Energy Attack in LoRaWAN: Experimental Validation

Myriads of new devices take their places around us every single day, making a decisive step towards bringing the concept of the Internet of Things (IoT) in reality. The Low Power Wide Area Networks (LPWANs) are today considered to be one of the most perspective connectivity enablers for the resource and traffic limited IoT. In this paper, we focus on one of the most widely used LPWAN technologies, named LoRaWAN. Departing from the traditional data-focused security attacks, in this study we investigate the robustness of LoRaWAN against energy (depletion) attacks. For many IoT devices, the energy is a limited and very valuable resource, and thus in the near future the device's energy may become the target of an intentional attack. Therefore, in the paper, we first define and discuss the possible energy attack vectors, and then experimentally validate the feasibility of an energy attack over one of these vectors. Our results decisively show that energy attacks in LoRaWAN are possible and may cause the affected device to lose a substantial amount of energy. Specifically, depending on the device's SF (Spreading Factor), the demonstrated attack increased the total energy consumption during a single communication event 36% to 576%. Importantly, the shown attack does not require the attacker to have any keys or other confidential data and can be carried against any LoRaWAN device. The presented results emphasize the importance of energy security for LPWANs in particular, and IoT in general.