Thursday, October 27, 2016

LoRa Security issue

With all the issues occurred a week ago where an estimated 100000 end devices caused the flooding and lot of US services and websites being affected made ma to look more closely to the LoRa protocol. 

According to the specification of the LoRaWAN the MAC Frame Payload Encryption (FRMPayload 4.4.3) the encryption scheme used is based on the generic algorithm described in the IEEE 82.15.4/2006 using AES with a key length of 128 bits.

Looking on the key this can be NwkSKey if FPort is zero or AppSKey if FPort is 0x01 ..0xFF. So it is a fixed key. This key is used to encrypt / decrypt as I've explained in this blog post. 

The problem appears on the first frame when every time will have the same key and probably the same data, so if someone is intercepting this for few times the key K and Ai can be found.

Si=aes128_encrypt(K,Ai)

Since the Ai is the same the only way to keep the LoRaWAN secure is to send as first data a RANDOM payload and maybe also an random value of FCntUp. 

In this way will be harder to find the K and decode the payload. 

I hope that the next version of LoRaWAN protocol will address the security issues we encounter these days.




No comments:

Post a Comment