Protecting Gateway from ABP Replay Attack on LoRaWAN
This paper discusses the problem of replay attacks with the ABP (Activation By Personalisation) authentication method on the LoRaWAN infrastructure and proposes effective gateway protection. To solve the problem, an experiment is replicated that simulates the attacker and is embedded in a real infrastructure environment. Subsequently, a detector is proposed and implemented based on knowledge of attacker’s steps. The paper brings a proposed and verified detection algorithm that is implemented directly on the gate with an attack incident report. The aim of this approach is to prevent server-side spoofing and dosing attack on the end-device.
KeywordsLoRaWAN LoRA Replay attack ABP Detection Internet of Things IoT LPWAN
This work was supported by the Secure Gateway for Internet of Things (SIoT) project No. VI20172020079 funded by the Ministry of the Interior of the Czech Republic and partially by the project Networks and Telecommunications Technologies for Smart Cities under SGS Grant SP2018/59 conducted by the VSB-Technical University of Ostrava, Czech Republic.
- 6.Na, S., Hwang, D., Shin, W., Kim, K.-H.: Scenario and countermeasure for replay attack using join request messages in LoRaWAN. In: 2017 International Conference on Information Networking (ICOIN), pp. 718–720. IEEE (2017). https://doi.org/10.1109/ICOIN.2017.7899580, http://ieeexplore.ieee.org/document/7899580/. Accessed 31 July 2018. ISBN 978-1-5090-5124-3
- 7.Tomasin, S., Zulian, S., Vangelista, L.: Security analysis of LoRaWAN join procedure for Internet of Things networks. In: 2017 IEEE Wireless Communications and Networking Conference Workshops (WCNCW), pp. 1–6. IEEE (2017). https://doi.org/10.1109/WCNCW.2017.7919091, http://ieeexplore.ieee.org/document/7919091/. Accessed 31 July 2018. ISBN 978-1-5090-5908-9
- 8.Sung, W.-J., Ahn, H.-G., Kim, J.-B., Choi, S.-G.: Protecting end-device from replay attack on LoRaWAN. In: 2018 20th International Conference on Advanced Communication Technology (ICACT), pp. 167–171. IEEE (2018). https://doi.org/10.23919/ICACT.2018.8323684, https://ieeexplore.ieee.org/document/8323684/. ISBN 979-11-88428-01-4
- 9.Miller, R.: LoRa Security - Building a Secure LoRa Solution, MWR Labs. https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-LoRa-securityguide-1.2-2016-03-22.pdf
- 10.Yang, X.: LoRaWAN: Vulnerability Analysis and Practical Exploitation (2017). https://repository.tudelft.nl/islandora/object/uuid%3A87730790-6166-4424-9d82-8fe815733f1e
- 11.LoRa Alliance: A technical overview of LoRa and LoRaWAN (2015). https://www.lora-alliance.org/what-is-lora
- 12.Semtech Sx1272/73: Datasheet (2015). http://www.semtech.com/images/datasheet/sx1272.pdf. Accessed 12 May 2015
- 13.IMST GmbH Germany: WiMOD iC880A datasheet (2015). https://wireless-solutions.de/products/radiomodules/ic880a.html
- 14.LoRa App Server – open-source LoRaWAN application-server. https://docs.loraserver.io/lora-app-server/. Accessed 05 July 2017
- 15.The LoRa Alliance: LoRaWAN 1.1 Specification, October 2017Google Scholar