| Popis: |
With the proliferation of network connected embedded devices exploding the market, many competing technologies are vying to be the next generation's standard for the Internet of Things paradigm. Among these, LoRaWAN has emerged to be a promising contender with its open platform and open source stack implementations. Since its inception in 2015, LoRaWAN specifications have come under heavy scrutiny from many security researchers, who have discovered several vulnerabilities for the technology. In this paper, we inspect the changes introduced in the newest version of the specification (v1.1), and analyze them to see if the discovered vulnerabilities have been addressed or not. Our analysis shows that while LoRaWAN has made strides specifically on replay attacks and confidentiality, there is room for improvement yet in areas of integrity, availability and authentication. While some of these improvements are possible through implementation guidelines, others may require modifications of the specifications to apply appropriate countermeasures to eliminate the vulnerabilities. Future revisions to the LoRaWAN protocol should consider the body of vulnerability knowledge and countermeasures proposed in literature to create the foundations for a secure and robust IoT network. |
