Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros

Abstract

The age of the Internet of Things is daily bringing the connection of new devices to the Internet, expecting fifty billion units by 2021. Internet of Things devices are nowadays one of the most relevant targets as an entrance for security attacks. LoRaWAN is a new wide-area wireless network technology used in Internet of Things long-range communication and it is specified to provide high data security resilience using end-to-end encryption. LoRaWAN application is a system of a system concept, and a commercial solution is usually shared with numerous parties. Then, LoRaWAN applications can operate with a third-party network server that can not be assumed as a trusted entity. In that scenario, the data can undergo an integrity attack. As the network server owns the network session key, the payload encryption is done using a XOR operation and the protocol specification is opened allowing to determine easily the data location. Furthermore, in a LoRaWAN specification version 1.0, the network server also knows the parameters to calculate an application session key that allows the network server to perform a confidentiality attack. This study aims to develop a security mechanism to improve data security resilience in LoRaWAN applications that use third-party network servers. Following that objective, an Internet of Things system was designed based on the LoRaWAN specification version 1.0. A prototype was built with Radioenge LoRa communication components in end device and gateway. The Things Network server was applied as network and application server. A risk assessment was executed to demonstrate the hazards of third-party network servers in data security. To mitigate the identified risks against unauthorized data access, a proprietary payload is proposed to be included in the application layer. The proprietary payload is formed by the data and the 4 last bytes of its SHA256 hash to delivery integrity in the application layer. Finally, the entire payload is encrypted by AES-CTR to provide confidentiality to the integrity parameter. To be easily reused in end devices of LoRaWAN applications, the proposed security mechanism was encapsulated in a library, and it is available in https://github.com/polimoraes/LoRaWANDataSecurity. In conclusion, when LoRaWAN is implemented with third-party network servers, it is essential to include additional security mechanisms to increase data security resilience, and the security mechanism developed in this work can provide resilience to LoRaWAN applications complied with 1.0 and 1.1 specification versions.