Cryptology ePrint Archive: Report 2017/651

Rescuing LoRaWAN 1.0

Gildas Avoine and Loïc Ferreira

Abstract: LoRaWAN is a worldwide deployed IoT security protocol. We provide an extensive analysis of the current 1.0 version and show that the protocol suffers from several weaknesses allowing to perform attacks, including practical ones. These attacks lead to breaches in the network availability, data integrity, and data confidentiality. Based on the inner weaknesses of the protocol, these attacks do not lean on potential implementation or hardware bugs. Likewise they do not entail a physical access to the targeted equipment and are independent from the means used to protect secret parameters. Finally we propose practical recommendations aiming at thwarting the attacks, while at the same time being compliant with the specification, and keeping the interoperability between patched and unmodified equipments.

Category / Keywords: security protocol, cryptanalysis, IoT, LPWAN

Date: received 30 Jun 2017, last revised 6 Jul 2017, withdrawn 7 Jul 2017

Contact author: loic ferreira at orange com

Available format(s): (-- withdrawn --)

Version: 20170707:070419 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]