Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros

Detalhes bibliográficos
Ano de defesa: 2021
Autor(a) principal: de Moraes, Poliana [UNIFESP]
Orientador(a): da Conceição, Arlindo Flavio
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
dARK ID: ark:/48912/001300002t9b6
Idioma: eng
Instituição de defesa: Universidade Federal de São Paulo
Programa de Pós-Graduação: Não Informado pela instituição
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
LoRaWAN
Security
Internet of Things
Link de acesso: https://repositorio.unifesp.br/handle/11600/61279
Resumo: The age of the Internet of Things is daily bringing the connection of new devices to the Internet, expecting fifty billion units by 2021. Internet of Things devices are nowadays one of the most relevant targets as an entrance for security attacks. LoRaWAN is a new wide-area wireless network technology used in Internet of Things long-range communication and it is specified to provide high data security resilience using end-to-end encryption. LoRaWAN application is a system of a system concept, and a commercial solution is usually shared with numerous parties. Then, LoRaWAN applications can operate with a third-party network server that can not be assumed as a trusted entity. In that scenario, the data can undergo an integrity attack. As the network server owns the network session key, the payload encryption is done using a XOR operation and the protocol specification is opened allowing to determine easily the data location. Furthermore, in a LoRaWAN specification version 1.0, the network server also knows the parameters to calculate an application session key that allows the network server to perform a confidentiality attack. This study aims to develop a security mechanism to improve data security resilience in LoRaWAN applications that use third-party network servers. Following that objective, an Internet of Things system was designed based on the LoRaWAN specification version 1.0. A prototype was built with Radioenge LoRa communication components in end device and gateway. The Things Network server was applied as network and application server. A risk assessment was executed to demonstrate the hazards of third-party network servers in data security. To mitigate the identified risks against unauthorized data access, a proprietary payload is proposed to be included in the application layer. The proprietary payload is formed by the data and the 4 last bytes of its SHA256 hash to delivery integrity in the application layer. Finally, the entire payload is encrypted by AES-CTR to provide confidentiality to the integrity parameter. To be easily reused in end devices of LoRaWAN applications, the proposed security mechanism was encapsulated in a library, and it is available in https://github.com/polimoraes/LoRaWANDataSecurity. In conclusion, when LoRaWAN is implemented with third-party network servers, it is essential to include additional security mechanisms to increase data security resilience, and the security mechanism developed in this work can provide resilience to LoRaWAN applications complied with 1.0 and 1.1 specification versions.
