WIXLIB

the network server, the network server will check whetherthe end device can be accepted or not. If the end deviceis not accepted, there will be no response. If the device isaccepted, then the network server will send a Join Acceptmessage to the end device. The Join Accept contains a 3-byteAppNonce, which is generated by the network server. Afterthe AppNonce is received by the end device, both sides usethe nonces to generate the network and the application keys.As otherwise any eavesdropper would be able to generateNwkSKey and AppSKey, OTAA derives the network andapplication keys by encrypting the data using the AppKey, a16-byte device-unique key which is assigned by applicationowners to end devices.NwkSKey AESE (AppKey, 0x01 AppNonce NetID DevNonce pad )AppSKey AESE (AppKey, 0x02 AppNonce NetID DevNonce pad )In order to obtain NwkSKey and AppSKey, the IoT deviceneeds to trade-in the long-term AppKey after commissioningor a volatile reset. OTAA uses unique AppKeys to preventthat after a compromise of one end device the whole networkis impaired, and if the system keeps track of past DevNoncereplayed join attacks can be deterred. Join Request messagesare not encrypted, Join Accept messages are encrypted afterbeing digitally signed. A signed Join Accept message isencrypted using AES in Electronic Codebook (ECB) mode,which means that the plaintext is directly encrypted using thekey. This has the disadvantage that identical plaintext messagesare encrypted into identical ciphertexts. ECB is generally notrecommended as it trivially allows a traffic pattern analysis andbreaks the semantic security of a communication system. However, as the join message should never be repeated becauseof two nonces in the key derivation function of NwkSKeyand AppSKey and the strong pseudo-random permutation ofAES, the usage of ECB in this instance does not create majorcomplications.2) Activation by Personalization (ABP): ABP skips the exchange of join messages. Before activation, unique parameters– DevAddr, NwkSkey and AppSkey – are assigned to the enddevice and are stored in the server. When an end device istrying to communicate with the server, it will send messagesdirectly. These messages are encrypted and signed, such thatonly the corresponding network server can read the message.If devices are setup by ABP, NwkSkey and AppSkey will beused across sessions until updated in the device.C. Integrity and Authenticity ValidationA cryptographic message integrity code (MIC)1 is usedin LoRaWAN to provide an integrity check on the MACheader and payload data. The MIC for a data message iscalculated using the NwkSkey and AES-CMAC method. Whenuplink messages arrive at the network server, the server will1 In cryptography, we would normally refer to this as a message authentication code or MAC, but due to the confusion with the in networking ubiquitousmessage access control address or MAC address will refer to them as MICsthroughout the paper.RadioPreamblePHYLayer PayloadCRCIntegrity Check using NwkSKeyMAC HDR(DevAddr, FCnt)MAC Layer PayloadMICEncrypted by AppSKeyFrmHdrFramePortFrame PayloadFig. 3. A message integrity check is computed on the MAC header andpayload.first check the message integrity and, if it passes the check,transfer the message to the application server. For Join Requestmessages, the MIC is generated by using the AppKey insteadof NwkSkey. Figure 3 shows the decomposition of the protocoldata unit at the physical level into MAC header and payload,and frame contents. The light shaded area is protected by theMIC generated from the NwkSkey, the dark shaded area isencrypted by the AppSKey.D. Replay ProtectionCounters are an important component in replay protectionand, as the message counter is used in LoRaWAN to generatethe key stream, are also essential to the confidentiality of thecommunication channel. For each end device, there are twoframe counters named FCntUp and FCntDown. FCntUp iscounting uplink messages in the end device, while FCntDownis counting downlink messages in the network server. Inorder to keep uplink and downlink messages in sync, thereis a limit value MAX FCNT GAP. If the difference betweennumber of uplink and downlink messages is larger thanMAX FCNT GAP, subsequent frames will be discarded. Both16-bit and 32-bit frame counters are allowed in LoRaWAN.If the counter overflows, it will be started from 0 again.According to the LoRaWAN specification, the counter valuewill be set to zero after resetting.IV. ATTACKS TOWARD L O R AWANIn this section, we present five vulnerabilities in the protocoland describe actual attacks that could exploit them. For verification, we have implemented all attack vectors in a hardwareor software proof-of-concept. The attacks target all three mainaspects of communication security: first, we demonstrate thatit is possible to eavesdrop and decrypt the content of a frameunder certain circumstances. Second, we show that the contentof a packet may be modified outside of the integrity checkprovided by the protocol. Third, we highlight that messagescould either be replayed, or a node tricked into believing that amessage has been received by the gateway when it actually hasnot, and outline a battery exhaustion attack. This compromisesthe availability of the network.In the following, we will discuss each of these five attacksin detail, and present the exploit and necessary preconditions.All attacks are summarized in an attack tree in the conclusion.

