• Tidak ada hasil yang ditemukan

Nazarbayev University Repository

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2024

Membagikan "Nazarbayev University Repository"

Copied!
18
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 18 Halaman )

Teks penuh

(1)

Jamming LoRaWAN Over The Air Authentication

Supervised by: Dimitrios Zormpas Assistant Professor

Accepted by Ph.D. Adnan Yazici Department Chair, SEDS

Nazarbayev University, April 2022

by Baurzhan Orazbayev

(2)

● Introduction

● LoRa and LoRaWAN

● Problem definition

● Previous researches

● Research objectives

● Methodology and implementation

● Conclusion

Outline.

(3)

1. LoRa (Long Range) is a long-range non-cellular wireless communication technology that uses a spread spectrum (CSS) radio modulation. LoRaWAN is a network architecture that uses LoRa.

LoRa and LoRaWAN are low-power WAN technologies for IoT applications with long-range, low power, and low bandwidth.

Introduction

LoRaWAN main features

ISM frequency bands: 433, 868, 915 MHz

Mode Class A, B, C

Spreading Factor 7-12

Bandwidth 125, 250, and 500 kHz

Data rates 0.3 to 50 kbps

(4)

Features of LoRa radio technology:

(5)

LoRaWAN

Figure 3. LoRaWAN architecture[3]

(6)

LoRaWAN authentication protocols

Two possible ways of authentication are available in LoRaWAN:

1. ABP (Activation By Personalization), where a fixed DevAddr and session keys for a predefined WAN are

implemented in the end device.

2. OTAA (Over The Air Activation), where the LoRa end-node generates a

request to join LoRaWAN using root keys, which allows to assign end-

device a DevAddr and generating new

session keys [5].

(7)

Problem statement.

The impact of jamming on OTAA

LoRaWAN was be assessed with the following requirements:

1. The microcontroller (MCU) must be small in size, economical, and energy- efficient.

2. MCU must communicate using LoRaWAN technology.

3. The experimental test-bed should be capable of evaluating OTAA

authentication vulnerabilities

using available hardware.

(8)

Jamming attacks in LoRa networks

JA is an attack when an attacker generates wireless signals in irregular or sophisticated RF interference

signals, making it difficult for wireless devices to decode data packets. Traditional jammer models:

- Band Jamming (BJ) - BJ = B * p, 0 ≤ p ≤ 1.

- Tone Jamming (TJ) - combine several sine waveforms

in the used bandwidth. TJ can be single and multi-tone

jamming [2]

(9)

Jamming techniques

Channel-oblivious cases:

● Constant jamming

● Random jamming

Channel-aware cases:

● Triggered jamming

● Selective Jamming

● Reactive jamming

● Replay attack

Figure 4. Timing of Triggered and Selective Jamming [1]

(10)

Research objectives

● Potential interruption of the OTAA procedure

● Investigating jamming vulnerabilities of the OTAA authentication in an

experimental test-bed.

● Evaluating two kinds of selective

jamming attacks – fixed and channel

hopping.

(11)

Methodology and implementation:

experimental configuration.

Figure 5. Jamming experiment

(12)

Fixed channel jamming

● OTAA uses in the EU863-870 ISM Band the three default frequency channels to authenticate end- devices: 868.1, 868.3, and 868.5 MHz.

● The power of the interfering signal should be at least 6 dBm higher than a legitimate transmitter in case of nearby location[1, 2].

To simplify the experiment, we used the following assumptions:

● The same SF, bandwidth and frequency for the jammer and end-device are used

● Interruption OTAA authentication were fixed after

some(N>15) attempts.

(13)

Fixed channel jamming results.

Figure 6. Fixed channel jamming

-The efficiency of influence diverse from 6 to 20 percent.

- Successful attempts of interruption OTAA authentication

were not detected

(14)

Channel hopping jamming

● The attacker transmits a frame for a given SF on any default channel and then moves to the next frequency channel and performs another

transmission.

● Jamming in all three default channels in a

particular SF 868.1, 868.3, and 868.5 MHz with a bandwidth of 125 kHz.

● Different payloads used to influence to the air

time of jamming signal.

