IoT and LoRaWAN

-

The internet of things in the current world needs a wide network to handle a great many nodes well connected to each other and accessing the internet. This requires a network which is capable of handling the huge interconnectivity. The sensors on wireless networks are dependent upon devices with limited energy. This has led the network industry to explore methods with which energy could be saved. Considering the plethora of nodes connected over the internet LoRaWAN is an optimum solution. LoRaWAN is a low range-low power wide area network protocol for internet of things. The Low range-low power technology is being adopted all over the world as it is a licensed, free, low power WAN ecosystem. This protocol can provide smooth connectivity among large numbers of nodes interconnected on the internet. It helps to address problems of bandwidth latency and coverage over large range. It is a feasible technology which allows communication for long-range apps.

This review report illustrates the LoRaWAN Security Framework in detail. It further discusses the strengths and weaknesses of this protocol and suggests a security plan for using it with more secure environment. It further justifies the use of the security plan from the perspective of an expert in order to attract customers.

LoRaWAN Security Framework

Network Architecture

The basic network architecture of LoRaWAN has star topology where end nodes communicate over gateways. After receiving the data, the gateways send the LoRa packets to network server who further send network control and media access control commands to end nodes.  

Device Classes

LoRaWAN utilizes different energy efficient communication classes. It is classified as 
Class A: It allows bi-directional communication where two down-link receive windows follow one uplink transmission. These devices are best for the applications that require downlink communication from the server once the uplink transmission is sent by the end- device. These devices operate in the low power end device system.
Class B: These devices provide extra receive windows which are opened at scheduled time. The gateway gives a synchronized beacon to open the receive window. This helps the server to identify the end device which is listening. 
Class C: These devices provide maximum number of receive slots. The end nodes of these devices close only during transmission and the receive windows remain open almost continuously.

Network Capacity

The gateway for this security plan requires to be capable of catering a huge volume of nodes in order to send and receive messages. It receives messages on multiple channels simultaneously for which it needs adaptive data rate and multichannel transmission. Adaptive data rate will work when considerable downlink capacity is available. It optimizes the node’s battery life too. A node placed nearby the gateway and with a good link will not use the lowest data rate thus shifting the data rate higher. This provides more space to other nodes on the network to transmit data. Such a network can have more gateways with minimum infrastructure requirement scaling the network capacity many times as compared to other network alternatives.

Battery Lifetime

Aloha method is used in LoRaWAN design. The asynchronous nodes in a LoRaWAN network communicate only when they have data to send. Mesh network is not recommended as it consumes a lot of energy and reduces the battery power. 

Frequency Bands

LoRaWAN security plan is available freely in unlicensed spectrum. It is specific to the region where it is implemented and has a number of bands for those regions. Network operators can select different frequency plans on basis of variations and regulations of their region.

Security

LoRaWAN uses three 128-bit keys named as AppKey, NwkSKey and AppSKey. The first key is only with the application. The second key is the network application key and third is network session key which are generated when the node joins a network. AppSKey encrypts the application payload and NwkSKey validates the massage for its integrity. This setup uses AES-128 algorithm. 

Security Analysis

Vulnerability to attacks and their Mitigation


There are some vulnerabilities encountered in the LoRaWAN protocol. It is vulnerable to certain attacks like 
  1. Bit-flipping attack [1]: In such man-in-the-middle attacks, an attacker may be able to modify the conversations between application server and the network server making the servers insecure. This susceptibility is true in case there are many servers involved in the network.
  2. Replay attack: ABP uses static key programmed in the device. The adversary may keep a check on messages and store them, waits for counter to be reset and replays the bad message repeatedly to perform DoS attack. This attack may be mitigated by adopting new keys from time to time, providing protection to end devices physically and through rekeying when counter attains highest value.
  3. Eavesdropping: The attacker may guess part of the message and derive the other half. The probability of correct guess increases if the plaintexts are readable. The chances of this attack can be reduced by rekeying during reset.
  4. LoRa Class B Attacks: Class B network balances power consumption. Beacons are not encrypted hence the gateway location may be spoofed exhausting the battery of the device. This may be prevented by authenticating the beacon frames.

An issue with key management methodology has also been observed in LoRaWAN. The sessions key NwksKey and AppsKey are generated by NS. It can decrypt the messages passing thus making the network vulnerable to attacks. Certain vulnerabilities in the phases of key management, communications, and network connection may be encountered. Since the communication is over wireless LoRaWAN network, it is vulnerable to jamming attacks as well as interference with other networks.

Strengths of LoRaWAN

LoRaWAN technology has many strengths owing to its adaptability to actual transmission.  
  • It offers to deploy private networks and inexpensive end machines.
  • End nodes can operate on low power through LoRaWAN
  • LoRaWAN reduces operational costs while deploying dense IoT netwroks.
  • Clients do not need to subscribe to network services by using LoRaWAN 
  • LoRaWAN has single gateway to cover large network. 