A. Replay attack for ABP-activated nodesAs discussed during the previous section, the ABP-activatedend devices are using static keys which are preprogrammedinto the device. Moreover, the protocol specification v1.0.2states:“After a JoinReq - JoinAccept message exchangeor a reset for a personalized end device, the framecounters on the end device and the frame counterson the network server for that end device are resetto 0.”A replay is possible using any LoRa transceiver to achievethe attack as long as the device is able to transmit andreceive LoRa wireless messages. For our proof of concept,we had a sensor node activated with a LoRaWAN provider,and operated a malicious local gateway (250 Euro) as well asa malicious LoRa sensor based on the popular RN2483 chip(10 Euro) to inject the traffic, see figure 5. Both are off-theshelf components; in principle the attack can also be launchedwithout a dedicated gateway at the expense of less convenienceas the gateway can capture concurrent transmissions.As a heartbeat to demonstrate the success of the attack andvalidate that the DoS outage matches the predicted value,we had the sensor report a field measurement every thirtyseconds via LoRaWAN to a backend server. The maliciousgateway would monitor all frequencies in use by LoRa, andcomplete a dictionary. In the top highlighted area of thegateway trace shown in figure 6, the attacker notices a devicereset and simply re-injects a previously saved message (bottomhighlighted area), in this case with the counter value 10. Asthe subsequent frames sent by the legitimate sensor are outof sequence, the sensor will need to increment and transmituntil back in sync. As devices obey a specific low-volumeduty cycle, the sensor is effectively blocked during this time.The reporting backend of the LoRa application service shownin figure 7 confirms the replay and an outage for 5 1/2minutes. Note that the denial-of-service was accomplishedduring the entire time by means of a single packet, in contrastto other DoS attacks such as SYN floods, this attack thusleaves no abnormal adversarial traffic such as flooding whichis detectable by the network.End DevicesGatewayMessage 69 (FCntUp 70)ACKx Reset or overflowAdversary replaysold messageTherefore, after resetting, an ABP-activated end device willreuse the frame counter value from 0 with the same keys. Inthis case, an attacker can grab messages in the last sessionwith larger counter values and reuse it in the current session.Besides resetting, another method to restart the counter is acounter overflow. After the counter value reaches its maximumvalue, the counter will be reset and will restart from 0. Withcounter values from the last session and the same sessionkeys, an attacker can also replay previous messages to cutoff the communication between the end device and the server.This holds both for ABP and OTAA. However, attacking anABP-activated end device will take less time as both resetand overflow work if the attacker has the ability to reset enddevices.A message replay is trivial to implement for an adversary.First, monitor and store the uplink messages of an ABPactivated node. Second, wait until the device has reset thecounter value FCnt, which is sent in clear text. Assume theuplink counter value of the malicious message is F Cntm ,the uplink counter value of the end device is F Cntcurr , andthe maximum accepted counter gap is Gap. Third, replay anymessage with F Cntm F Cntcurr Gap to fit the runningwindow algorithm of LoRaWAN and thus be accepted by thenetwork if replayed. The most harmful attack is to select thecounter value F Cntm Gap F Cntcurr , since it will takethe devices the longest time to recover.Figure 4 shows an example of a replay attack. Here themaximum counter gap is the default protocol value of 16384.The malicious message is the message in the last session withsame device address, session keys and larger counter value.As long as the attacker sends this message in this session tothe network server, and it is accepted, the messages from thevictim with counter value smaller than 70 will be ignored.For the attack, minimal hardware is required: a traffic snifferas well as a LoRa transmitter to replay messages. While ina small LoRaWAN with only a few end devices, the attackermay need to wait a long time for a counter overflow, the attackcan be efficiently conducted for ABP-activated end devices ina large deployment. Once the attacker gets the largest possiblecounter value for one end device, it can periodically replay themessage and block the end device permanently (or until thesession keys of the end device are changed, which requires forABP a separate channel or physical access). This replay vectorthus implements a denial-of-service attack on the availabilityof an LPWAN deployment.Proof-of-Concept experimentMessage 1 (FCntUp 0)ACKMessage 2 (FCntUp 1)ACKMalicious Message (FCntUp 70)ACKMessage 3 (FCntUp 2)Message 4 (FCntUp 3)xxFig. 4. An example of a replay attack for ABP.