id UFSP_b12298cf5ad8ed80c2a2a1ef61b79cd1
oai_identifier_str oai:repositorio.unifesp.br:11600/61279
network_acronym_str UFSP
network_name_str Repositório Institucional da UNIFESP
repository_id_str
spelling http://lattes.cnpq.br/2934786440085983http://lattes.cnpq.br/1725477351660877de Moraes, Poliana [UNIFESP]http://lattes.cnpq.br/4759215146674764da Conceição, Arlindo FlavioBatista, DanielOnline2021-07-16T13:58:51Z2021-07-16T13:58:51Z2021-06-10The age of the Internet of Things is daily bringing the connection of new devices to the Internet, expecting fifty billion units by 2021. Internet of Things devices are nowadays one of the most relevant targets as an entrance for security attacks. LoRaWAN is a new wide-area wireless network technology used in Internet of Things long-range communication and it is specified to provide high data security resilience using end-to-end encryption. LoRaWAN application is a system of a system concept, and a commercial solution is usually shared with numerous parties. Then, LoRaWAN applications can operate with a third-party network server that can not be assumed as a trusted entity. In that scenario, the data can undergo an integrity attack. As the network server owns the network session key, the payload encryption is done using a XOR operation and the protocol specification is opened allowing to determine easily the data location. Furthermore, in a LoRaWAN specification version 1.0, the network server also knows the parameters to calculate an application session key that allows the network server to perform a confidentiality attack. This study aims to develop a security mechanism to improve data security resilience in LoRaWAN applications that use third-party network servers. Following that objective, an Internet of Things system was designed based on the LoRaWAN specification version 1.0. A prototype was built with Radioenge LoRa communication components in end device and gateway. The Things Network server was applied as network and application server. A risk assessment was executed to demonstrate the hazards of third-party network servers in data security. To mitigate the identified risks against unauthorized data access, a proprietary payload is proposed to be included in the application layer. The proprietary payload is formed by the data and the 4 last bytes of its SHA256 hash to delivery integrity in the application layer. Finally, the entire payload is encrypted by AES-CTR to provide confidentiality to the integrity parameter. To be easily reused in end devices of LoRaWAN applications, the proposed security mechanism was encapsulated