Epistemic Analysis of a Key-Management Vulnerability in LoRaWAN

2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI:10.1109/PST52912.2021.9647741

Martha N. Kamkuemah

{"title":"Epistemic Analysis of a Key-Management Vulnerability in LoRaWAN","authors":"Martha N. Kamkuemah","doi":"10.1109/PST52912.2021.9647741","DOIUrl":null,"url":null,"abstract":"Smart devices in applications like remote sensing systems use the LoRaWAN protocol to connect with and transmit data to a central server. The device and server use the protocol’s handshake procedure to start a communication session and negotiate session encryption keys. However, session keys remain unchanged throughout communications with the server. Static session keys make the protocol vulnerable to attack. An intruder that compromises the session keys can decrypt past and future messages. This work studies the LoRaWAN handshake procedure, its security properties, namely mutual authentication and secrecy, and proposes a key exchange scheme to mitigate the session key vulnerability. It proposes epistemic definitions for the vital properties of mutual authentication and secrecy. To validate them, we prove that the handshake and new key exchange scheme satisfy these definitions. Based on this validation, we show that the protocol is secure. Finally, the work shows that the new key exchange scheme is feasible for devices with limited processing power, bandwidth, and memory.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 18th International Conference on Privacy, Security and Trust (PST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PST52912.2021.9647741","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Smart devices in applications like remote sensing systems use the LoRaWAN protocol to connect with and transmit data to a central server. The device and server use the protocol’s handshake procedure to start a communication session and negotiate session encryption keys. However, session keys remain unchanged throughout communications with the server. Static session keys make the protocol vulnerable to attack. An intruder that compromises the session keys can decrypt past and future messages. This work studies the LoRaWAN handshake procedure, its security properties, namely mutual authentication and secrecy, and proposes a key exchange scheme to mitigate the session key vulnerability. It proposes epistemic definitions for the vital properties of mutual authentication and secrecy. To validate them, we prove that the handshake and new key exchange scheme satisfy these definitions. Based on this validation, we show that the protocol is secure. Finally, the work shows that the new key exchange scheme is feasible for devices with limited processing power, bandwidth, and memory.

查看原文本刊更多论文

LoRaWAN中一个密钥管理漏洞的认知分析

遥感系统等应用中的智能设备使用LoRaWAN协议与中央服务器连接并将数据传输到中央服务器。设备和服务器使用协议的握手过程来启动通信会话并协商会话加密密钥。但是，会话密钥在与服务器的整个通信过程中保持不变。静态会话密钥使协议容易受到攻击。破坏会话密钥的入侵者可以解密过去和未来的消息。本文研究了LoRaWAN握手过程及其相互认证和保密的安全特性，并提出了一种密钥交换方案来缓解会话密钥漏洞。提出了相互认证和保密的重要属性的认识论定义。为了验证这些定义，我们证明了握手和新的密钥交换方案满足这些定义。基于此验证，我们证明该协议是安全的。最后，工作表明新的密钥交换方案在处理能力、带宽和内存有限的设备上是可行的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 18th International Conference on Privacy, Security and Trust (PST)

自引率

0.00%

发文量