Victim DeviceNetwork Gateway(operated by authors)NetworkAdversarial AdversarialDeviceGatewayFig. 5. Setup for LoRaWAN replay attack.Fig. 7. Log file of the victim’s server.Since the ciphertexts are transmitted over the air and known,in order to get the plaintexts, we first guess a part of the contentin P1 , then derive the part of P2 at the corresponding position.If all the plaintexts are readable, the guess is possibly correct.The more resets, the more likely it becomes to recover themessages. This method is also called crib dragging [14].Proof-of-Concept experimentFig. 6. Log file of malicious gateway.B. EavesdroppingAs discussed before, LoRaWAN implements channel confidentiality through AES in counter mode. Instead of setting thecounter as a nonce, the packet counter value is used as input.As during a reset this counter value is reset according to thespecification while the key remains in place, this means thatthe block cipher will recreate exactly the same key material.This is the classic textbook case of a key stream reuse.In a stream cipher, a plaintext P is combined through anexclusive OR with a key stream to obtain the ciphertext C.When given two messages P1 and P2 encrypted under thesame keystream, P1 K C1 , P2 K C2 , an adversarycould eliminate the secret key asC1C2 (P1K) P1P2 P1P2 .(P2K)(K K) {z }cancels outExecuting the attack requires only a LoRa node configuredas a pass-through receiver or an off-the-shelf gateway tocapture traffic from all sensors in range. The attack requiresonly the build-up of a dictionary per IoT device as identifiedby the DevAddr and FCnt value. As the payload size is highlylimited and due to the air-duty-cycle limitation, developers areconditioned to minimize the amount of transmitted information, and thus data content in LoRaWAN can be expected tobe highly condensed and structured. As IoT devices will beproduced in high volume and devices can be assumed to bereadily available to an adversary for purchase, the data formatmust thus be assumed to be publicly known.That a key stream reuse will lead to a problem is obviousand does not require any formal demonstration. After theimplementation of the proof-of-concept, we thus evaluatedthe effectiveness of a data recovery attack of sensor valueinformation.In our experiment, a sensor is configured to send datamessages periodically, the default frame payload for datamessages in these devices is 16 bytes, consisting of onelight measure value and one temperature value. A maliciousgateway keeps tracking the uplink messages from the sensor.The attack methods differ only slightly for when numbersor alphanumeric strings are transmitted, so we confine toonly presenting the case for numbers. Suppose that from aninspection of the device the adversary knows that the lengthof the plaintext is 8 digits, which means that there are only12 possibilities for one digit, numbers from 0 to 9, a space,

onnectivity provided over public networkwith adversarial interferenceFig. 9. The setup of a bit-flipping attack.Fig. 8. The number of possible candidates.or a placeholder. A message is divided into 2 parts: light andtemperature, with one space between their values. The firstpart of the message gives a light value of at least 2 digits.The second part of the message gives a temperature value of3 digits.Choosing P1 as the victim and P2 as the reference objectwith both plaintexts unknown, we can traverse 12 options foreach digit for P1 , and check the corresponding P2 to seewhether it is readable and consistent. Using the regular patternsas constraints to decrease the number of possible optionsfor plaintexts, the victim’s plaintext can be derived. Figure8 shows a histogram of the number of possible candidates leftafter decryption as a function of the obtained sensor values.We see that the reconstruction is effective of structured valuesas soon as a handful of messages have been obtained. After 3resets, the number of possible candidates is calculated. In the24 valid samples, 45.8% have only one candidate, identicalto the original data. For the others, the number of possiblecandidates is highly decreased from 128 to 4, 8, 9, 36, etc.This attack is based on the assumption that the attacker isable to perform a reset and affect the light sensor value. If theattacker is not able to affect the sensor readings, the numberof resets needed will be larger.If the sensor data are not numerical values but for examplebitmasks – imagine a bit value indicates whether movementwas detected or light switched on in a particular room orcorridor –, the traffic analysis would not need to recover theoriginal values but only indicate differences between frames.This result may be obtained given two LoRa messages withdifferent values.C. Bit-Flipping AttackWhile LoRaWAN messages are both encrypted andequipped with a message integrity check, the two features arenot applied at the same scope. Recall from the descriptionof the protocol