For future, this proposed security framework will be evaluated over its performance and the results will be used to compare it with other security techniques in order to improve the plan further.

Recommendations

LoRaWAN security plan elaborated in this review is apt to be chosen by customers as it offers lot of benefits which should be considered while selecting a network security plan for a network. LoRaWAN security offers a design which consumes low power. It is scalable for big and small networks with low implementation complexity and it is less expensive as compared to other security techniques. It provides secure end to end devices with key management from provision to operations. Some of the fields where LoRaWAN can be useful are 
  • Emergency services: In case of cellular failure, this security design helps in location communications, messaging and talking.
  • Environment monitoring: This design may be helpful in collecting data from multiple monitoring stations and enable it for efficient environment management.
  • Smart homes: Various home security products like motion sensors and person tracker, etc. with LoRaWAN security plan provide protection. It may also be used as broadband hub in common households in future.

To name a few more places where LoRaWAN may be used are CCTV, animal husbandry, smart garbage disposal. Hence, this security plan will prove to be a smart choice from the perspective of a security expert.

Overview & LoRaWAN’s Future Enhancement


The future enhancements of devices using LoRaWAN are devices that can see, ear, speak and probably predict. This technology can and will prove successful in connecting man and machine into a user-friendly environment where daily life will be enhanced through highly aware devices all around. It will offer smart city applications with IoT such as infrastructure management, smart lighting, smart parking, etc. It will also benefit the industries through smart sensor technology, item tracking, shipping, etc.  Thus, LoRaWAN technology will play a significant role in proving low cost and smart network in future. 

References

  1. Dr. Ketan Rajawat, Ms. Shivi Mangal. Performance Evaluation of LoRaWAN with Decreasing RSSI Values  
  2. Ismail Butun, Nuno Periera Mikael Gidlund. Article: Security Risk Analysis of LoRaWAN and Future Directions. https://doi.org/10.3390/fi11010003 
  3. Jonathan de Carvalho Silva, Joel J. P C Rodirgues. LoRaWAN — A low power WAN protocol for Internet of Things: A review and opportunities. Publisher: IEEE. 2017 
  4. Bogdan Oniga, Vasile Dadarlat Department of Computer Sciences, Technical University of Cluj-Napoca. Analysis, design and implementation of secure LoRaWAN sensor networks

Comments

Post a Comment

Popular posts from this blog

IoT: Device Vulnerability & Security Concerns in Wearable Devices

-
Wearable IoT have broaden and improved the perspective of individuals about their surroundings. A successful IoT device has to be affordable as well as reliable. It should not interfere with other devices and should incorporate mechanisms to remain immune from interferences. It should further ensure effective battery life with perfect functionality and energy efficiency. However, the risks involved in attaining this ideal scenario are many. IoT include a plethora of devices or things like vehicles, smartphones, televisions, wearable devices like fitness tracking devices, smartwatch and Google Glass, etc. These devices are embedded with software applications, sensors and other components for receiving and sending data. A colossus of connected devices is created by inter-connectivity of those devices. This connectivity offers magnificent benefits to people’s lives but it entails certain security and privacy concerns. The most conspicuous among them are the wearable devices which are gain
Read more

Research Outlet: Industry Academia Collaboration Program

-
Image
In this era of new technologies emerging at an unprecedented fast pace, there is a binding need for collaboration between industry and academia. This article discusses the aspects of such alliance. Role of Academic I nstitut ions Academic I nstitut ions  serve both the industry and academia by providing a workforce, as well as furnishing innovative ideas to start new businesses. Therefore, the two are analogous to two banks of a river with their own independent sides. The two banks can be connected through bridges of science and engineering disciplines to contribute to the betterment of both—the industry and institutes. Therefore, institutes have to keep the curriculum in line with the changing needs of industry. Although it is not a quick and easy process but a continuous update in the syllabus shall keep the students and teachers at par with the demand in the market. The students learn the topics like testing, project leadership, management, professionalism and other skills within th
Read more

Artificial Intelligence in Patient Health Monitoring System

-
 Artificial Intelligence is the study and implementation of actions on computational devices which require human intervention. AI captures the intelligence and uses it in computation technology. Robert Plant stated “if Socrates is a man and all men are mortal, then it can be inferred that Socrates is mortal”. Similarly, AI works on the principle of transitive dependency. Human activities are recorded as the acceptable standard of decision making. Machine intelligence is built over those records and decisions are made by the intelligent machine which work very similar to humans. Basic Benefits to Healthcare workers and patients Software applications on Health care system are advantageous to the healthcare facilities, healthcare workers and patients. Some of the benefits of AI in health domain are The information can be quickly accessed with reduced errors. Healthcare workers can coordinate better among themselves reduced need of visiting healthcare facility AI offers better education an
Read more