The changing vulnerability and threat landscape constantly challenge the security of wireless communication standards and protocols. For the Internet of Things (IoT), LoRaWAN is one of the dominant technologies for urban environments, industrial settings, or critical infrastructures due to its low-power and long-range capabilities. LoRaWAN IoT deployments are expected to operate for multiple years or even decades. Hence, it is imperative to maintain operational security at all times while continuously evolving the security of the standard and its implementations. We survey LoRaWAN security and follow a systematic and evolvable approach that can be dynamically updated. To this end, we propose a novel methodology to create evolvable surveys which relate the analyzed critical security concepts, thus allowing IT security experts to reason about LoRaWAN security properties over time. With this, we provide a tool to hardware manufacturers, software developers and providers, and network operators to achieve sustainable security for IoT deployments.

References

[1]

Ferran Adelantado, Xavier Vilajosana, Pere Tuset-Peiro, Borja Martinez, Joan Melia-Segui, and Thomas Watteyne. 2017. Understanding the limits of LoRaWAN. IEEE Communications Magazine 55, 9 (92017), 34–40. DOI:

Name	Provider	Purpose	Maximum Storage Duration	Type
__cf_bm [x2]	ACM	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	1 day	HTTP Cookie
__jid	c.disquscdn.com	Used to add comments to the website and remember the user's Disqus login credentials across websites that use said service.	Session	HTTP Cookie
disqusauth	c.disquscdn.com	Registers whether the user is logged in. This allows the website owner to make parts of the website inaccessible, based on the user's log-in status.	Session	HTTP Cookie
_cfuvid	ACM	This cookie is a part of the services provided by Cloudflare - Including load-balancing, deliverance of website content and serving DNS connection for website operators.	Session	HTTP Cookie
CookieConsent	Cookiebot	Stores the user's cookie consent state for the current domain	1 year	HTTP Cookie
JSESSIONID	ACM	Preserves users states across page requests.	Session	HTTP Cookie
_gh_sess	Github	Preserves users states across page requests.	Session	HTTP Cookie
logged_in	Github	Registers whether the user is logged in. This allows the website owner to make parts of the website inaccessible, based on the user's log-in status.	1 year	HTTP Cookie
1.gif	Cookiebot	Used to count the number of sessions to the website, necessary for optimizing CMP product delivery.	Session	Pixel Tracker

Name	Provider	Purpose	Maximum Storage Duration	Type
aet-dismiss	c.disquscdn.com	Necessary for the functionality of the website's comment-system.	Persistent	HTML Local Storage
drafts.queue	c.disquscdn.com	Necessary for the functionality of the website's comment-system.	Persistent	HTML Local Storage
submitted_posts_cache	c.disquscdn.com	Necessary for the functionality of the website's comment-system.	Persistent	HTML Local Storage
mopDeploy	Mopinion	Pending	Session	HTML Local Storage
MACHINE_LAST_SEEN	ACM	Pending	300 days	HTTP Cookie

Name	Provider	Purpose	Maximum Storage Duration	Type
_ga	Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years	HTTP Cookie
_ga_#	Google	Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit.	2 years	HTTP Cookie
_gat	Google	Used by Google Analytics to throttle request rate	1 day	HTTP Cookie
_gid	Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 day	HTTP Cookie
_hjSession_#	Hotjar	Collects statistics on the visitor's visits to the website, such as the number of visits, average time spent on the website and what pages have been read.	1 day	HTTP Cookie
_hjSessionUser_#	Hotjar	Collects statistics on the visitor's visits to the website, such as the number of visits, average time spent on the website and what pages have been read.	1 year	HTTP Cookie
_hjTLDTest	Hotjar	Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.	Session	HTTP Cookie
_hp2_#	Heap Analytics	Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.	1 day	HTTP Cookie
_hp2_hld#.#	Heap Analytics	Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.	1 day	HTTP Cookie
_hp2_id.#	Heap Analytics	Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.	13 months	HTTP Cookie
_hp2_ses_props.#	Heap Analytics	Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.	1 day	HTTP Cookie
disqus_unique	c.disquscdn.com	Collects statistics related to the user's visits to the website, such as number of visits, average time spent on the website and loaded pages.	Session	HTTP Cookie
_octo	Github	Pending	1 year	HTTP Cookie
collect	Google	Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.	Session	Pixel Tracker
hjActiveViewportIds	Hotjar	This cookie contains an ID string on the current session. This contains non-personal information on what subpages the visitor enters – this information is used to optimize the visitor's experience.	Persistent	HTML Local Storage
hjViewportId	Hotjar	Saves the user's screen size in order to adjust the size of images on the website.	Session	HTML Local Storage

