Professional Documents
Culture Documents
Thesis
Thesis
Thesis
i
Acknowledgements
I would like to thank Fredrik Kilander and Markus Hidell for taking the time to
correct and guide me during the writing of this thesis.
I would also like to thank Jérôme d’Annoville, my supervisor at Gemalto for his
advice along with the whole R&D team for their kindness and their
professionalism.
I would like to thank my fellow students and my professors at KTH for sparkling
my enthusiasm and curiosity for technology.
iii
Abstract (English)
In this study, the focus is on Low Power Wide Area Networks (LPWAN) and
particularly a protocol which is raising in popularity for long-range low-power
communications in IoT: LoRaWAN.
LoRaWAN is still at an early stage and has been mainly used in use cases where
the network server was managing the keys ensuring confidentiality and
integrity of the data. Gemalto has raised the issue of interest conflicts in the
case where the network operator and the application provider are two distinct
entities: if the end-device and the application server are exchanging sensitive
data, the network server should not be able to read them.
The LoRaWAN protocol and key management in general were studied first
before describing the studied system and finding the possible attacks exploring
its vulnerabilities on the mentioned points via an attack tree. These attacks were
simulated in order to define their consequences on the system and according to
them, security improvements on the architecture was proposed based on
previous work on the topic and exploration on potential countermeasures.
Keywords
IoT, LoRaWAN, key management, E2E security
v
Sammanfattning (Svenska)
I denna studie ligger fokus på Low Power Wide Area Networks (LPWAN) och i
synnerhet ett protokoll som ökar i popularitet för långsiktig
lågkapacitetskommunikation i IoT: LoRaWAN.
För att lösa detta problem har en arkitektur som använder en betrodd tredje
part för att generera och hantera nycklarna implementerats under det här
projektet. Följande forskning syftar till att hitta säkerhetshot och svagheter om
konfidentialiteten och integriteten hos data och enheternas autentisering i
detta studiefall.
Nyckelord
IoT, LoRaWAN, nyckelhantering, end-to-end-säkerhet
vii
Contents
x
List of Figures
xi
List of Tables
xiii
List of Acronyms and Abbreviations
Most of these acronyms and abbreviations are explained in this document when
first used. However, for clarity, these terms are listed below.
ACK Acknowledgment/Acknowledged
CA Certificate Authority
xv
PoC Proof of Concept
RX Receiver Signal
SF Spreading Factor
TX Transceiver Signal
xvi
1 Introduction
Nowadays, Internet of Things (IoT) has become a hot topic in the Information
and Communication Technology (ICT) industry. On the one hand, this
technology opens a whole new world of possibilities to interact with interfaces
and to collect data. On the other hand, this area clearly suffers from a lack of
standards, whether it is for the question of security or for application
integration, these two issues being linked.
1.1 Background
First, it is important to define the scope of this thesis by giving some
background on IoT and LoRaWAN, the main technologies used for this work,
and on the context of this thesis.
The LoRa technology also includes some quite strong limitations regarding
packet size and data rate which depend on the distance to the nearest gateway,
the type of data to be sent and the region’s specification - e.g. for the European
863-870MHz band, the application packet size varies between 51 bytes for the
slowest data rate, and 222 bytes for faster rates [8]; furthermore, the LoRaWAN
protocol adds at least 13 bytes to the application payload.
Another limitation is due to the duty-cycle i.e. the maximum percentage of time
during which an end-device can occupy a channel [9] to avoid network
congestion. It depends on many factors including the region and the type of
operation (like sending data, or broadcasting a request to join a network). For
1
European 863-870MHz band, the duty-cycle is limited to 1%, meaning that on
a sub-band, the signal is on 1% of the time but off 99% of the time.
In the presented use case, a Software Development Kit (SDK) for the end-
device, a TKM server which generates and stores the keys and a command line
interface (CLI) which allows the user to deploy the company’s solution in the
cloud are provided. The company does not own the application server, the IoT
middleware nor the network server which are also part of the global
architecture. They are considered to have different owners. Figure 1 represents
an overview of the final architecture and which components are provided by
Gemalto.
It has consequences on the confidentiality of the data e.g. the data from the
device to the application server and back should not be read in clear on the
network server.
2
1.2 Problem
As said above, Gemalto introduces the use of a trusted third party to
communicate with the other business actors in IoT. However, nowadays, there
is no standardized security evaluation in IoT. A method must then be defined
to evaluate the security of Gemalto’s installation.
Thus, the problem addressed by the thesis project can be decomposed into two
main research questions:
• What are the known threats and flaws key management via a trusted
third party can encounter with LoRaWAN protocol?
• How does Gemalto’s installation in particular deal properly with these
threats?
• What security improvements could be made?
1.3.2 Sustainability
The main sustainable issue here regards the energy consumption of the
installation. It is a very real challenge for networks of connected devices.
According to Johanna Nordlöf and Petter Lagusson’s master thesis [7], the
energy consumption for a LoRa node varies as a function of the Spreading
Factor (SF) of the issued signal which defines the different TX and RX windows.
LoRaWAN supports six SF (from SF=7 to SF=12) and the higher the SF, the
slower the transmission and the lower the data rate. As an example, a node
using a SF of 7 with a 2600 mAh battery, a heartbeat every sixth second would
in theory drain the battery in 48 days if sleep-, leak- or computing currents are
not taken in account.
3
This study does not take this aspect in account as it focuses more on the Proof-
of-Concept (PoC) than on the production in great scale but it must be
considered before further deployment.
1.5 Delimitations
This thesis is made in collaboration with Gemalto, therefore limitations are
made based on topics and use cases considered as relevant for the customers of
Gemalto. In other words, the main focus is, as said in 1.4.1, on threats on
authentication, integrity and confidentiality of communicated data and the
security levels to achieve are only in the scope of known threats. The purpose is
not to highlight new threats in this area but to consolidate the identified flaws
of a system.
