Low Power Wide Area Networks (LPWAN) are becoming popular with their wide range of applications in IoT and Machine-to-machine (M2M) communication. Since these networks are dealing with enormous amounts of sensitive data, security has become a major concern when designing LPWAN networks. In this article, we will briefly discuss some of the common attacks on LPWAN networks and the different mitigation measures available in such networks.
General attacks and risks on LPWAN networks
With the rapid popularity of LPWAN networks, security is becoming a major concern, as the volume of information and end-users increase. Here we will first discuss some of the common attacks on LPWAN and IoT networks in general.
These attacks are aimed at eavesdropping or manipulating sensitive information in the network. Moreover, overriding the control of the system is another ambition of the attacker. Now let us investigate some of the attack jargon in LPWAN networks.
A major type of attack involves compromising devices and network keys. Here an attacker would spoof into the network, to expose and exploit network and device keys. Once these keys are compromised and exploited, the genuine user would lose his connection to the network. This attack can be prominent in networks with less powerful passwords. As an alternative to passwords, IoT network designers can consider using access tokens, which are much safer than general passwords and keys.
Jamming attacks are another type of prominent attacks in LPWAN networks. Usually, this is sometimes intended by different regulatory bodies like the government. However, an attacker can transmit a powerful radio signal which would interrupt the IoT devices and applications. This can be detected when the devices in a network suddenly fail simultaneously. In the case of LPWAN technologies, these attacks are prominent in LoRaWAN devices, as it is possible to undertake a jamming attack on LoRa devices by using commercial off-the-shelf LoRa hardware.
An attacker can resend or repeat a set of valid data transmissions over the LPWAN network to exhaust the network resources. These attacks are called replay attacks. The main driving factor behind these attacks is to exhaust the network resources and penetrating to the network by using previous messages and handshakes. However, this is not an easy attack. To carry out this attack, the attacker should have prior knowledge of communication frequencies and channels to access data in the network. Therefore, these attacks are less prominent in LPWAN networks.
A Wormhole attack is an attack where an attacker captures the packets of data from one device in the network and transmits this packet of data to another device in the network. This is an easy attack when compared to a replay attack and can be launched without prior knowledge of the cryptographic mechanism of the network.
Security features in different LPWAN technologies
Now, having investigated some of the general types of attacks on LPWAN networks, let us investigate some of the security features in the LPWAN technologies.
LoRaWAN Security features
LoRaWAN is a popular LPWAN technology that is widely deployed in numerous IoT applications. LoRaWAN networks are encrypted using AES-128 encryption method. This encryption method is responsible for ensuring multi-layer security.
LoRaWAN security is ensured by its activation methods. These activation methods ensure the connection of valid devices to the LoRaWAN network. Over-the-Air activation (OTAA) provides session keys that would change each time the device rejoins the network. This prevents potential security risks and threats. Moreover, to counterattack replay attacks, LoRaWAN uplink/downlink message counters. Also, LoRaWAN devices store security credentials in hardware that is difficult to manipulate and access. Overall, LoRaWAN security features ensure secure network connection, however, these networks are susceptible to jamming attacks, compromising device and network keys, replay attacks, and wormhole attacks.
Sigfox security features
Unlike LoRaWAN, Sigfox is considered as a more secure option among LPWAN technologies. An interesting security feature in Sigfox is its in-built firewall. This restricts malicious devices and attackers spoofing onto the network. This also ensures the relevant device nodes get only the required information rather, thus, avoiding unnecessary traffic toward the end devices. Moreover, Sigfox devices are given a unique symmetrical authentication key during manufacturing, this restricts device compromission. Finally, Sigfox architecture ensures replay attack avoidance and ensures secure data authentication.
Also, unlike LoRaWAN devices, Sigfox devices lack OTA mechanism, which reduces additional risks and threats. However, Sigfox has given the user the flexibility of choosing a proper encryption mechanism, which can increase the risk level in the network.
NB-IoT security features
NB-IoT is a cellular-based LPWAN technology that inherits the authentication and encryption mechanisms found in cellular communication technologies. Also, this can be considered the most secure LPWAN technology apart from LTE-M which is another cellular-based LPWAN technology. Unlike LoRaWAN and Sigfox, NB-IoT operates in the licensed frequency spectrum making it less susceptible to attacks from unauthorized personnel due to the regulations. Moreover, since network communication is overlooked by network operators, they provide additional secure communication channels. Virtual Private Networks (VPNs) are a popular option available in cellular-based IoT networks.
Finally, NB-IoT network uses Non-IP Data Delivery (NIDD) which allows a device to send data to the network without an IP stack. This makes the device untraceable by its IP address and headers in the network.
General Strategies to mitigate IoT security risks in your design
We briefly discussed different security threats and risks prominent in LPWAN networks. Also, we have specifically discussed some of the main security features of different LPWAN technologies. Despite these security features in different technologies, we should be aware of some of the general tips to avoid security risks and threats to our network.
The first general tip is to secure your design connection with the help of proper encryption mechanisms and firewalls if needed. Depending on the design consideration, you may even consider having a hardware-based firewall. Moreover, it is always more important to be proactive than to be reactive. Therefore, make sure to have a proper risk assessment of your design before deployment and clearly identify the information that the end devices of the LPWAN network will be collecting. Finally, add some redundancies to the network by deploying a secondary network. This will increase the security of the overall network, however, it would add a considerable cost to your design.
In conclusion, we can say that despite the benefits of the LPWAN networks, security is an essential factor in IoT networks. This is critical, especially in networks dealing with sensitive information. To get the maximum benefit of LPWAN networks, higher levels of security are essential. Therefore, make sure to add that extra element of security to your LPWAN network.