(15)

Figure 7. Channel hopping experimental

jamming results

(16)

Conclusion

● Off-the-shelf devices can be used to create collisions

● Noise immunity of LoRa

● Experimental limitations

(17)

1. Emekcan Aras, Nicolas Small, Gowri Sankar Ramachandran, Stéphane Delbruel, Wouter Joosen, and Danny Hughes. Selective jamming of lorawan using commodity hardware. In Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems:

Computing, Networking and Services, MobiQuitous 2017, page 363–372, New York, NY, USA, 2017. Association for Computing Machinery. DOI:10.1145/3144457.3144478.

2. Clement Demeslay, Roland Gautier, Anthony Fiche, and Gilles Burel. Band and tone jamming analysis and detection on lora signals. In Workshop on Security and Protection Information SPI2021, Jun 2021. Retrieved from arXiv preprint arXiv:2107.07782.2021.

3. Tahsin Dönmez and Ethiopia Nigussie. Security of join procedure and its delegation in lorawan v1.1. Procedia Computer Science, 134:204–211, 01 2018. DOI:10.1016/j.procs.2018.07.202.

4. Xingda Chen, Margaret Lech, and Liuping Wang. A complete key management scheme for lorawan v1. 1. Sensors, 21(9):2962, 2021.

5. Azhar Iqbal, Muhammad, Sajjad Hussain, Huanlai Xing, and Muhammad Ali Imran. Internet of Things Security, pages i–xix. River Publishers, 2018. Retrieved from

doi:10.1002/9781119701460.fmatter.

1.

REFERENCES

(18)

Thank you for attention!

Referensi

Unduh sekarang ( PPTX - 18 Halaman - 1.76 MB )

Dokumen terkait

An evaluation on the construction of the 1988-1989 English summative test of the first grade of SMA Dapena I - Widya Mandala Catholic University Surabaya Repository

In this situat.ion, test objectives can be based directly on course objectives and test content derived from specific course content.Inasmuch as instructor,

The effect of picture card games on the children's vocabulary achievement - Widya Mandala Catholic University Surabaya Repository

The data are then analyzed using t-test since the writer wants to compare two means test of the experimental groups which is taught using picture card game and

Analysis of castellated steel beam with oval openings - Diponegoro University | Institutional Repository (UNDIP-IR)

The results from the numeric solution should be validated to the experimental tests, so that the model can further be used as analyzing tool in evaluating modification of

RANCANG BANGUN TEST BED SISTEM KOMPRESOR TORAK DUA TINGKAT ( DESIGN AND TEST BED PISTON COMPRESSOR SYSTEM LEVEL TWO ) - Diponegoro University | Institutional Repository (UNDIP-IR)

Hasil yang diperoleh dari pengujian test bed kompresor torak dua tingkat yaitu volume langkah kompresor sebesar 0,000213595 m 3 , kapasitas teoritis kompresor

RANCANG BANGUN TEST BED SISTEM KOMPRESOR TORAK DUA TINGKAT ( DESIGN AND TEST BED PISTON COMPRESSOR SYSTEM LEVEL TWO ) - Diponegoro University | Institutional Repository (UNDIP-IR)

Metodologi yang digunakan dalam rancang bangun test bed kompresor torak dua tingkat adalah:..

MODIFIKASI TEST BED SISTEM KOMPRESOR TORAK SATU TINGKAT ( MODIFICATION OF SINGLE STAGE RIECIPROCATING COMPRESSORE TEST BED ) - Diponegoro University | Institutional Repository (UNDIP-IR)

Dari hasil pengujian kinerja test bed sistem kompresor torak satu tingkat. ini diperoleh hasil bahwa kapasitas isap kompresor 0,0431 m

RANCANG BANGUN AIR CONDITIONING TEST-BED ( DESIGN OF AIR CONDITIONING TEST BED ) - Diponegoro University | Institutional Repository (UNDIP-IR)

Pembuatan rancang bangun Air Conditioning Test-Bed ini digunakan sebagai sarana latihan untuk mendesain dan membuat peralatan yang umum digunakan di dunia industri dengan

THEMATIC PATTERNING TECHNIQUE ON WRITING ACHIEVEMENT AND ITS RELATIONSHIP TO ACHIEVEMENT MOTIVATION OF THE STUDENTS OF ENGLISH EDUCATION DEPARTMENT GANESHA UNIVERSITY OF EDUCATION

This research was designed in an experimental design called Post test only control-group design since the objectives of this research were to find out, first, the