1.6 Outline
The first chapter consists on an introduction of the present thesis.
The LoRaWAN protocol and key management’s issues in IoT are presented in
chapter 2.
4
The studied system, its architecture and its procedures are described in chapter
3.
A threat analysis method is then discussed, chosen and used to list and describe
known threats the studied architecture and protocols may encounter in chapter
4. This list is then narrowed down by arguing which ones are relevant in the
author’s use case to constitute a battery of tests.
5
2 Theoretical Background
This chapter first gives an introduction to the LoRaWAN protocol. It then looks
more into the issues of key management.
2.1 LoRaWAN
As previously said, the LoRaWAN network protocol is a protocol used over
LoRa technology, optimized for battery-powered mobile or mounted end-
devices [8].
7
The capacity of a LoRa gateway is defined by the maximum number of LoRa
devices it can handle. The capacity of a LoRa gateway can be increased by using
multiple channels or different bit rates on a same channel to receive multiple
packets simultaneously. In their study, Johanna Nordlöf and Petter Lagusson
[7] report the results of packet delaying as a function of capacity in a real life
scenario, presented here in Table 1.
This table shows that the more end-devices a LoRa gateway handles, the slower
the communication is since the time between packets increases.
For a device to join a LoRaWAN network via OTAA, the procedure consists in
two MAC messages exchanged with the server [8]. A MAC message is simply a
message whose format is conformed to a Media Access Control (MAC) protocol,
i.e. with an addressing mechanism and a channel access which allows available
nodes on a network to communicate, such as LoRaWAN.
The network server keeps track of DevNonce to avoid replay attacks. Indeed, if
a malicious device sends a previously recorded join-request message in order
to join the network instead of the device it is emulating, the network server is
able to check if the DevNonce has already been used or not and reject the
request if it has.
8
• If the integrity is verified, the network server sends a join-accept
message to the end-device.
• If the device is not registered as permitted to join the network or if the
integrity of the message is not verified, no response is given.
The join-accept message is not only signed but also encrypted with the AppKey
as follows:
AppNonce, NetID and DevNonce are also used to derive an application session
key (AppSKey) and a network session key (NwkSKey) from the AppKey by the
network server and the end-device independently. They are calculated as
follows:
9
Figure 3. An overview of LoRaWAN Join Procedure.
Having two session keys allows us to prevent eavesdropping from the network
server if the network server and the application server have different owners.
In this case, AppKey is only known by the application server and the end-device.
When receiving a Join Request, the network server sends it to the application
server which checks that the device is allowed to join and generates the session
keys before sending NwkSKey to the network server. The application server is
10
then responsible for encryption and decryption of the messages as illustrated in
Figure 4.
11
As shown on Figure 5, an uplink message contains DevAddr, assigned and
registered by the network server during the join procedure, a frame counter for
uplink messages (FCntUp), the frame payload and the MIC calculated by
NwkSKey. The entire MAC payload is encrypted by AppSKey using Advanced
Encryption Standard (AES) encryption.
Table 2. Encryption block of an uplink data message with the LoRaWAN protocol
[8].
Size
1 4 1 4 4 1 1
(bytes)
12
• The blocks Ai are encrypted to get a sequence of blocks Si such as
Si=aes128_encrypt(K, Ai) for i=1..k where K=NwkSKey or K=AppSKey.
• S = S1 | S2 | .. | Sk is defined.
• (frame_payload|pad16)⊕S is truncated to the first
len(frame_payload) octets.
The uplink frame counter (FCntUp) starts from 0 after a successful Join
Procedure and is incremented by the end-device at each uplink message to keep
track of the uplink messages sent, lost or received. The same FCntUp value
should not be reused by an end-device during one session, except for
retransmission. Any message, retransmissions excepted, sent with the same
FCntUp from one device during one session is discarded by the network server.
First, a higher view of group key management is needed. There are three main
approaches regarding key management in a group [12]:
• Centralized group key management:
One entity is responsible for the generation, distribution and update of the
group keys.
• Distributed (contributory) group key management:
Group members themselves do the key generation. It can be contributory:
all members contribute some information to generate the group keys.
• Decentralized group key management:
The management of a large group is divided among smaller subgroup
managers.
With the LoRaWAN protocol, since the session keys (NwkSKey and AppSKey)
are generated by the network server using the DevNonce (provided by the end-
device) and AppNonce (provided by the server), this covers the definition of a
contributory group key management.
Besides, there are five important requirements to ensure security for group key
agreement [13, 14]:
13
An adversary who have access to previous group keys or a former user
should not be able to deduce current group keys.
• Backward Secrecy:
An adversary who has access to current group keys or a current user should
not be able to deduce previous group keys.
• Key Independence:
An adversary who knows a subset of group keys should not be able to deduce
any other group keys. In other words, the disclosure of one key should not
compromise other keys employed in the group.
• Resistance to collusion :
Any set of fraudulent users should not be able to collude and deduce other
group keys.
• Mobility protocol
If there are different key managers attached to areas, they are required to be
informed if a member is going to leave or join. Each area must then ensure
backward and forward secrecy, independently to each other. In this thesis’s
case, this aspect is not taken into account however, as only one global key
manager for every area is considered.
• Host mobility
Mobility implies that when a node leaves a network and enters a new one, a
generation of new keying materials must be provided for the new host. With the
LoRa technology, the network and/or application servers are the hosts and the
end-devices are the nodes. In previous works [14], this host mobility was mainly
seen as a consequence of geographic mobility but in the thesis’s case, networks
are considered as the properties of various actors in the business model of
mobile business [15]. Indeed, the network server is furnished by a network
operator while the middleware and application server are provided by a
possibly independent application provider. Network operators and application
providers usually work as business partners but these partnerships can vary,
making connected devices migrating to another network server or another
application server.