that the cryptographic message integrity codeon the payload data and header information is checked andterminated by the infrastructure provider, while the payloadencryption using the AppSKey is undone by the application provider. This means that in between the infrastructureoperator’s network server and the IoT solution provider’sapplication server, the content cannot be checked for integrityand authenticity.While good practices in network design would place theinternal infrastructure of an infrastructure operator into aseparate private network compartment, the link between theLPWAN operator and a third party application provider wouldtypically run over a public network such as the Internet. Unlessother precautions are taken such as a tunnel with validation orpinning of certificates, the messages between the two partiescould be altered in content or rerouted.While a block cipher normally reacts very sensitively to bitmodifications, a principle called the avalanche effect whichwould normally render a bit-flipped message unreadable, asAES is only used as a key stream generator and a stream cipheris easily malleable unless an integrity check is combinedwith the decryption. LoRaWAN, however, deviates from therecommended practices of using authenticated encryption, andterminates the integrity check too early.The vector is possible if an attacker can insert himselfanywhere between the LPWAN operator and the IoT solutionprovider, see figure 9. There exist a variety of techniquesfor this, ranging from routing-based approaches (insufficientlysecured routing protocols, BGP prefix hijacking, IP sourcerouting option, etc.) to physical and link-layer based attacks (acompromised device on the path, a malicious actor in a shareddata center, etc.), which are beyond the scope of this paper. Asin a stream cipher bit modifications in the ciphertext affect theexact bit position in the plaintext in a predictable manner, it isthus possible for the adversary to arbitrarily modify the contentof the sensor readings (and in case of key reuse, pretend thatthe sensor value had originated from a different device). Inaddition, header, routing information, and commands couldalso be modified in this way.Proof-of-Concept experimentWhile from a cryptographic point of view the feasibilityof a bit-flipping attack is evident, we also implemented aproof-of-concept for completeness sake, see figure 10. Indeed,the experiments show that given a man-in-the-middle attackbetween a network operator and an application server weregistered, we were able to (1) modify the FrmPayload andchange its room temperature data from “027” to “327”, (2)increase the FCnt value until it was larger than the FCnt atthe server, after which the message dropped by the applicationserver, and (3) flip bits of DevAddr, so that the applicationconsidered the message to be from another end device.

Fig. 10. An example result of a bit-flipping attack.TABLE IP HYSICAL PAYLOAD FORMAT OF AN ACK MESSAGE .MHDR60DevAddr88889999FCtrl20FCnt0B00MICBAE1557AD. ACK spoofingTo maximize battery life, the data-acknowledgement mechanism in LoRaWAN is made optional to reduce the time theradio needs to be powered up.Table I shows an acknowledgement message (FCtrl code20) sent over the air, addressed to device 88889999. As canbe observed, the ACK message does not state which messageit is confirming. While there is a cryptographic integrity valuethat lets the IoT device confirm the authenticity of the ACK,the frame counter of the ACK is the sequential number of alldownstream messages. A captured ACK could therefore bedelayed and used to selectively acknowledge the successfulreceipt of another unrelated message, even when it has notarrived at backend provider.As LoRaWAN relies on spread-spectrum techniques witha high spreading factor to realize a fault-tolerant link underminimal power requirements, the transmission of a LoRaWANpacket takes comparatively long. A versatile attacker withoutaccess to a gateway could thus prevent the receipt of the acknowledgement through selective jamming of the IoT device,and would be later able to knock out any uplink message whilereplaying the previously cached ACK.Proof-of-Concept experimentFor the demonstration of selective ACK spoofing, weassume that the gateway is malicious and may selectivelysuppress certain frames from transmission. Such a selectivepacket loss may be implemented by not sending the frame atall, or in a more subtle way by transmitting the packet to awrong downlink port number so that the frame will be ignoredby the actual recipient.Figure 11 shows the proce

security of the LoRaWAN protocol stack and its vulnerabilities in a systematic way. We provide a vulnerability analysis, outline several possible attacks and describe security solutions for LoRaWAN. This paper is organized as follows. Section II provides an overview of related work. Section III summarizes the key se-curity features present in a .