Name	Provider	Purpose	Maximum Storage Duration	Type
badges-message	c.disquscdn.com	Collects data on the visitor’s use of the comment system on the website, and what blogs/articles the visitor has read. This can be used for marketing purposes.	Persistent	HTML Local Storage
NID	Google	Pending	6 months	HTTP Cookie
api/telemetry	Heap Analytics	Collects data on user behaviour and interaction in order to optimize the website and make advertisement on the website more relevant.	Session	Pixel Tracker
h	Heap Analytics	Collects data on user behaviour and interaction in order to optimize the website and make advertisement on the website more relevant.	Session	Pixel Tracker
#-#	YouTube	Used to track user’s interaction with embedded content.	Session	HTML Local Storage
iU5q-!O9@$	YouTube	Registers a unique ID to keep statistics of what videos from YouTube the user has seen.	Session	HTML Local Storage
LAST_RESULT_ENTRY_KEY	YouTube	Used to track user’s interaction with embedded content.	Session	HTTP Cookie
LogsDatabaseV2:V#\|\|LogsRequestsStore	YouTube	Used to track user’s interaction with embedded content.	Persistent	IndexedDB
nextId	YouTube	Used to track user’s interaction with embedded content.	Session	HTTP Cookie
remote_sid	YouTube	Necessary for the implementation and functionality of YouTube video-content on the website.	Session	HTTP Cookie
requests	YouTube	Used to track user’s interaction with embedded content.	Session	HTTP Cookie
TESTCOOKIESENABLED	YouTube	Used to track user’s interaction with embedded content.	1 day	HTTP Cookie
VISITOR_INFO1_LIVE	YouTube	Pending	180 days	HTTP Cookie
YSC	YouTube	Pending	Session	HTTP Cookie
yt.innertube::nextId	YouTube	Registers a unique ID to keep statistics of what videos from YouTube the user has seen.	Persistent	HTML Local Storage
ytidb::LAST_RESULT_ENTRY_KEY	YouTube	Used to track user’s interaction with embedded content.	Persistent	HTML Local Storage
YtIdbMeta#databases	YouTube	Used to track user’s interaction with embedded content.	Persistent	IndexedDB
yt-remote-cast-available	YouTube	Stores the user's video player preferences using embedded YouTube video	Session	HTML Local Storage
yt-remote-cast-installed	YouTube	Stores the user's video player preferences using embedded YouTube video	Session	HTML Local Storage
yt-remote-connected-devices	YouTube	Stores the user's video player preferences using embedded YouTube video	Persistent	HTML Local Storage
yt-remote-device-id	YouTube	Stores the user's video player preferences using embedded YouTube video	Persistent	HTML Local Storage
yt-remote-fast-check-period	YouTube	Stores the user's video player preferences using embedded YouTube video	Session	HTML Local Storage
yt-remote-session-app	YouTube	Stores the user's video player preferences using embedded YouTube video	Session	HTML Local Storage
yt-remote-session-name	YouTube	Stores the user's video player preferences using embedded YouTube video	Session	HTML Local Storage

Name	Provider	Purpose	Maximum Storage Duration	Type
disqus.thread	c.disquscdn.com	Pending	Persistent	HTML Local Storage
10.1145%2F3597501_pdf	ACM	Pending	Persistent	HTML Local Storage
10.1145%2F3641524_pdf	ACM	Pending	Persistent	HTML Local Storage
article_reader_settings	ACM	Pending	Persistent	HTML Local Storage
book_reader_settings	ACM	Pending	Persistent	HTML Local Storage
chapter_reader_settings	ACM	Pending	Persistent	HTML Local Storage
issue_reader_settings	ACM	Pending	Persistent	HTML Local Storage
MAID	ACM	Pending	300 days	HTTP Cookie
tipKey	ACM	Pending	Persistent	HTML Local Storage
GSP	Google	Pending	400 days	HTTP Cookie

Abstract

References

Cited By

Index Terms

Recommendations

Selective Jamming of LoRaWAN using Commodity Hardware

Analysis of LoRaWAN v1.1 security: research paper

IoT security vulnerabilities and predictive signal jamming attack analysis in LoRaWAN

Comments

Information

Published In

Publisher

Journal Family

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Figures

Other

Share

Share this Publication link

Share on social media

Get Access

Login options

Full Access

References

Affiliations