Host mobility also raises another problem regarding the bit flipping attack
described in Xeuying Yang’s work [11]: multiplying application and network
servers increases the attack surface since a bit-flipping attack must take place
between the network server and the application server as it can be seen on
Figure 6. Thus, host mobility makes bit-flipping attacks more difficult to detect.
In her work, Xeuying Yang [11] also found another weakness in the LoRaWAN
protocol: it is possible to compromise confidentiality by eavesdropping. Indeed,
with a same AppSKey for a sufficient long time, an attacker listening to wireless
15
packets might be able to decrypt them if they wait long enough for the frame
counter to be reset to 0 (it happens when it reaches its maximum or if the device
is manually reset). The attack works as it follows: when FCntUp is reset, if the
AppSKey is the same, the keystream, i.e. the block cipher encryption described
in 2.1.2, is the same for two messages with the same FCntUp. And in this case:
Plaintext1⊕Keystream = Ciphertext1
Plaintext2⊕Keystream = Ciphertext2
So:
Plaintext1⊕Plaintext2 = Ciphertext1⊕Ciphertext2
If an attacker can guess a part of Plaintext1, they are therefore able to derive a
part of Plaintext2. A robust key management should take this weakness into
account, finding a system in order never to have the same keystream for two
distinct messages.
16
3 Use case
This chapter explains the method the author intends to use to conduct the
evaluation of the security of its key management and describes the study’s
architecture in more details.
3.1 Methodology
A source of inspiration in order to evaluate the security level of a system might
be found in threat analysis methods. During the literature review, the author
considered some of them such as attack trees [16], Meadows’ formal models
[17] or ProVerif [18], used in scientific papers – searched on KTH library
database - to rate the security of the key management of a system – which was
the issue for this thesis.
In order to choose amongst them which one was the most appropriate,
Gemalto’s requirements, communicated via the author’s company supervisor,
allowed to set two criteria for the methodology:
• Realization and Qualitative analysis
The system was studied as a Proof of Concept: the main point was to
show the feasibility of the architecture. Therefore, the most significant
challenges were the realization of the architecture and to expose its
theoretical and observable flaws.
• Focus on confidentiality, integrity and device’s authentication
Gemalto particularly aimed at ensuring these three conditions, as stated
in the introduction. The chosen threat analysis method then had to focus
on them and to categorize found threats to determine which condition
they endangered.
It was important to have Gemalto’s validation for the methodology since the
master project was done in the scope of an internship in their company.
Building an attack tree after implementing the architecture was finally chosen
as the basis of the evaluation since, according to the given criteria, it was the
most relevant method. Indeed, it is based on the observation of a system and
the listing of all the known threats applicable to it and allows to categorize them
by the security property they threaten (here: confidentiality, integrity or
device’s authentication) in a convenient and visual way.
17
3.1.1 Attack Tree: a description
The name of “Attack Tree” is self-explicit: it represents attacks against a system
in a tree structure with the goal as the root node and different ways of achieving
that goal as leaf nodes. This method is entirely qualitative.
In order to create an attack tree, the attack goals, i.e. the sensitive points an
adversary might want to attack, must be identified. The various ways to attack
them must then be listed to build the tree.
The main risk with this method is to forget possible threats. However, the goal
here is not to discover every weakness of the system but to determine if the level
of security achieved is sufficient. In this thesis, a key management with
sufficient of suitable security is defined as a key management which is
invulnerable to every known threats on the confidentiality, integrity and
device’s authentication in an IoT system.
There are two possible different strategies to break into the house: stealing the
key or forcing the door. These are the possible attacks.
It must be noted that there are AND and OR nodes, every unspecified node
being an OR node. OR nodes are alternatives while AND nodes represent
different necessary steps to achieve one goal. For example, here to force the
door, an intruder must learn how to pick locks AND have adequate tools to do
it.
Of course, this sample tree is incomplete. Other attacks can be thought of too.
18
3.1.2 Analysis method
An attack tree is built according to the known threats in the IoT domain in
general and for the LoRaWAN protocol in particular. In order to do this, the
architecture and procedures of this use case are first described and analyzed in
order to construct the attack tree. Scenario of these attacks are then presented
alongside with the potential countermeasures the system proposes and their
consequences on its global security.
3.2 Architecture
In order to generate and distribute the keys, a Trusted Key Manager (TKM) is
used. It is a third party component which must ensure end-to-end security
encryption by acting as a bridge between the different parts of the system. It is
integrated in the LoRa architecture as represented in Figure 8. According to
Gemalto [6], the TKM aims at simplifying security managements and providing
advantages to IoT business actors:
Its specific role and features in this thesis’ use case are described further down.
19
Figure 8. An overview of the study’s LoRa architecture.
This setup has been done as a Proof of Concept (PoC) by the author in the scope
of the master project. This PoC consisted in a physical public connected locked
box. The main scenario is as it follows: the postman first puts an item for a user
to retrieve in a box and locked the latter. As he does so, a new password is
generated by the server to unlock the box and the user can check it on a web
application if the item has been put in the box and what the password is. The
password is renewed with every new item.
The focus in the following parts is on the different technologies this architecture
is composed of.
3.2.1 End-device
The end-device consists in a Nucleo-64 development board with STM32
microcontroller (MCU), compatible with the ARM mbedTM librairies. It
includes GPIO ports for sensors in order to collect data. Binaries are generated
from a program using a software development kit (SDK) specific to Gemalto,
implementing the LoRaWAN protocol among other things. The board is
completed by a LoRa shield. This device is integrated in the box and linked to
the keypad and the lock.
