6 Oct 2020

Why LoRaWAN is Reliable and Safe

Simon Kemper

Where do potential security holes exist and how are they addressed?

When using LoRaWAN, the measurement data is transmitted wirelessly to a gateway. The gateway listens for the corresponding signals and transmits them to a LoRaWAN network server, which is connected to the Internet.

On this route there are potential security gaps, which are however successfully solved by the LoRaWAN technology. More in detail:

Sensor to Gateway

According to the LoRaWAN wireless technology, a sensor has no information about the gateways in its environment, and a gateway always listens for all signals coming from LoRaWAN sensors.

Therefore it is theoretically possible that the radio signals of a LoRaWAN sensor can be picked up by an external gateway.

How to solve this?

This potential security gap is closed by encrypting the sensor data.

To achieve this, the LoRaWAN standard uses common encryption methods, similar to modern web encryption, which is also used for online banking.

For this purpose there is a unique key for each LoRaWAN device. And only those who are in possession of this key can decrypt the measured values accordingly.

Where is this key stored?

To create a sensor on LoRaWAN server or IoT platform (like Datacake) the key has to be stored once. Once stored on the server in a non-readable form, the key is additionally secured by the user account and its password.

Can Data be stolen in this way?

Only whoever is in possession of this key (the AppKey) can convert the encrypted data of a LoRaWAN sensor into a readable form.

But even then, the potential attacker only has a sequence of digits. He has no information about the location or the name of the sensor. Also, the measured values cannot be identified, since the transmission of sensor data usually consists of a simple sequence of numbers.

An assignment of numerical value to measured value (with unit and name) also takes place on the IoT platform (by using a so-called payload decoder).

Can incorrect measurement data be imported into the system?

However, a potential danger does not only arise from the tapping of the measured values. False measured values could also be imported into the system in order to avoid triggering alarms, for example.

The LoRaWAN system also offers various precautions, all of which provide sufficient protection.

On the one hand, the encryption of the messages has to be mentioned here. Only those who know the key can produce a message from a sensor accordingly and pretend to be a fake message.

But what if you send an already sent message again?

The LoRaWAN specification also applies here. Each message is individually incremented by using a special counter that is also embedded into the encrypted data (so called frame counter). And thanks to the encryption by the security key, this increment cannot be reproduced or simulated. Thus, this security gap is also successfully closed.

One possible risk remains

If a potential attacker has physical access to the sensor, she may be able to manipulate it. This danger remains, but does not represent a danger by the LoRaWAN radio system itself.

Some sensor manufacturers install security switches or motion detectors in their sensors to close this security gap as well.

User as a potential danger

However, one danger always remains. All information such as key, name or location of the sensor is visible to an administrator. Therefore it is important that users choose a secure password.

Datacake offers suggestions and has certain guidelines on how a password should look like. In this way, the users created on Datacake and their passwords can achieve a higher level of security.

But clearly, as with any other solution, the weakness of the user remains.

If passwords are sent by e-mail in plain text or even end up on the user's monitor in written form as a Post-It, the mechanisms described above for defending and closing potential security gaps are of no use.

In the end, the user is and remains the critical link in the chain.

Advantage of decentralized (micro-)services

The overall system of a LoRaWAN sensor-based data collection system consists of many smaller subsystems.

Each of these subsystems is secured in itself, and only those who have control over the entire system can access data and draw conclusions about measurement data or actually steal data from the system. For this to happen, the attacker must have a user or administrator password.

Conclusion

From a technical point of view, the radio system behind LoRaWAN would have some major security gaps or would have many suitable locations for attackers. But the technical implementation of the LoRaWAN radio system and the communication protocol successfully closes these gaps.

We can clearly recommend the use of a LoRaWAN network as a basis for the collection of all kinds of measurement data. Compared to other transmission types like mobile radio, WLAN or wired, it does not offer any disadvantages in terms of security.