LoRa and LoRaWAN have soared in popularity in the IoT, as an inexpensive connectivity option for rural and low-power devices, however they cannot be considered a secure or securable technology.
What is LoRaWAN?
LoRaWAN (Long Range Wide Area Network) is a low-power wide-area network (LPWAN) protocol developed back in 2012 for the Internet of Things (IoT) and acquired by Semtech. It is based on spread spectrum modulation techniques derived from chirp spread spectrum (CSS) technology.
NB-IoT and LTE-M are also LPWANs, however they are based on cellular (mobile) network infrastructure. LoRaWAN, on the other hand, belongs to the category of non-cellular LPWAN wireless communication network protocols.
The LoRa Alliance was developed to foster interoperability for the LoRaWAN mobile network operators who want to use unlicensed spectrum to communicate with IoT devices in their network.
How does it work?
LoRa-based devices have a module that communicates to a centrally located gateway equipped with an antenna (the same functionality as a router or a cellular base station). We can say that these gateways form a path from the device through a radio frequency to its end node.
What is it used for?
LoRaWAN is a better fit for public wide-area networks because all the channels are tuned to the same frequencies. For single-area use, it’s better to have only one network operating in order to avoid collision problems.
The LoRa Alliance takes pride in their solutions for smart cities because many of the use cases are simple sensors with infrequent transmission, such as meters that transmit automatically. Other use cases include smart homes, smart buildings, and agriculture. Some even suggest that LoRaWan is a more secure alternative to WiFi (however we will dispute this later).
Why choose Lo-RaWAN?
- Basic technology which doesn’t require much knowledge
- Operates on low-power on a wide area of up to 10km mostly in rural areas
- Demodulates simultaneous signals at the same frequency
- Widely adopted technology with years of history in the connectivity world
- Good for devices with limited energy consumption (battery powered) such as sensors for healthcare systems, smart metering, etc.
The Problem: Security
Today, where the Internet of Things (IoT) has become a primary target for cybercriminals, security plays a central role in keeping everything in order. The recurrent security incidents on IoT devices represent a rising trend for IoT attacks.
With increasing awareness of user data privacy, data security has become a serious concern in every communication protocol.
Although LoRaWAN is meant to help connect low powered devices, it comes with a significant amount of risk. Two layers of encryption would have you believe data is secure, however a report by IoActive at the beginning of this year showed clearly why we should not fully trust this connectivity solution.
- One of the main concerns explained across the internet is using the transmission of data via radio frequencies (A LoRaWAN practice which is unsafe and easy to target by hackers.) An example of this is switching keys from these devices via reverse engineering. Some of these devices use easily guessable encryption keys such as App key = device identifier + app identifier, and more as such.
- This leads to a vulnerable network therefore prone to multiple DoS attacks, interception and data misplacement. The new protocols can have a more complex encryption path but companies which have operated on LoRaWAN’s older legacy cannot update to the new one given the network’s limitations. Furthermore companies don’t have the right capabilities to detect these incidents making them subject to failure and being hacked!
Researchers have also found that it is possible to jam LoRaWAN devices using just an Arduino platform and a LoRaWAN module by flooding messages at the right frequency. Replay attacks, which involve replaying or repeating valid messages are also easily accomplished if the frequency is known. Combining both of these attacks into a wormhole attack allows messages in one network to be sent to a gateway in another network, and is difficult to detect.
Although encryption and some solutions are offered, LoRaWAN cannot be considered safe enough for mission-critical devices or infrastructure. Furthermore, outside of the realm of the GSMA or other global governing organizations, the future of LoRaWAN security relies, essentially, on self-regulation by Semtech and the LoRaWAN Alliance alone.
What are the downsides to LoRaWAN?
Apart from security concerns, some major risks involve the coexistence of multiple gateways which can create interference. Because LoRaWAN networks are all using the same radio frequencies, LoRaWAN networks see all LoRaWAN traffic, and therefore are not, in reality, a private network.
LoRaWAN architecture has significant packet loss built-in, so if critical and timely data is a factor, LoRaWAN simply won’t do. While duty-cycle based availability enables low power, it also means significant data loss. Over 80% of packets may never be transmitted. LoRaWAN technology is not a suitable solution for industrial automation, given that industrial control loops may require response times from 1ms to 100 ms.
- Available on free radio frequencies therefore susceptible to attacks
- Slow transmissions rates
- Incurs interference issues
- Limited capabilities and global coverage – uses sub-GHz ISM for which there are no universal bands therefore making it very difficult to sell worldwide.
- Vulnerable to threats which can lead to catastrophic cases (traffic metering, healthcare sensors and machinery)
- low data volume, no capacity for photos or video streaming, realtime data
- based on a duty-cycle (parameter with limited time in which the channel can be occupied)
The most common cellular alternatives to LoRaWAN include LTE-M (Long Term Evolution for Machines) and NB-IoT (Narrow Band IoT). LTE-M, which includes eMTC (enhanced Machine Type Communication), is a type of low power wide area network radio technology developed to enable a wide range of cellular devices and services. NB-IoT has been developed to enable efficient communication, long battery life for mass distributed devices, and lower costs for wide geographical footprints as well as functionality deep within urban infrastructure.
NB-IoT (also known as LTE Cat-NB1/NB2) and LTE-M (LTE Cat-M1/M2), are technologies developed by the global standards organization 3GPP.
With a slightly higher refresh rate compared to IoT protocols like LoRaWAN, NB-IoT is perfect for use cases where remote, stationary data connectivity is a requirement (think smart metering for fuel tanks, smart parking, etc).
LTE-M and NB-IoT are rising in popularity due to range and battery life, connectivity and service. Also NB-IoT will serve much of the 5G world of connectivity which LoRaWAN is not prepared for!
What about 5G? No problem. NB-IoT and LTE-M will form part of the 5G connectivity fabric. Find more in this Ericsson Study here.
NB-IoT and LTE-M are seeing great expansion as more mobile networks the world over add these network types to their existing infrastructure. Most importantly, as they are based on cellular infrastructure, they are not prone to the same attacks that LoRaWAN networks are. This means that data and devices can be protected against threats to data over mobile network infrastructure with existing technologies and solutions.
The Best of Both Worlds
LoRaWAN + Cellular for IIoT
In a manufacturing model, putting SIM cards in each device is not ideal, nor is transmitting all data through a wider LoRaWAN network grid to arrive at your data centers. By combining a local LoRaWAN network with cellular routers, you can benefit from the low cost of LoRaWAN at a local network level while also enjoying the security and coverage of cellular coverage. Not all mobile networks are secured however, and it is critical to protect your routers and data with a secure signalling firewall like that offered by ZARIOT .