3.2.2 Gateway
The gateway is configured as a packet forwarder, carrying LoRa packets it
receives from the device to the network server over Ethernet or WiFi, using
HTTP or HTTPS protocol.
Indeed, the name of the group is linked to a handler which determines the
format of the uplink messages (e.g. in the presented use case, JSON is utilized)
and a connector which defines the publication topic and allows to store the
credentials necessary to create a MQTT connection over SSL with the IoT
middleware.
20
For this use case, AWS IoT [20], a platform to integrate Amazon Web Services
for IoT applications, is used. An overview of this platform is represented on
Figure 9.
Besides, AWS Identity and Access Management (IAM) is also being used to
allow secure and controlled access to AWS services.
21
Figure 10. An example for the application UI.
In order to use it, the different business actors (here namely the network
operator and the application provider) must enroll via an online form such as
the one on Figure 11.
3.3 Procedures
Before describing the different procedures to join the network, send an uplink
message and claim a device in this architecture, it must be pointed out that this
architecture is provided by Gemalto with a command line interface (CLI) in
order to easily deploy the solution in the cloud, and particularly to build quickly
the cloud middleware on the IoT platform. The main setups done via the CLI
are:
23
3.3.1 Join the network
For a connected device to join a network, the sending of the join request is the
same from the point of view of the end-device as described in section 2.1.1.
However, in the implemented architecture, instead of answering directly, the
network server first connects to the TKM.
In order to do so, the network server uses the Transport Layer Security (TLS)
Handshake protocol [23] over HTTP: the network server and the TKM start by
exchanging hello messages to agree on algorithms. These algorithms include a
key exchange method which determines how the shared master key will be
exchanged, a bulk encryption method which determines how application data
will be encrypted and a MAC which determines how application data will be
hashed and signed to prove integrity. They then exchange certificates and
cryptographic information to authenticate themselves. While doing so, the
network server also generates a random pre-master secret and transmits it
securely to the TKM. This pre-master secret is used to create a shared master
secret. The latter contributes to generate four keys shared by the network server
and the TKM: two encryption keys respectively for the network server’s
messages and for the TKM’s messages and two keys to hash respectively the
network server’s messages and the TKM’s messages, allowing them to
authenticate themselves. This protocol is described on Figure 13.
Using the four resulting keys, the network server forwards the join request to
the TKM. The TKM checks if the device is registered as allowed to join the
network i.e. allowed to connect to the application server identified by the
AppEUI sent in the join request. If the device is allowed to join the network, the
TKM generates an AppNonce to derive NwkSKey and AppSKey from the
24
device’s AppKey and sends back a join response which has been described in
section 2.1.1. This join response is then relayed to the end-device which is then
also able to generate NwkSKey and AppSKey. Furthermore, the TKM sends the
NwkSKey to the network server.
If an ACK is not sent by the network server to the end-device, the latter will start
the join procedure over again. Otherwise, the message is then sent by the end-
device to the network server which checks the message’s integrity with
NwkSKey and forwarded to the IoT middleware via the TLS protocol using
MQTT.
If this is the first message sent by this device during the current session, AWS
IoT retrieves the TKM credentials from Amazon S3 to connect to the TKM via
TLS over HTTP and sends a demand to get AppSKey to the TKM to decrypt the
message. This demand sends the DevEUI and an identifier of the session
(SessionKeyID) as parameters. The TKM sends back the AppSKey encrypted by
TK and a key checksum value (KCV) calculated from AppSKey. AWS IoT uses
TK stored in Amazon S3 to decrypt AppSKey and the resulting AppSkey to verify
KCV. AppSKey and SessionKeyID are stored on the Thing Shadow associated
with the device. Consequently, sending a demand to the TKM will not be
necessary for future uplink messages in this session. AppSKey is then used to
decrypt the uplink message. The obtained decrypted message is stored in
25
Amazon DynamoDB and published on the subscription topic of the application
server. If the latter is connected to the IoT middleware (via TLS over MQTT), it
can read finally the decrypted message.
26
Figure 15. IoT middleware processing an uplink message.
27
Here, the uplink messages include the current password (regenerated by an
algorithm on the device when a new item is put in the box) and the status of the
box (empty, filled, etc.) to the application server.
Claiming a device is done via the Gemalto CLI mentioned previously (cf 3.2).
The needed parameters are the DevEUI and the name of the group the device
is a member of on the network server and on the TKM. An activation code
(ActivationCode), generated by the TKM either during a previous claim or
during the registration of the device and readable by the user on a QR code on
the device, is also required. Indeed, when a claim is done on a device, the TKM
deactivates it, hence avoiding an exchange of inaccurate messages and the
activation code is needed for the new owner (application provider) to activate it
again.
It is important to indicate that the changes are done on the TKM and on the
network server.
28
Figure 16. An overview of the Claiming procedure.
29
4 Building of the Attack Tree
In this part, the attack goals, i.e. the root reasons to attack, of the presented use
case must be found and justified in order to build an attack tree.
Regarding security properties, it has already been said that only three are
considered: confidentiality, integrity and device’s authentication. The system is
considered as compromised if its key management is unable to prevent
compromising of one these three properties.
Security assets on the other hand consist in the most significant security
parameters of our system. Compromising would mean compromising one of the
security properties mentioned above and hence, compromising the whole
system. There are two sorts of assets: primary and secondary. Compromising
the primary assets can directly lead to compromising the system while if one
secondary asset is compromised, more assets are necessary to compromise it.
In Table 4, the assets are presented. Some are confidential while others are not.
However, the integrity of all the assets is assured by the LoRaWAN protocol,
the TLS protocol or simply because they are not communicated online.
The roles of all these assets are described in the previous sections.
31
All the presented assets can be targeted by attackers in theory. However, since
this study focuses on weaknesses during the protocol message exchange, assets
that are only shared offline (such as AWS credentials) and can only be
compromised by attacks like social engineering will not be considered as viable
targets for attackers.
4.3 Hypotheses
Several hypotheses need to be explicitly stated in order to justify some choices
in the built attack tree:
33
4.4 The attack tree
Figure 17, 18, 19 and 20 represent the attack trees used in the analysis of the key
management in this thesis’ use case. As two cases regarding the compromising
of AppKey are considered, the attacks where it intervenes are in grey.
Figure 17. The attack tree for the thesis' use case.
34
Figure 19. Subtree 2 - Compromising of Integrity.
35
5 Evaluation of the use case’s key management
This chapter presents scenarios for the different attacks represented in the
attack tree built in the previous section and restitutes this thesis’ system
responses and their consequences on the global security of the used key
management.
The claim procedure does not require a new AppKey. The device keeps the same
AppKey from which new NwkSKey and AppSKey are derived. AWS IoT can then
retrieve AppSKey from the TKM, even if the attacker does not know AppKey or
AppSKey.
This attack explores two flaws in the system: the lack of supervision regarding
the claiming of devices (its justification for example) and no additional key
management: several application servers can successfully own a device with the
same AppKey. In other words, this thesis’ system does not take into account the
tracking of key material during movement events a measure mentioned as a
requirement for key management in wireless environments in chapter 2.
On a side note, it is relevant to add that it is not explicitly mentioned that the
keys ensuring confidentiality and integrity (namely AppSKey and NwkSKey)
37
are renewed by the sending of a join request message. Not making this measure
systematic can create conflicts and compromise backward and forward secrecy.
As explained in chapter 2, using additional key management is imperative
during movement events.
• The attacker captures all the uplink messages issued from a device before
and after a FCntUp reset.
• The attacker pair the packets with the same counter value. It is quite easy
as FCntUp is always reset to 0 and is incremented by 1 at each uplink
message.
• The attacker obtains several pairs of ciphertexts resulting from a XOR
with the same keystream.
Plaintext1⊕Keystream = Ciphertext1
Plaintext2⊕Keystream = Ciphertext2
So:
Plaintext1⊕Plaintext2 = Ciphertext1⊕Ciphertext2
Ciphertext1 = 3b101c091d53320c000910
Ciphertext2 = 071d154502010a04000419
So:
Ciphertext1⊕Ciphertext2 = 3c0d094c1f523808000d09
One assumption can be that the word “the” is in one of these messages, which
translates in “746865” in hexadecimal. A XOR operation on the first six
characters (i.e. the length of “746865”) is executed:
3c0d09⊕746865 = 48656c
38
Here, from “Hel”, “Help” or “Hello” can be guessed to be the first word of one
of the messages. “Help” encoded in hexadecimal becomes “48656c70” while
“Hello” becomes “48656c6c6f”.
The results are:
“the p” seems like the more probable option so the process is repeated by trying
to guess different words “the p” might be referring to.
After reiterations, the plain messages can be found: “Hello World” and “the
program”. Such a method is called “crib dragging”. With this method, the more
the attacker witnesses resets, the more likely they are to recover messages.
Figure 21. MitM attack between device and gateway with a compromised
NwkSKey.
Table 7. MitM attack between device and gateway with a compromised NwkSKey.
Step Action
1 The device is sending a message.
2 The attacker intercepts it.
3 The attacker changes the payload.
4 With the help of the compromised
NwkSKey, the attacker signs the
message with a valid MIC.
5 The attacker sends the modified
message to the gateway.
6 The network server checks the
message’s MIC with NwkSKey and
validates it before forwarding it to the
IoT platform.
7 The application server receives the
modified message.
40
5.2.2 Bit-flipping attack between device and network server
This attack is also a derivative of the MitM attack but does not require the
attacker to know the AppKey. The specification resides in the method to modify
the payload: indeed, the bit-flipping attack aims at changing specific fields on
ciphertext without decryption of the ciphertext when the plaintext and the
associated ciphertext have the same bit order [27]. In the studied system, the
encryption method (cf. 2.1.2) does not shuffle the order of the plaintext’s bits.
This attack seems then applicable.
• The MIC’s length is four octets. This means 232 possibilities for a brute
force attack. According to Table 8, the attacker will then make 2, 147,
483, 648 attempts on average to find out the correct MIC for a modified
message. Table 9 presents the processing time of the simulator of Jung
41
Wong Lee et al. [27] to search a correct MIC according to the used
system. It can be noted that only a few seconds seem necessary.
Regarding the bit-flipping part itself, the concept is simple but it can make the
application server register false data. Table 10 shows an example.
In this case, searching a correct MIC is not necessary: the integrity is not
checked passed the network server.
However, in this thesis’ system, the communication between the network server
and the IoT middleware and between the IoT middleware and the application
server is protected by the TLS protocol which is described in 3.3.1. It provides
the privacy and data integrity of these communications respectively by
encryption keys and methods and hash functions [23].
This attack is pretty simple and based on the work of Seung Jae Na et al. [28].
It proceeds as follows:
• The attacker collects as many join request messages from the devices as
possible.
• They analyze these join requests in order to obtain two pieces of
information:
Which devices send join request messages periodically and
frequently: one of these devices will be the targeted device D.
For one device, how much time there is in average between two
join requests using the same DevNonce; indeed, DevNonce is
used as an indicator to prevent replay attacks. However, since it
is chosen randomly and that there is limited possibilities,
DevNonce is bound to be repeated over time. The network server
takes this into account and has only a number of previous
DevNonce registered and not all of them.
