The realm of Low Power Wide Area Network (LPWAN) has a paramount influence on the way we work and live. For instance, real-time applications and rapid packet transiting for long-range have now come into practice that was previously considered mysterious. However, euphoria becomes a problem when it comes to security considerations, as low-power devices possess limited processing units that are unable to elucidate robust security algorithms. In this case, the Low Power Wide Area Network (LoRaWAN) stepped into a technological competition that filled the gap with adopting the end-to-end security feature. However, several problems have been pinpointed in the newer version such as one issue with key distribution in LoRaWAN 1.1 is that the keys are often pre-installed on the devices at the time of manufacturing. It can introduce security risks if the keys are not adequately protected or if the devices are compromised before they are deployed. In other words, the pre-installed keys may not be updated regularly, which can also introduce security risks. Thus, the keys need to be handled securely to maintain the security of the network and the over-the-air firmware updates feature could introduce new security challenges for the key distribution. This thesis presents a key generation and distribution (KGD) mechanism that securely exchanges the root key between the ED and the application server AS. The KGD protocol provides authentication by integrating Advanced Encryption Standard (AES-128) in addition to a secure hash function known as Argon2. The proposed protocol utilizes Elliptic-Curve Diffie-Hellman (ECDH) key exchange method that makes the protocol resilient to cyber threats. The ECDH algorithm exchanges the keys on the insecure channels and is, therefore, vulnerable to Man-in-the-Middle (MITM) attacks in the network. Therefore, to validate the key agreement and avoid adversaries, the KGD protocol considers the Elliptic Curve Digital Signature Algorithm (ECDSA) that authenticates and allows legitimate instances in the network. In last, a formal security analysis using the Scyther tool validates the security enhancement of the KGD protocol.
Cybersecurity in LoRaWAN Networks: Vulnerability Analysis and Enhancing Security Measures for IoT Connectivity
QADIR, JUNAID
2024-03-21
Abstract
The realm of Low Power Wide Area Network (LPWAN) has a paramount influence on the way we work and live. For instance, real-time applications and rapid packet transiting for long-range have now come into practice that was previously considered mysterious. However, euphoria becomes a problem when it comes to security considerations, as low-power devices possess limited processing units that are unable to elucidate robust security algorithms. In this case, the Low Power Wide Area Network (LoRaWAN) stepped into a technological competition that filled the gap with adopting the end-to-end security feature. However, several problems have been pinpointed in the newer version such as one issue with key distribution in LoRaWAN 1.1 is that the keys are often pre-installed on the devices at the time of manufacturing. It can introduce security risks if the keys are not adequately protected or if the devices are compromised before they are deployed. In other words, the pre-installed keys may not be updated regularly, which can also introduce security risks. Thus, the keys need to be handled securely to maintain the security of the network and the over-the-air firmware updates feature could introduce new security challenges for the key distribution. This thesis presents a key generation and distribution (KGD) mechanism that securely exchanges the root key between the ED and the application server AS. The KGD protocol provides authentication by integrating Advanced Encryption Standard (AES-128) in addition to a secure hash function known as Argon2. The proposed protocol utilizes Elliptic-Curve Diffie-Hellman (ECDH) key exchange method that makes the protocol resilient to cyber threats. The ECDH algorithm exchanges the keys on the insecure channels and is, therefore, vulnerable to Man-in-the-Middle (MITM) attacks in the network. Therefore, to validate the key agreement and avoid adversaries, the KGD protocol considers the Elliptic Curve Digital Signature Algorithm (ECDSA) that authenticates and allows legitimate instances in the network. In last, a formal security analysis using the Scyther tool validates the security enhancement of the KGD protocol.
| File | Dimensione | Formato | |
|---|---|---|---|
|
phdunige_4963170.pdf
accesso aperto
Tipologia:
Tesi di dottorato
Dimensione
17.54 MB
Formato
Adobe PDF
|
17.54 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
