Investigation on Security Risk of LoRaWAN: Compatibility Scenarios

The LoRaWAN standard comes from the low-power wide area network (LPWAN) technology suitable for developing Internet of Things (IoT) systems that are poised to disrupt the semiconductor industry. Even as a widespread technology used for diverse applications, security issues of long-range (LoRa) networks and devices remain a major challenge. Although the LoRa Alliance enhanced the security and the network architecture of LoRaWAN from version 1.0 to version 1.1, the last version still faces some drawbacks such as vulnerability to attacks. Some works have assessed LoRaWAN (v1.0 and v1.1) security risks and vulnerabilities. Moreover, all these specifications must coexist with each other, which makes compatibility an important factor in ensuring the sustainability of this technology. For this reason, we study the vulnerability of the LoRaWAN protocol in the context of compatibility. Hence, we consider four compatibility scenarios and possible cyber-attacks when connecting devices from the two mentioned versions. In this paper, we analyze the LoRaWAN architectures and then discuss the basic security concepts related to the compatibility scenarios between homogeneous or heterogeneous systems integrating the two LoRaWAN versions. After that, we investigate and identify the potential security risks and network vulnerabilities in LoRaWAN technology. We establish a catalog of vulnerabilities for LoRaWAN on a methodological framework. The catalog contains five vulnerabilities related to LoRaWAN v1.0.x and v1.1 and seven vulnerabilities related to LoRaWAN v1.0.x. Then, we check if these vulnerabilities could be applied to the compatibility scenarios. We observe that the majority of vulnerabilities mitigated in LoRaWAN v1.1 remain present in compatibility scenarios.

Automated summary

This paper focuses on the vulnerabilities of LoRaWAN technology in the context of compatibility. It analyzes the LoRaWAN architectures and discusses basic security concepts related to compatibility scenarios. The study reveals that there are still unresolved vulnerabilities in compatibility scenarios.