• Once they have determined both of these points, the attacker can fix a
time T when a replay attack towards the device D is most likely to
succeed.
• At the time T, the attacker sends back the collected join request messages
from de device D to the network server. It will have two effects:
The malicious device will join the network.
Since a lot of join request messages have been sent, several
possible DevNonce will be registered by the network server,
preventing the trusted device to reconnect with them: this can
delay the user’s actions on the attack.
43
This attack explores the fact the AppKey of the device never changes. However,
the harmfulness of this attack is relative as T can be very long (in his work,
Simone Zulian [29], with ND = 7300 and fJ = 1 valid join procedure/day, T = 20
years), it all depends on the frequency of join requests.
120
100
80
T (days)
60
40
20
0
0 2 4 6 8 10 12 14 16 18
f (Valid join requests/day)
Figure 23. The time T a malicious node has to wait in order to perform a replay
attack as a function of f the number of valid join procedures for one device per
day and N the number of previously used values of DevNonce stored by the
network server.
Compromised AppKey
For this attack, the attacker is considered as knowing AppKey. In this case,
nothing prevents them to send a valid join request message.
The attacker only needs to capture registered devices’ join request messages: it
allows them to know registered DevEUIs and AppEUI (since the message is sent
unencrypted). It also lets the attacker know previously used DevNonce in order
to avoid their join request message to be dropped.
With this information, they can sign their join request message by creating a
MIC with AppKey.
44
• The attacker captures wireless join request messages and notes the
parameters of a target they are going to imitate (DevEUI, AppEUI and
previously used DevNonce).
• The attacker creates an unsigned join request message with a DevNonce
that has not been used. It must be noted that, since DevNonce are
random and the number of used DevNonce stored in the network server
%&'&() * %+&',-.
is limited, there is a probability of to get a DevNonce that
%&'&() – 0
will be accepted with Ntotal the number of possible combinations for
DevNonce (here, it is 216), Nstored the number of used DevNonce stored in
the network server and Nobserved the number of used DevNonce observed
by the attacker and where α= Nobserved if Nobserved≤ Nstored, else α= Nstored.
• The attacker sends in brute force join request messages with different
MIC until the network accepts one, which means the MIC was correct.
It is then necessary for the attacker before resending the message to have
captured the last message of the target device and to adequately change
FCntUp. This provokes a change of MAC payload and consequently needs a new
MIC. A brute force attack, as described in 5.2.2, can be performed to generate a
correct MIC for this new message.
This attack explores the fact that the network server is internet-facing, allowing
large amounts of messages to be sent, and results in the application server
receiving and acting upon false data.
45
6 Discussion and Security suggestions
This chapter discusses possible countermeasures for the attacks and threats
described in the previous chapter and concludes on the level of security of the
studied system’s key management.
This system’s main flaws, identified from the description of the possible threats
on the key management, are:
• the possible compromising of AppKey and its consequences
• an absence of specification in case of counter reset
• the possibility to use successful brute force attacks on messages’ MIC
• the possible compromising of LoRaWAN cipher mode encryption
• an absence of explicit control for claiming (or more generally, for host
mobility)
Several solutions exist, on the hardware and software sides, to prevent the
compromising of AppKey or at least, to limit the exploitation damages.
For now, the only specification of the provisioning of AppKey is that it is defined
and shared offline with the TKM before the end-device is even activated.
47
According to LoRaWAN specification [7], each AppKey has to be specific to each
end-device to preserve Key Independence: compromising one AppKey from an
end-device only compromises this end-device. These AppKeys being completely
independent, it also ensures Resistance to Collusion: knowing several AppKey
does not allow to deduce the others.
Changing AppKey might then seem a good idea but the difficulty here is for the
end-device and the TKM to agree on a new AppKey securely. The only secure
option would require another key to administrate or rotate the AppKey. It
would avoid compromising due to social engineering for example. However,
assuming the end-device is compromised, there is no obvious way to agree on a
new AppKey without the attacker being aware of the update. It might be better
to implement a mechanism to detect if the device has been tampered with: when
the end-device would be detected as compromised, the TKM will considered it
as not allowed to join the network.
The problem is then to define an efficient way to detect if a device has been
compromised or not. This issue is still studied in the industry and there is no
definitive answer. Of course, a device can, when sending a message and being
repeatedly denied, detect that somebody has joined the network under its name
and consequently send a new join request message to disconnect the attacker,
but this method is not really efficient. Indeed, if an emulated device does not
try to send a message for a long time, the attacker would use that time to send
compromised information. Furthermore, for some attacks such as MIC brute
force, emulating a device does not take a lot of time – as seen in section 5.2.2 –
and the attacker might then just perform the attack again.
For the first issue, it seems that the device has to keep track of the FCntUp and
sends a new join request message and consequently generates new session keys
at each counter reset, manually forced or not, to prevent compromising of the
cipher block mode and eavesdropping.
Regarding the second point, the root of the problem has first to be identified.
In this case, the vulnerability resides in the DevNonce and the probability of its
reusability in a replay attack. Indeed, a replay attack uses two weaknesses of the
system: the limit of storage of used DevNonce by the network server and the
probability of generating an already used DevNonce. If the network server could
memorize all of the used DevNonce and that every join request message could
be sure to have a unique DevNonce for the device, then a replay attack would
not be possible.
Such a solution would significantly reduce the risk of a successful replay attack
on a join request. It could only be performed if all 216 possibilities of DevNonce
were used, which would take approximatively twenty years if the device
operated ten valid join operations a day. When reaching this DevNonceMAX, the
end-device would just turn off.
