In the first article of this series, we discussed the advances in the digital transformation thanks to IoT, both in industry and in Smart Cities. Regarding communication between IoT devices, we focused on the LoRaWAN network as one of the most widespread and popular Low-Power Wide-Area Networks (LPWAN) in the world and the devices that make up this type of network. In the following article, we took a closer look at LoRaWAN, and explained what a LoRaWAN frame is, what the payload is, what configuration modes exist in the devices (OTAA / ABP), how the devices register on the network and what messages/keys are exchanged between the elements that make up the network.
Now that the fundamental concepts of these telecommunication networks have been covered, we will examine one of the main threats that can occur in real LoRaWAN environments. We will reflect on the importance of cybersecurity in this type of network and we will comment on the consequences that these threats can have on Smart Cities.
We are going to propose a scenario where we have a LoRaWAN network made up of a device integrated into a recycling bin that has a temperature sensor, an antenna (gateway) strategically positioned in the city that will capture the messages sent by the node (temperature sensor), a Network Server so that this device can join our network and an Application Server which will periodically receive the temperature data.
The sensor will periodically send the temperature value, which will be monitored to keep track of possible fires in the container or the nearby surroundings.
If a value above the established threshold is detected (e.g. 100 ºC), an alert will be triggered to notify the city’s emergency services.
Thanks to these technologies, it is possible for cities to have greater visibility and control over their resources, as well as to optimize the management tasks of cities and their services. But 1)Is it possible to fool cities by sending false information?; And 2) Would it be possible to decipher the information that the sensor transmits? We are going to answer these questions by adding a new sensor to the network, but in this case, it will be a sensor that an attacker places in the city and connects to the network.
Let’s see what happens:
First of all, let’s remember that when a LoRaWAN node connects to the network it uses an identifier called APPKey. This key is configured before the device is available in the city to send information and it is common for these keys to be shared by the provider or to have been leaked. With this key, the device joins the network exchanging JoinRequest and JoinAccept messages. So, answering the question about whether it is possible to decrypt the information, if an attacker manages to recover that pair of messages, he can perform the reverse process and decrypt the transmitted data (payload). To do this, one can use the APPKey of the device in question if it is known beforehand, or a brute force attack can be carried out by trying many possible APPKey until you find the correct one.
Regarding the second question, we have to start from the fact that the attacker already knows the APPKey of the sensor that he wants to impersonate and that he has a packet that the original node has transmitted – This would be enough for an attacker to recover the session keys (NwkSKey and APPSKey). From this moment on, the only aspect to be considered by the attacker when transmitting the false packets is that the values of the FCnt field of the packets sent by the malicious device have a value greater than the original. That is, if the last packet sent by the legitimate device was 123, the attacker will have to programme the malicious node to transmit from 124. This will ensure that the information to be monitored comes from malicious node and not that of the legitimate node, which will become invisible to the network.
After having repaired this type of network and encountering threats of this kind, it is important to highlight the impact of cybersecurity in these environments. Let us imagine that, suddenly, the traffic lights stop working, the streetlights go out, the fill level sensor of a recycling container sends alerts that it is empty when it is not, and that the temperature sensor does not alert for a fire, etc.
Some timely recommendations to try to mitigate these security risks are:
- Create an inventory of network devices
- Monitor which sensors are transmitting and which sensors are not
- Check if the time a device has spent without transmitting information is as expected
- Physically check the devices periodically. They can be tampered with and manipulated since they are in public locations like the street, recycling containers, etc.