Exploring Communication Features and Security Vulnerabilities of Long-Range (LoRa) Networks

Abstract

Internet of Things (IoT) comprises devices that can communicate with each other and the computing infrastructure. IoT devices are used mostly for automatization, they gather information, analyze it, and create an action. LPWAN is a networking infrastructure solution for the Internet of Things. It is a relatively new class of wireless communication systems designed for long-range and low-power performance meaning they transmit data slower but with long-range and low battery usage. There are several LPWAN protocols, such as SigFox, DASH7, NB-IoT, and LoRaWAN. LoRaWAN is gaining a lot of traction from the manufacturing and academic communities due to its low implementation costs and scalable network-layer protocols. For this thesis, we have focused on the LoRaWAN protocol. It has seen fast acceptance in the world of IoT since its introduction in 2015. However, since LoRaWAN is still relatively new, its extent of protection has not been thoroughly researched. The main objective of this thesis is the examination of the LoRaWAN operations and the security features, namely activation methods, security keys, protocol architecture, and security architecture. Additionally, the range and coverage of LoRa devices manufactured by the “The Things Network” community have been tested. Furthermore, we have discovered and analyzed a few vulnerabilities of LoRaWAN. Experimental validation for each attack has been executed in a controlled environment and with the use of references. Finally, we have discussed the best practices for better connectivity between the sensors and gateways and how these attacks can be mitigated or protected against.