1
Furthermore, in term of probability, there is always a probability of to get
%23245
%&'&() * %+&',-.
the correct DevNonce, instead of with Ntotal the number of
%&'&() – 0
possible combinations, Nstored the number of used DevNonce stored in the
network server and Nobserved the number of used DevNonce observed by the
attacker and where α= Nobserved if Nobserved≤ Nstored, else α= Nstored.
In the next section, the author tries to improve this solution by focusing on the
prevention of brute force attacks.
In the presented possible attacks, the MIC has been presented various times as
a potential target for brute forcing. In this section, suggestions are given to
increase the necessary time for brute force
MIC being generated and used differently in join request messages and data
messages, they are considered as two distinct cases.
Seung Jae Na et al. [28] suggest to use the six first octets of the previous
NwkSKey to create this token (the six first octets of AppKey for the first join
request message). This would have two effects:
• A token would be unique and independent for each message, preventing
listening attackers to predict the token.
50
• The network server would be able to create the token as well without
implementing more operations and performing a XOR operation again
to get the DevNonce and the MIC of the message.
Using this technique would prevent brute force on MIC. Indeed, there would
then be 248 possibilities: it would then take more than one year in average to
find a correct combination assuming one thousand attempts can be done in a
second. This result is based on the calculation explained in the previous chapter
(cf. Table 8).
It has been decided in this chapter that the second threat can be prevented by
ensuring that two messages are never sent with the same keystream, ideally by
triggering a new join procedure when FCntUp is reset.
51
For the first threat, Jong Woon Lee et al. [27] propose a solution: shuffling bits
of the frame payload of the resulting encrypted message.
• The first step, called the “shift phase”, consists in shifting circularly the
bits to the left. To determine how many octets the frame payload has to
shift, the first octet of NwkSKey which is different from the length of the
frame payload MaxSize is used (modulo MaxSize).
• The second step is named the “swap phase” and unfolds as follows:
1. For each octet in position p of the frame payload, the octet i in
corresponding position (modulo the length of NwkSKey) in
NwkSKey is considered.
2. k is defined as i modulo MaxSize. If they are not already swapped,
the octet at the position k of the frame payload and the octet at
the position p are swapped.
Both of these algorithms are described in further details in the appendix A and
example of the execution is represented on Figure 25.
Once this solution is implemented, attackers would have no way to tell which
fields they have modified. Consequently, the probability for the message to have
an invalid format, hence being ignored by the application server, is greatly
increased.
The main disadvantage for this method is that it is not suitable for devices with
low power and low resource.
Furthermore, in the system as studied, the TKM only keeps the current
application server for the device. In an upgraded system, the TKM could keep
track of a list of the previous application server the device was attached to as
well. It would be easier to detect suspicious behavior such a chaotic pattern of
claim procedures.
54
7 Summary and Conclusion
The LoRaWAN protocol has gained in popularity with the spreading of IoT with
low power and low resource devices for long distance communications. Indeed,
LoRaWAN consists in a MAC layer protocol for the LoRa technology, a format
modulation for LPWAN (Low Power Wide Area Networks).
With the LoRaWAN protocol, confidentiality and integrity keys are traditionally
kept in the network server. It guarantees unique keys for each device in a
session but on the other hand, it allows the network server to read every
message from the end-device to the application server.
However, Gemalto has argued that such a solution could lead to conflict of
interests as a network operator (owner of the network server) and an
application provider (owner of the application server and, optionally, of an IoT
middleware) could be separate entities. In this case, the network server should
not be able to decrypt the data messages between the application server and the
end-device. Yet, since these keys are sensitive information, it makes sense not
to be stored directly by the final client (application provider).
In order to solve this problem, Gemalto proposes a solution with a trusted third
party which manages the generation and distribution of confidentiality and
integrity keys. Nevertheless, some questions must be addressed:
• What are the known threats and weaknesses key management via a
trusted third party can encounter with LoRaWAN protocol?
• How does Gemalto’s installation in particular deal properly with these
threats?
• What security improvements could be made?
After simulating these attacks on Gemalto’s system and observing its answers,
five vulnerabilities of the system were drawn out:
In future work, in order to reinforce the security of the system even more, more
research into physical attacks should be conducted, for example regarding side-
channel attacks. These attacks should be studied and evaluated to limit their
56
consequences. The proposed solutions, such as eSE, must also be studied in
more details: what can be done with them, what are their limits?
Furthermore, only a few criteria were considered here to evaluate the security
of the system: confidentiality, integrity and device’s authentication. Yet, there
are other criteria which must be studied such as availability, privacy of the
device’s location, and so on, in order to design more secure systems.
Besides, this study is focused on Class A devices which are using the basic
LoRaWAN protocol. However, Class B and Class C devices should also be
studied, with their particularities regarding the LoRaWAN protocol. Regarding
the LoRaWAN protocol, the APB activation should be studied in this
architecture too.
It is also important to stress the fact that the study case here is mainly a Proof
of Concept. Issues that can be encountered after a production start, such as the
management of collusions between a large number of devices or gateways.
The protocol for downlink messages (from the application server to the end-
device) are also not mentioned and would need some reflections too, as there
may be some specific attacks for this feature.
A study with several network servers and the possibility for an end-device to
move from one network server to another should also be conducted since it may
reveal other weaknesses points than those mentioned in this thesis.
Finally, future work on a detection system for malicious behavior from end-
devices must be done: the parameters to monitor and security thresholds have
to be defined in order to determine if a device can be seen as uncompromised,
suspected or compromised.
57
References
[1] L. Srivastava, P. Biggs et al., The Internet of Things, International
Telecommunication Union, 2005.
[2] U. Raza, P. Kulkarni and M. Sooriyabandara, “Low power wide area
networks: An overview”, IEEE Communications Surveys Tutorials, vol.
