Abstract
Low power wide area network (LoRaWAN) protocol has been widely used in various fields. With its rapid development, security issues about the awareness and defense against malicious events in the Internet of Things must be taken seriously. Eavesdroppers can exploit the shortcomings of the specification and the limited consumption performance of devices to carry out security attacks such as replay attacks. In the process of the over-the-air-activation (OTAA) for LoRa nodes, attackers can modify the data because the data is transmitted in plain text. If the user’s root key is leaked, the wireless sensor network will not be able to prevent malicious nodes from joining the network. To solve this security flaw in LoRaWAN, we propose a countermeasure called Secure-Packet-Transmission scheme (SPT) which works based on the LoRaWAN standard v1.1 to prevent replay attacks when an attacker has obtained the root key. The proposed scheme redefines the format of join-request packet, add the new One Time Password (OTP) encrypted method and changes the transmission strategy in OTAA between LoRa nodes and network server. The security evaluation by using the Burrows-Abadi-Needham logic (BAN Logic) and the Scyther shows that the security goal can be achieved. This paper also conducts extensive experiments by simulations and a testbed to perform feasibility and performance analysis. All results demonstrate that SPT is lightweight, efficient and able to defend against malicious behavior.
Highlights
The Long Range Wide Area Network (LoRaWAN) protocol [1] has been widely used in various industrial Internet-of-Things (IoT) scenarios such as smart agriculture, smart fire control system, smart buildings, and so on
In join-request, MHDR represents the data type; JoinEUI and DevEUI contain the basic information of a node, which is unique; DevNonce is used to record the number for joining time.Changing the DevNonce and message integrity code (MIC) is the countermeasure of defending against replay attacks
The MIC is calculated by AES128(NwkKey, MHDR|JoinEUI|DEVEUI|DevNonce).We can see the importance of the NwkKey is irreplaceable from this Equation
Summary
The Long Range Wide Area Network (LoRaWAN) protocol [1] has been widely used in various industrial Internet-of-Things (IoT) scenarios such as smart agriculture, smart fire control system, smart buildings, and so on. It is a new type of wireless communication protocol designed to support low power and long range wireless communications at a low data transmission rate dedicated to various IoT applications. In join-request, MHDR represents the data type; JoinEUI and DevEUI contain the basic information of a node, which is unique; DevNonce is used to record the number for joining time.Changing the DevNonce and MIC is the countermeasure of defending against replay attacks. If the root key cannot be properly kept, all security measures may fail
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
