

In recent years, LPWAN technology, designed to realize low-power and long distance communication, has attracted much attention. Among several LPWAN technologies, Long Range (LoRa) is one of the most competitive physical layer protocol. Long Range Wide ...
LoRaWAN Security: An Evolvable Survey on Vulnerabilities, Attacks and their Systematic Mitigation
The changing vulnerability and threat landscape constantly challenge the security of wireless communication standards and protocols. For the Internet of Things (IoT), LoRaWAN is one of the dominant technologies for urban environments, industrial settings, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

July 2020

366 pages

ISBN:9781450380065

DOI:10.1145/3395351

General Chairs:
René Mayrhofer
Johannes Kepler University Linz, Linz, AT
,
Michael Roland
Johannes Kepler University Linz, Linz, AT

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 July 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Hessen State Ministry for Higher Education, Research and the Arts
German Federal Ministry of Education and Research

Conference

WiSec '20

Sponsor:

SIGSAC

WiSec '20: 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

July 8 - 10, 2020

Linz, Austria

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
335
Total Downloads

Downloads (Last 12 months)82
Downloads (Last 6 weeks)2

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Katsini CEpiphaniou GMaple C(2024)Towards an Evaluation Framework for Extended Reality Authentication SchemesExtended Abstracts of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613905.3651021(1-6)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613905.3651021
He WWu WGu XChen Z(2024)Diff-ADF: Differential Adjacent-dual-frame Radio Frequency Fingerprinting for LoRa DevicesIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621079(2089-2098)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621079
Thaenkaew PQuoitin BMeddahi A(2023)Leveraging Larger AES Keys in LoRaWAN: A Practical Evaluation of Energy and Time CostsSensors10.3390/s2322917223:22(9172)Online publication date: 14-Nov-2023
https://doi.org/10.3390/s23229172
Wong AGoh SHasan MFattah S(2023)Multi-Hop and Mesh for LoRa Networks: Recent Advancements, Issues, and Recommended ApplicationsACM Computing Surveys10.1145/363824156:6(1-43)Online publication date: 20-Dec-2023
https://dl.acm.org/doi/10.1145/3638241
Hessel FAlmon LHollick M(2023)LoRaWAN Security: An Evolvable Survey on Vulnerabilities, Attacks and their Systematic MitigationACM Transactions on Sensor Networks10.1145/356197318:4(1-55)Online publication date: 7-Mar-2023
https://dl.acm.org/doi/10.1145/3561973
Bouazzati MTessier RTanguy PGogniat G(2023)A Lightweight Intrusion Detection System against IoT Memory Corruption Attacks2023 26th International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS)10.1109/DDECS57882.2023.10139718(118-123)Online publication date: 3-May-2023
https://doi.org/10.1109/DDECS57882.2023.10139718
Ruotsalainen HShen GZhang JFujdiak R(2022)LoRaWAN Physical Layer-Based Attacks and Countermeasures, A ReviewSensors10.3390/s2209312722:9(3127)Online publication date: 19-Apr-2022
https://doi.org/10.3390/s22093127
Sun ZYang HLiu KYin ZLi ZXu W(2022)Recent Advances in LoRa: A Comprehensive SurveyACM Transactions on Sensor Networks10.1145/354385618:4(1-44)Online publication date: 29-Nov-2022
https://dl.acm.org/doi/10.1145/3543856
Ruotsalainen H(2022)Reactive Jamming Detection for LoRaWAN Based on Meta-Data DifferencingProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3543805(1-8)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3543805
Thaenkaew PQuoitin BMeddahi A(2022)Evaluating the cost of beyond AES-128 LoRaWAN security2022 International Symposium on Networks, Computers and Communications (ISNCC)10.1109/ISNCC55209.2022.9851811(1-6)Online publication date: 19-Jul-2022
https://doi.org/10.1109/ISNCC55209.2022.9851811
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents