Next Article in Journal
A Real Case of Implementation of the Future 5G City
Previous Article in Journal
Harnessing machine learning for fiber-induced nonlinearity mitigation in long-haul coherent optical OFDM
Previous Article in Special Issue
“Network Sentiment” Framework to Improve Security and Privacy for Smart Home
Article Menu
Issue 1 (January) cover image

Export Article

Open AccessArticle
Future Internet 2019, 11(1), 3; https://doi.org/10.3390/fi11010003

Security Risk Analysis of LoRaWAN and Future Directions

1
Information Systems and Technology, Mid Sweden University, 851 70 Sundsvall, Sweden
2
School of Engineering (DEI/ISEP), Polytechnic of Porto (IPP), 4200-072 Porto, Portugal
*
Author to whom correspondence should be addressed.
Received: 20 November 2018 / Revised: 17 December 2018 / Accepted: 18 December 2018 / Published: 21 December 2018
(This article belongs to the Special Issue IoT Security and Privacy)
Full-Text   |   PDF [1111 KB, uploaded 21 December 2018]   |  
  |   Review Reports

Abstract

LoRa (along with its upper layers definition—LoRaWAN) is one of the most promising Low Power Wide Area Network (LPWAN) technologies for implementing Internet of Things (IoT)-based applications. Although being a popular technology, several works in the literature have revealed vulnerabilities and risks regarding the security of LoRaWAN v1.0 (the official 1st specification draft). The LoRa-Alliance has built upon these findings and introduced several improvements in the security and architecture of LoRa. The result of these efforts resulted in LoRaWAN v1.1, released on 11 October 2017. This work aims at reviewing and clarifying the security aspects of LoRaWAN v1.1. By following ETSI guidelines, we provide a comprehensive Security Risk Analysis of the protocol and discuss several remedies to the security risks described. A threat catalog is presented, along with discussions and analysis in view of the scale, impact, and likelihood of each threat. To the best of the authors’ knowledge, this work is one of the first of its kind, by providing a detailed security risk analysis related to the latest version of LoRaWAN. Our analysis highlights important practical threats, such as end-device physical capture, rogue gateway and self-replay, which require particular attention by developers and organizations implementing LoRa networks. View Full-Text
Keywords: internet of things; sensor node; LPWAN; attacks; threats; vulnerabilities; IoT; analysis; risk; assessment; low power; LoRa; v1.1 internet of things; sensor node; LPWAN; attacks; threats; vulnerabilities; IoT; analysis; risk; assessment; low power; LoRa; v1.1
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Butun, I.; Pereira, N.; Gidlund, M. Security Risk Analysis of LoRaWAN and Future Directions. Future Internet 2019, 11, 3.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top