PP, no. 99, pp. 1-1, 2017.
[3] D. Patel and M. Won, “Experimental Study on Low Power Wide Area
Networks (LPWAN) for Mobile Internet of Things”, IEEE 85th Vehicular
Technology Conference, 2017.
[4] R. Miller, “LoRa The Explorer – Attacking and Defending LoRa Systems”,
Proceedings of SyScan 360, MWR Labs, 2016.
[5] LoRa-Alliance | Technology, Available on: lora-alliance.org/technology.
Last consulted: 2017-09-26.
[6] Gemalto Trusted Key Manager, Available on:
gemalto.com/m2m/solutions/trusted-key-manager-for-lora. Last
consulted: 2017-09-26.
[7] J. Nordlöf and P. Lagusson, “A Study of Low-Power Wide-Area Networks
and an In-Depth Study of the LoRaWAN Standard”, Royal Institute of
Technology of Stockholm (KTH), Master thesis, 2017.
[8] N. Sornin, X. Vilajosana et al., LoRaWAN™ Specification, version 1.0.2,
2016.
[9] F. Adelantado, M. Luis et al., “Understanding the Limits of LoRaWAN”,
IEEE Communications Magazine, 2017.
[10] IEEE 802 Working Group, IEEE Standard for Local and Metropolitan
Area Networks – Part 15.4: Low-Rate Wireless Personal Area
Networks (LR-WPANs), IEEE Std 802.15.4TM-2011 (Revision of IEEE
Std 802.15.4-2006), Annex B, 2011.
[11] X. Yang, “LoRaWAN: Vulnerability Analysis and Practical Exploitation”,
Delft University of Technology, Master thesis, 2003.
[12] S. Rafaeli and D. Hutchison, “A Survey of Key Management for Secure
Group Communication”, ACM Computing Surveys (CSUR), vol. 35, no.
3, pp. 309-329, 2003.
[13] Y. Kim, A. Perrig and G. Tsudik, “Simple and Fault-Tolerant Key
Agreement for Dynamic Collaborative Groups”, Proceedings of the 7th
ACM conference on computer and communications security, pp. 235-
244, 2000.
[14] B. Daghighi, M. L. M. Kiah et al., “Key management paradigm for mobile
secure group communications: Issues, solutions, and challenges”,
Computer Communications, vol. 72, pp. 1-16, 2015.
[15] G. Camponovo and Y. Pigneur, “Business model analysis applied to mobile
business”, Proceedings of the 5th International Conference on
Enterprise Information Systems, pp. 1-10, 2003.
[16] B. Schneier, “Attack trees”, Dr. Dobb’s journal, vol. 24, no. 12, pp. 21-29,
1999.
59
[17] C. A. Meadows, “Applying Formal Methods to the Analysis of a Key
Management Protocol”, Journal of Computer Security, vol. 1, no. 1, pp.
5-36, 1992.
[18] R. Küsters and T. Truderung, “Using proverif to analyze protocols with
diffie-hellman exponentiation”, Computer Security Foundations
Symposium, 2009. CSF’09.22nd IEEE, pp. 157-171, 2009.
[19] Compact server for private LoRa networks. Available on:
github.com/gotthardp/lorawan-server. Last consulted: 2017-10-05.
[20] How AWS IoT Works – Amazon Web Services. Available on:
docs.aws.amazon.com/iot/latest/developerguide/aws-iot-how-it-
works.html. Last consulted: 2017-10-05.
[21] Managing Things with AWS IoT – AWS IoT. Available on:
docs.aws.amazon.com/iot/latest/developerguide/iot-thing-
management.html. Last consulted: 2017-10-10.
[22] Device Shadows for AWS IoT – AWS IoT. Available on:
docs.aws.amazon.com/iot/latest/developerguide/iot-thing-
shadows.html. Last consulted: 2017-10-10.
[23] T. Dierks and E. Rescorla, “The Transport Layer Security (TLS) Protocol
Version 1.2”, RFC 5246, 2008.
[24] S. Li, T. Tryfonas and H. Li, “The Internet of Things: a security point of
view”, Internet Research, vol. 26, no. 2, pp. 337-359, 2016.
[25] Travis Dazell: Many Time Pad Attack – Crib Drag. Available on:
travisdazell.blogspot.fr/2012/11/many-time-pad-attack-crib-
drag.html. Last consulted: 2017-10-13.
[26] Y. Desmedt, “Man-in-the Middle Attack”, Encyclopedia of Cryptography
and Security, pp. 759, 2011.
[27] J.W. Lee, D. Y. Hwang et al., “Risk Analysis and Countermeasure for Bit-
Flipping Attack in LoRaWAN”, Information Networking (ICOIN), 2017
International Conference, pp. 549-551, 2017.
[28] S. J. Na, D. Y. Hwang et al., “Scenario and Countermeasure for Replay
Attack Using Join Request Messages in LoRaWAN”, Information
Networking (ICOIN), 2017 International Conference, pp. 718-720,
2017.
[29] S. Zulian, “Security threat analysis and countermeasures for LoRaWANTM
join procedure”, Università degli Studi di Padova, Thesis, 2016.
[30] Embedded SIM, eSE for consumer electronics: IoT applications for a wide
range of devices, Available on: gemalto.com/iot/consumer-
electronics/embedded-secure-element. Last consulted: 2017-10-19.“
[31] G. Suarez-Tangil, J. E. Tapiador et al., “Evolution, Detection and Analysis
of Malware for Smart Devices”, IEEE Communications Surveys &
Tutorials, vol. 16, no. 2, pp. 961-987, 2014.
60
Appendix A: Frame Payload Shuffling method algorithms
61