Extended 3-Party \(\text{ACCE}\) and Application to LoRaWAN 1.1

  • Sébastien Canard
  • Loïc FerreiraEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11627)


LoRaWAN is an IoT protocol deployed worldwide. Whereas the first version 1.0 has been shown to be weak against several types of attacks, the new version 1.1 has been recently released, and aims, in particular, at providing corrections to the previous release. It introduces also a third entity, turning the original 2-party protocol into a 3-party protocol. In this paper, we provide the first security analysis of LoRaWAN 1.1 in its 3-party setting with a provable approach, and show that it suffers from several flaws. Based on the \({\text{3(S)ACCE}}\) model of Bhargavan et al., we then propose an extended framework that we use to analyse the security of LoRaWAN-like 3-party protocols, and describe a generic 3-party protocol provably secure in this extended model. We use this provable security approach to propose a slightly modified version of LoRaWAN 1.1. We show how to concretely instantiate this alternative, and formally prove its security in our extended model.


Security protocols Security model Internet of Things LoRaWAN 


  1. 1.
    Alt, S., Fouque, P.-A., Macario-rat, G., Onete, C., Richard, B.: A cryptographic analysis of UMTS/LTE AKA. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 18–35. Springer, Cham (2016). Scholar
  2. 2.
    Avoine, G., Ferreira, L.: Rescuing LoRaWAN 1.0. In: Financial Cryptography and Data Security (FC 2018) (2018).
  3. 3.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). Scholar
  4. 4.
    Bhargavan, K., Boureanu, I., Delignat-Lavaud, A., Fouque, P., Onete, C.: A formal treatment of accountable proxying over TLS. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 339–356 (2018)Google Scholar
  5. 5.
    Bhargavan, K., Boureanu, I., Fouque, P.A., Onete, C., Richard, B.: Content delivery over TLS: a cryptographic analysis of keyless SSL. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 1–16. IEEE, April 2017Google Scholar
  6. 6.
    Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997). Scholar
  7. 7.
    Canard, S., Ferreira, L.: Extended 3-Party ACCE and Application to LoRaWAN 1.1. Cryptology ePrint Archive (2019).
  8. 8.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001). Scholar
  9. 9.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol - Version 1.2 (August 2008), RFC 5246Google Scholar
  10. 10.
    Dowling, B., Fischlin, M., Günther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In: Ray, I., Li, N., Kruegel: C. (eds.) ACM CCS 15. pp. 1197–1210. ACM Press, October 2015Google Scholar
  11. 11.
    Eronen, P., Tschofenig, H.: Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) (December 2005), RFC 4279Google Scholar
  12. 12.
    Fouque, P.A., Onete, C., Richard, B.: Achieving better privacy for the 3GPP AKA protocol. Cryptology ePrint Archive, Report 2016/480 (2016)Google Scholar
  13. 13.
    Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. Cryptology ePrint Archive, Report 2011/219 (2011)Google Scholar
  14. 14.
    Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DH and TLS-RSA in the standard model. Cryptology ePrint Archive, Report 2013/367 (2013)Google Scholar
  15. 15.
    Krawczyk, H.: SIGMA: the ‘SIGn-and-MAc’ approach to authenticated Diffie-Hellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003). Scholar
  16. 16.
    Lundgren, L.: Taking over the world through MQTT - Aftermath. Black Hat USA (2017)Google Scholar
  17. 17.
    McGrew, D.: An Interface and Algorithms for Authenticated Encryption (January 2008), RFC 5116Google Scholar
  18. 18.
    Morrissey, P., Smart, N.P., Warinschi, B.: A modular security analysis of the TLS handshake protocol. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 55–73. Springer, Heidelberg (2008). Scholar
  19. 19.
    Naylor, D., et al.: Multi-Context TLS (mcTLS): enabling secure in-network functionality in TLS. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, SIGCOMM 2015, pp. 199–212. ACM (2015)Google Scholar
  20. 20.
    Nir, Y., Langley, A.: ChaCha20 and Poly1305 for IETF Protocols (May 2015), RFC 7539Google Scholar
  21. 21.
    Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3 (August 2018), RFC 8446Google Scholar
  22. 22.
    Sornin, N.: LoRaWAN 1.1 Specification (June 2017), LoRa Alliance, version 1.1Google Scholar
  23. 23.
    Sornin, N., Luis, M., Eirich, T., Kramp, T.: LoRaWAN Specification (July 2016), LoRa Alliance, version 1.0Google Scholar
  24. 24.
    Wu, T.: The SRP Authentication and Key Exchange System (September 2000), RFC 2945Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Orange Labs, Applied Crypto GroupCaenFrance
  2. 2.Univ Rennes, INSA Rennes, CNRS, IRISARennesFrance

Personalised recommendations