Security of LoRaWAN v1.1 in Backward Compatibility Scenarios

Abstract

<p>We present security vulnerabilities of LoRaWAN v1.1 in backward compatibility scenarios and propose countermeasures. Novel low-power wireless communication technologies are continuously introduced into the IoT ecosystem, while the existing ones continue their evolution by adding new features and fixing known problems. Since most of IoT-based applications involve communication of sensitive data with remote users, it is crucial to scrutinize the security of the emerging low-power wireless communication technologies. LoRaWAN is a Low Power Wide Area Network (LPWAN) protocol that is optimized for wireless battery-powered IoT devices. The current LoRaWAN v1.1 states only one possible backward compatibility scenario without defining all the associated security behaviors and their implications for the system’s overall security. This work examines the applicability of v1.0.2 attacks in fall-back cases by consolidating the vulnerabilities of v1.0.2 and the resulting attacks. After determining the possible attacks, countermeasures to prevent DoS attacks that target the <em>join procedure,</em> replay of data, and eavesdropping in backward compatibility scenarios are proposed.</p>