Paper 2019/479

Extended 3-Party ACCE and Application to LoRaWAN 1.1

Sébastien Canard and Loïc Ferreira

Abstract

LoRaWAN is an IoT protocol deployed worldwide. Whereas the first version 1.0 has been shown to be weak against several types of attacks, the new version 1.1 has been recently released, and aims, in particular, at providing corrections to the previous release. It introduces also a third entity, turning the original 2-party protocol into a 3-party protocol. In this paper, we provide the first security analysis of LoRaWAN 1.1 in its 3-party setting using a provable approach, and show that it suffers from several flaws. Based on the 3(S)ACCE model of Bhargavan et al., we then propose an extended framework that we use to analyse the security of LoRaWAN-like 3-party protocols, and describe a generic 3-party protocol provably secure in this extended model. We use this provable security approach to propose a slightly modified version of LoRaWAN 1.1. We show how to concretely instantiate this alternative, and formally prove its security in our extended model.

Note: To appear at Africacrypt 2019.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. Africacrypt 2019
Keywords
Security protocolsSecurity modelInternet of ThingsLoRaWAN
Contact author(s)
loic ferreira @ orange com
History
2019-06-25: revised
2019-05-13: received
See all versions
Short URL
https://ia.cr/2019/479
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/479,
      author = {Sébastien Canard and Loïc Ferreira},
      title = {Extended 3-Party {ACCE} and Application to {LoRaWAN} 1.1},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/479},
      year = {2019},
      url = {https://eprint.iacr.org/2019/479}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.