Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros
| Ano de defesa: | 2021 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| dARK ID: | ark:/48912/001300002t9b6 |
| Idioma: | eng |
| Instituição de defesa: |
Universidade Federal de São Paulo
|
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | https://repositorio.unifesp.br/handle/11600/61279 |
Resumo: | The age of the Internet of Things is daily bringing the connection of new devices to the Internet, expecting fifty billion units by 2021. Internet of Things devices are nowadays one of the most relevant targets as an entrance for security attacks. LoRaWAN is a new wide-area wireless network technology used in Internet of Things long-range communication and it is specified to provide high data security resilience using end-to-end encryption. LoRaWAN application is a system of a system concept, and a commercial solution is usually shared with numerous parties. Then, LoRaWAN applications can operate with a third-party network server that can not be assumed as a trusted entity. In that scenario, the data can undergo an integrity attack. As the network server owns the network session key, the payload encryption is done using a XOR operation and the protocol specification is opened allowing to determine easily the data location. Furthermore, in a LoRaWAN specification version 1.0, the network server also knows the parameters to calculate an application session key that allows the network server to perform a confidentiality attack. This study aims to develop a security mechanism to improve data security resilience in LoRaWAN applications that use third-party network servers. Following that objective, an Internet of Things system was designed based on the LoRaWAN specification version 1.0. A prototype was built with Radioenge LoRa communication components in end device and gateway. The Things Network server was applied as network and application server. A risk assessment was executed to demonstrate the hazards of third-party network servers in data security. To mitigate the identified risks against unauthorized data access, a proprietary payload is proposed to be included in the application layer. The proprietary payload is formed by the data and the 4 last bytes of its SHA256 hash to delivery integrity in the application layer. Finally, the entire payload is encrypted by AES-CTR to provide confidentiality to the integrity parameter. To be easily reused in end devices of LoRaWAN applications, the proposed security mechanism was encapsulated in a library, and it is available in https://github.com/polimoraes/LoRaWANDataSecurity. In conclusion, when LoRaWAN is implemented with third-party network servers, it is essential to include additional security mechanisms to increase data security resilience, and the security mechanism developed in this work can provide resilience to LoRaWAN applications complied with 1.0 and 1.1 specification versions. |
| id |
UFSP_b12298cf5ad8ed80c2a2a1ef61b79cd1 |
|---|---|
| oai_identifier_str |
oai:repositorio.unifesp.br:11600/61279 |
| network_acronym_str |
UFSP |
| network_name_str |
Repositório Institucional da UNIFESP |
| repository_id_str |
|
| spelling |
Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de TerceirosData Security in LoRaWAN Network with Third-Party Network ServerLoRaWANSecurityInternet of ThingsThe age of the Internet of Things is daily bringing the connection of new devices to the Internet, expecting fifty billion units by 2021. Internet of Things devices are nowadays one of the most relevant targets as an entrance for security attacks. LoRaWAN is a new wide-area wireless network technology used in Internet of Things long-range communication and it is specified to provide high data security resilience using end-to-end encryption. LoRaWAN application is a system of a system concept, and a commercial solution is usually shared with numerous parties. Then, LoRaWAN applications can operate with a third-party network server that can not be assumed as a trusted entity. In that scenario, the data can undergo an integrity attack. As the network server owns the network session key, the payload encryption is done using a XOR operation and the protocol specification is opened allowing to determine easily the data location. Furthermore, in a LoRaWAN specification version 1.0, the network server also knows the parameters to calculate an application session key that allows the network server to perform a confidentiality attack. This study aims to develop a security mechanism to improve data security resilience in LoRaWAN applications that use third-party network servers. Following that objective, an Internet of Things system was designed based on the LoRaWAN specification version 1.0. A prototype was built with Radioenge LoRa communication components in end device and gateway. The Things Network server was applied as network and application server. A risk assessment was executed to demonstrate the hazards of third-party network servers in data security. To mitigate the identified risks against unauthorized data access, a proprietary payload is proposed to be included in the application layer. The proprietary payload is formed by the data and the 4 last bytes of its SHA256 hash to delivery integrity in the application layer. Finally, the entire payload is encrypted by AES-CTR to provide confidentiality to the integrity parameter. To be easily reused in end devices of LoRaWAN applications, the proposed security mechanism was encapsulated in a library, and it is available in https://github.com/polimoraes/LoRaWANDataSecurity. In conclusion, when LoRaWAN is implemented with third-party network servers, it is essential to include additional security mechanisms to increase data security resilience, and the security mechanism developed in this work can provide resilience to LoRaWAN applications complied with 1.0 and 1.1 specification versions.Conselho Nacional de Desenvolvimento Científico e Tecnológico (CNPq)Fundação de Amparo à Pesquisa do Estado de São Paulo (FAPESP)14/50937-115/24485-9465446/2014-0Universidade Federal de São Pauloda Conceição, Arlindo FlavioBatista, Danielhttp://lattes.cnpq.br/2934786440085983http://lattes.cnpq.br/1725477351660877http://lattes.cnpq.br/4759215146674764de Moraes, Poliana [UNIFESP]2021-07-16T13:58:51Z2021-07-16T13:58:51Z2021-06-10info:eu-repo/semantics/masterThesisinfo:eu-repo/semantics/publishedVersion103 f.application/pdfhttps://repositorio.unifesp.br/handle/11600/61279ark:/48912/001300002t9b6engOnlineinfo:eu-repo/semantics/openAccessreponame:Repositório Institucional da UNIFESPinstname:Universidade Federal de São Paulo (UNIFESP)instacron:UNIFESP2024-08-03T12:43:19Zoai:repositorio.unifesp.br:11600/61279Repositório InstitucionalPUBhttp://www.repositorio.unifesp.br/oai/requestbiblioteca.csp@unifesp.bropendoar:34652024-08-03T12:43:19Repositório Institucional da UNIFESP - Universidade Federal de São Paulo (UNIFESP)false |
| dc.title.none.fl_str_mv |
Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros Data Security in LoRaWAN Network with Third-Party Network Server |
| title |
Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros |
| spellingShingle |
Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros de Moraes, Poliana [UNIFESP] LoRaWAN Security Internet of Things |
| title_short |
Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros |
| title_full |
Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros |
| title_fullStr |
Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros |
| title_full_unstemmed |
Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros |
| title_sort |
Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros |
| author |
de Moraes, Poliana [UNIFESP] |
| author_facet |
de Moraes, Poliana [UNIFESP] |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
da Conceição, Arlindo Flavio Batista, Daniel http://lattes.cnpq.br/2934786440085983 http://lattes.cnpq.br/1725477351660877 http://lattes.cnpq.br/4759215146674764 |
| dc.contributor.author.fl_str_mv |
de Moraes, Poliana [UNIFESP] |
| dc.subject.por.fl_str_mv |
LoRaWAN Security Internet of Things |
| topic |
LoRaWAN Security Internet of Things |
| description |
The age of the Internet of Things is daily bringing the connection of new devices to the Internet, expecting fifty billion units by 2021. Internet of Things devices are nowadays one of the most relevant targets as an entrance for security attacks. LoRaWAN is a new wide-area wireless network technology used in Internet of Things long-range communication and it is specified to provide high data security resilience using end-to-end encryption. LoRaWAN application is a system of a system concept, and a commercial solution is usually shared with numerous parties. Then, LoRaWAN applications can operate with a third-party network server that can not be assumed as a trusted entity. In that scenario, the data can undergo an integrity attack. As the network server owns the network session key, the payload encryption is done using a XOR operation and the protocol specification is opened allowing to determine easily the data location. Furthermore, in a LoRaWAN specification version 1.0, the network server also knows the parameters to calculate an application session key that allows the network server to perform a confidentiality attack. This study aims to develop a security mechanism to improve data security resilience in LoRaWAN applications that use third-party network servers. Following that objective, an Internet of Things system was designed based on the LoRaWAN specification version 1.0. A prototype was built with Radioenge LoRa communication components in end device and gateway. The Things Network server was applied as network and application server. A risk assessment was executed to demonstrate the hazards of third-party network servers in data security. To mitigate the identified risks against unauthorized data access, a proprietary payload is proposed to be included in the application layer. The proprietary payload is formed by the data and the 4 last bytes of its SHA256 hash to delivery integrity in the application layer. Finally, the entire payload is encrypted by AES-CTR to provide confidentiality to the integrity parameter. To be easily reused in end devices of LoRaWAN applications, the proposed security mechanism was encapsulated in a library, and it is available in https://github.com/polimoraes/LoRaWANDataSecurity. In conclusion, when LoRaWAN is implemented with third-party network servers, it is essential to include additional security mechanisms to increase data security resilience, and the security mechanism developed in this work can provide resilience to LoRaWAN applications complied with 1.0 and 1.1 specification versions. |
| publishDate |
2021 |
| dc.date.none.fl_str_mv |
2021-07-16T13:58:51Z 2021-07-16T13:58:51Z 2021-06-10 |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
https://repositorio.unifesp.br/handle/11600/61279 |
| dc.identifier.dark.fl_str_mv |
ark:/48912/001300002t9b6 |
| url |
https://repositorio.unifesp.br/handle/11600/61279 |
| identifier_str_mv |
ark:/48912/001300002t9b6 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
103 f. application/pdf |
| dc.coverage.none.fl_str_mv |
Online |
| dc.publisher.none.fl_str_mv |
Universidade Federal de São Paulo |
| publisher.none.fl_str_mv |
Universidade Federal de São Paulo |
| dc.source.none.fl_str_mv |
reponame:Repositório Institucional da UNIFESP instname:Universidade Federal de São Paulo (UNIFESP) instacron:UNIFESP |
| instname_str |
Universidade Federal de São Paulo (UNIFESP) |
| instacron_str |
UNIFESP |
| institution |
UNIFESP |
| reponame_str |
Repositório Institucional da UNIFESP |
| collection |
Repositório Institucional da UNIFESP |
| repository.name.fl_str_mv |
Repositório Institucional da UNIFESP - Universidade Federal de São Paulo (UNIFESP) |
| repository.mail.fl_str_mv |
biblioteca.csp@unifesp.br |
| _version_ |
1848498052101308416 |