in a library, and it is available in https://github.com/polimoraes/LoRaWANDataSecurity. In conclusion, when LoRaWAN is implemented with third-party network servers, it is essential to include additional security mechanisms to increase data security resilience, and the security mechanism developed in this work can provide resilience to LoRaWAN applications complied with 1.0 and 1.1 specification versions.Conselho Nacional de Desenvolvimento Científico e Tecnológico (CNPq)Fundação de Amparo à Pesquisa do Estado de São Paulo (FAPESP)14/50937-115/24485-9465446/2014-0103 f.https://repositorio.unifesp.br/handle/11600/61279ark:/48912/001300002t9b6engUniversidade Federal de São Pauloinfo:eu-repo/semantics/openAccessLoRaWANSecurityInternet of ThingsSegurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de TerceirosData Security in LoRaWAN Network with Third-Party Network Serverinfo:eu-repo/semantics/masterThesisinfo:eu-repo/semantics/publishedVersionreponame:Repositório Institucional da UNIFESPinstname:Universidade Federal de São Paulo (UNIFESP)instacron:UNIFESPNão se aplicaNão se aplicaInstituto de Ciência e Tecnologia (ICT)Não se aplicaNão se aplicaNão se aplicaNão se aplicaMestrado Profissional Interdisciplinar em Inovação TecnológicaOutraTecnologia da Informação e ComunicaçãoORIGINALDissertação_Entrega_Poliana_Moraes.pdfDissertação_Entrega_Poliana_Moraes.pdfapplication/pdf3422242https://repositorio.unifesp.br/bitstreams/b9b72811-e13a-47f5-952f-f634d6a2c0e4/download9c7ed6b83bb18ff55f18232e5652f61fMD51LICENSElicense.txtlicense.txttext/plain; charset=utf-85840https://repositorio.unifesp.br/bitstreams/0b1a49fe-1188-4d0f-8cfd-a41b0f893823/download73e095b12c643c8770857a151d3bb57aMD52TEXTDissertação_Entrega_Poliana_Moraes.pdf.txtDissertação_Entrega_Poliana_Moraes.pdf.txtExtracted texttext/plain100211https://repositorio.unifesp.br/bitstreams/58cf05e2-212d-4acf-b1f4-b77f6d7037dc/downloadd41d93afd3595598e499ab01b23d5aceMD530THUMBNAILDissertação_Entrega_Poliana_Moraes.pdf.jpgDissertação_Entrega_Poliana_Moraes.pdf.jpgGenerated Thumbnailimage/jpeg3506https://repositorio.unifesp.br/bitstreams/73af8372-1409-4134-8090-512212f653cf/download219dacb9972f56f15e9ba09fdaedb19cMD53111600/612792024-08-03 12:43:19.699oai:repositorio.unifesp.br:11600/61279https://repositorio.unifesp.brRepositório InstitucionalPUBhttp://www.repositorio.unifesp.br/oai/requestbiblioteca.csp@unifesp.bropendoar:34652024-08-03T12:43:19Repositório Institucional da UNIFESP - Universidade Federal de São Paulo (UNIFESP)falseVEVSTU9TIEUgQ09OREnDh8OVRVMgUEFSQSBPIExJQ0VOQ0lBTUVOVE8gRE8gQVJRVUlWQU1FTlRPLCBSRVBST0RVw4fDg08gRSBESVZVTEdBw4fDg08gUMOaQkxJQ0EgREUgQ09OVEXDmkRPIE5PIFJFUE9TSVTDk1JJTyBJTlNUSVRVQ0lPTkFMIFVOSUZFU1AKCjEuIEV1LCBQb2xpYW5hIE1vcmFlcyAocG9saWFuYS5tb3JhZXNAdW5pZmVzcC5iciksIHJlc3BvbnPDoXZlbCBwZWxvIHRyYWJhbGhvIOKAnFNlZ3VyYW7Dp2EgQ2liZXJuw6l0aWNhIGRlIERhZG9zIGVtIFJlZGVzIExvUmFXQU4gY29tIFNlcnZpZG9yZXMgZGUgUmVkZSBkZSBUZXJjZWlyb3PigJ0gZS9vdSB1c3XDoXJpby1kZXBvc2l0YW50ZSBubyBSZXBvc2l0w7NyaW8gSW5zdGl0dWNpb25hbCBVTklGRVNQLGFzc2VndXJvIG5vIHByZXNlbnRlIGF0byBxdWUgc291IHRpdHVsYXIgZG9zIGRpcmVpdG9zIGF1dG9yYWlzIHBhdHJpbW9uaWFpcyBlL291IGRpcmVpdG9zIGNvbmV4b3MgcmVmZXJlbnRlcyDDoCB0b3RhbGlkYWRlIGRhIE9icmEgb3JhIGRlcG9zaXRhZGEgZW0gZm9ybWF0byBkaWdpdGFsLCBiZW0gY29tbyBkZSBzZXVzIGNvbXBvbmVudGVzIG1lbm9yZXMsIGVtIHNlIHRyYXRhbmRvIGRlIG9icmEgY29sZXRpdmEsIGNvbmZvcm1lIG8gcHJlY2VpdHVhZG8gcGVsYSBMZWkgOS42MTAvOTggZS9vdSBMZWkgOS42MDkvOTguIE7Do28gc2VuZG8gZXN0ZSBvIGNhc28sIGFzc2VndXJvIHRlciBvYnRpZG8gZGlyZXRhbWVudGUgZG9zIGRldmlkb3MgdGl0dWxhcmVzIGF1dG9yaXphw6fDo28gcHLDqXZpYSBlIGV4cHJlc3NhIHBhcmEgbyBkZXDDs3NpdG8gZSBwYXJhIGEgZGl2dWxnYcOnw6NvIGRhIE9icmEsIGFicmFuZ2VuZG8gdG9kb3Mgb3MgZGlyZWl0b3MgYXV0b3JhaXMgZSBjb25leG9zIGFmZXRhZG9zIHBlbGEgYXNzaW5hdHVyYSBkbyBwcmVzZW50ZSB0ZXJtbyBkZSBsaWNlbmNpYW1lbnRvLCBkZSBtb2RvIGEgZWZldGl2YW1lbnRlIGlzZW50YXIgYSBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBTw6NvIFBhdWxvIChVTklGRVNQKSBlIHNldXMgZnVuY2lvbsOhcmlvcyBkZSBxdWFscXVlciByZXNwb25zYWJpbGlkYWRlIHBlbG8gdXNvIG7Do28tYXV0b3JpemFkbyBkbyBtYXRlcmlhbCBkZXBvc2l0YWRvLCBzZWphIGVtIHZpbmN1bGHDp8OjbyBhbyBSZXBvc2l0w7NyaW8gSW5zdGl0dWNpb25hbCBVTklGRVNQLCBzZWphIGVtIHZpbmN1bGHDp8OjbyBhIHF1YWlzcXVlciBzZXJ2acOnb3MgZGUgYnVzY2EgZSBkZSBkaXN0cmlidWnDp8OjbyBkZSBjb250ZcO6ZG8gcXVlIGZhw6dhbSB1c28gZGFzIGludGVyZmFjZXMgZSBlc3Bhw6dvIGRlIGFybWF6ZW5hbWVudG8gcHJvdmlkZW5jaWFkb3MgcGVsYSBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBTw6NvIFBhdWxvIChVTklGRVNQKSBwb3IgbWVpbyBkZSBzZXVzIHNpc3RlbWFzIGluZm9ybWF0aXphZG9zLgoKMi4gQSBjb25jb3Jkw6JuY2lhIGNvbSBlc3RhIGxpY2Vuw6dhIHRlbSBjb21vIGNvbnNlcXXDqm5jaWEgYSB0cmFuc2ZlcsOqbmNpYSwgYSB0w610dWxvIG7Do28tZXhjbHVzaXZvIGUgbsOjby1vbmVyb3NvLCBpc2VudGEgZG8gcGFnYW1lbnRvIGRlIHJveWFsdGllcyBvdSBxdWFscXVlciBvdXRyYSBjb250cmFwcmVzdGHDp8OjbywgcGVjdW5pw6FyaWEgb3UgbsOjbywgw6AgVW5pdmVyc2lkYWRlIEZlZGVyYWwgZGUgU8OjbyBQYXVsbyAoVU5JRkVTUCkgZG9zIGRpcmVpdG9zIGRlIGFybWF6ZW5hciBkaWdpdGFsbWVudGUsIGRlIHJlcHJvZHV6aXIgZSBkZSBkaXN0cmlidWlyIG5hY2lvbmFsIGUgaW50ZXJuYWNpb25hbG1lbnRlIGEgT2JyYSwgaW5jbHVpbmRvLXNlIG8gc2V1IHJlc3Vtby9hYnN0cmFjdCwgcG9yIG1laW9zIGVsZXRyw7RuaWNvcyBhbyBww7pibGljbyBlbSBnZXJhbCwgZW0gcmVnaW1lIGRlIGFjZXNzbyBhYmVydG8uCgozLiBBIHByZXNlbnRlIGxpY2Vuw6dhIHRhbWLDqW0gYWJyYW5nZSwgbm9zIG1lc21vcyB0ZXJtb3MgZXN0YWJlbGVjaWRvcyBubyBpdGVtIDIsIHN1cHJhLCBxdWFscXVlciBkaXJlaXRvIGRlIGNvbXVuaWNhw6fDo28gYW8gcMO6YmxpY28gY2Fiw612ZWwgZW0gcmVsYcOnw6NvIMOgIE9icmEgb3JhIGRlcG9zaXRhZGEsIGluY2x1aW5kby1zZSBvcyB1c29zIHJlZmVyZW50ZXMgw6AgcmVwcmVzZW50YcOnw6NvIHDDumJsaWNhIGUvb3UgZXhlY3XDp8OjbyBww7pibGljYSwgYmVtIGNvbW8gcXVhbHF1ZXIgb3V0cmEgbW9kYWxpZGFkZSBkZSBjb211bmljYcOnw6NvIGFvIHDDumJsaWNvIHF1ZSBleGlzdGEgb3UgdmVuaGEgYSBleGlzdGlyLCBub3MgdGVybW9zIGRvIGFydGlnbyA2OCBlIHNlZ3VpbnRlcyBkYSBMZWkgOS42MTAvOTgsIG5hIGV4dGVuc8OjbyBxdWUgZm9yIGFwbGljw6F2ZWwgYW9zIHNlcnZpw6dvcyBwcmVzdGFkb3MgYW8gcMO6YmxpY28gcGVsYSBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBTw6NvIFBhdWxvIChVTklGRVNQKS4KCjQuIEVzdGEgbGljZW7Dp2EgYWJyYW5nZSwgYWluZGEsIG5vcyBtZXNtb3MgdGVybW9zIGVzdGFiZWxlY2lkb3Mgbm8gaXRlbSAyLCBzdXByYSwgdG9kb3Mgb3MgZGlyZWl0b3MgY29uZXhvcyBkZSBhcnRpc3RhcyBpbnTDqXJwcmV0ZXMgb3UgZXhlY3V0YW50ZXMsIHByb2R1dG9yZXMgZm9ub2dyw6FmaWNvcyBvdSBlbXByZXNhcyBkZSByYWRpb2RpZnVzw6NvIHF1ZSBldmVudHVhbG1lbnRlIHNlamFtIGFwbGljw6F2ZWlzIGVtIHJlbGHDp8OjbyDDoCBvYnJhIGRlcG9zaXRhZGEsIGVtIGNvbmZvcm1pZGFkZSBjb20gbyByZWdpbWUgZml4YWRvIG5vIFTDrXR1bG8gViBkYSBMZWkgOS42MTAvOTguCgo1LiBTZSBhIE9icmEgZGVwb3NpdGFkYSBmb2kgb3Ugw6kgb2JqZXRvIGRlIGZpbmFuY2lhbWVudG8gcG9yIGluc3RpdHVpw6fDtWVzIGRlIGZvbWVudG8gw6AgcGVzcXVpc2Egb3UgcXVhbHF1ZXIgb3V0cmEgc2VtZWxoYW50ZSwgdm9jw6ogb3UgbyB0aXR1bGFyIGFzc2VndXJhIHF1ZSBjdW1wcml1IHRvZGFzIGFzIG9icmlnYcOnw7VlcyBxdWUgbGhlIGZvcmFtIGltcG9zdGFzIHBlbGEgaW5zdGl0dWnDp8OjbyBmaW5hbmNpYWRvcmEgZW0gcmF6w6NvIGRvIGZpbmFuY2lhbWVudG8sIGUgcXVlIG7Do28gZXN0w6EgY29udHJhcmlhbmRvIHF1YWxxdWVyIGRpc3Bvc2nDp8OjbyBjb250cmF0dWFsIHJlZmVyZW50ZSDDoCBwdWJsaWNhw6fDo28gZG8gY29udGXDumRvIG9yYSBzdWJtZXRpZG8gYW8gUmVwb3NpdMOzcmlvIEluc3RpdHVjaW9uYWwgVU5JRkVTUC4KIAo2LiBBdXRvcml6YSBhIFVuaXZlcnNpZGFkZSBGZWRlcmFsIGRlIFPDo28gUGF1bG8gYSBkaXNwb25pYmlsaXphciBhIG9icmEgbm8gUmVwb3NpdMOzcmlvIEluc3RpdHVjaW9uYWwgVU5JRkVTUCBkZSBmb3JtYSBncmF0dWl0YSwgZGUgYWNvcmRvIGNvbSBhIGxpY2Vuw6dhIHDDumJsaWNhIENyZWF0aXZlIENvbW1vbnM6IEF0cmlidWnDp8Ojby1TZW0gRGVyaXZhw6fDtWVzLVNlbSBEZXJpdmFkb3MgNC4wIEludGVybmFjaW9uYWwgKENDIEJZLU5DLU5EKSwgcGVybWl0aW5kbyBzZXUgbGl2cmUgYWNlc3NvLCB1c28gZSBjb21wYXJ0aWxoYW1lbnRvLCBkZXNkZSBxdWUgY2l0YWRhIGEgZm9udGUuIEEgb2JyYSBjb250aW51YSBwcm90ZWdpZGEgcG9yIERpcmVpdG9zIEF1dG9yYWlzIGUvb3UgcG9yIG91dHJhcyBsZWlzIGFwbGljw6F2ZWlzLiBRdWFscXVlciB1c28gZGEgb2JyYSwgcXVlIG7Do28gbyBhdXRvcml6YWRvIHNvYiBlc3RhIGxpY2Vuw6dhIG91IHBlbGEgbGVnaXNsYcOnw6NvIGF1dG9yYWwsIMOpIHByb2liaWRvLiAgCgo3LiBBdGVzdGEgcXVlIGEgT2JyYSBzdWJtZXRpZGEgbsOjbyBjb250w6ltIHF1YWxxdWVyIGluZm9ybWHDp8OjbyBjb25maWRlbmNpYWwgc3VhIG91IGRlIHRlcmNlaXJvcy4KCjguIEF0ZXN0YSBxdWUgbyB0cmFiYWxobyBzdWJtZXRpZG8gw6kgb3JpZ2luYWwgZSBmb2kgZWxhYm9yYWRvIHJlc3BlaXRhbmRvIG9zIHByaW5jw61waW9zIGRhIG1vcmFsIGUgZGEgw6l0aWNhIGUgbsOjbyB2aW9sb3UgcXVhbHF1ZXIgZGlyZWl0byBkZSBwcm9wcmllZGFkZSBpbnRlbGVjdHVhbCwgc29iIHBlbmEgZGUgcmVzcG9uZGVyIGNpdmlsLCBjcmltaW5hbCwgw6l0aWNhIGUgcHJvZmlzc2lvbmFsbWVudGUgcG9yIG1ldXMgYXRvczsKCjkuIEF0ZXN0YSBxdWUgYSB2ZXJzw6NvIGRvIHRyYWJhbGhvIHByZXNlbnRlIG5vIGFycXVpdm8gc3VibWV0aWRvIMOpIGEgdmVyc8OjbyBkZWZpbml0aXZhIHF1ZSBpbmNsdWkgYXMgYWx0ZXJhw6fDtWVzIGRlY29ycmVudGVzIGRhIGRlZmVzYSwgc29saWNpdGFkYXMgcGVsYSBiYW5jYSwgc2UgaG91dmUgYWxndW1hLCBvdSBzb2xpY2l0YWRhcyBwb3IgcGFydGUgZGUgb3JpZW50YcOnw6NvIGRvY2VudGUgcmVzcG9uc8OhdmVsOwoKMTAuIENvbmNlZGUgw6AgVW5pdmVyc2lkYWRlIEZlZGVyYWwgZGUgU8OjbyBQYXVsbyAoVU5JRkVTUCkgbyBkaXJlaXRvIG7Do28gZXhjbHVzaXZvIGRlIHJlYWxpemFyIHF1YWlzcXVlciBhbHRlcmHDp8O1ZXMgbmEgbcOtZGlhIG91IG5vIGZvcm1hdG8gZG8gYXJxdWl2byBwYXJhIHByb3DDs3NpdG9zIGRlIHByZXNlcnZhw6fDo28gZGlnaXRhbCwgZGUgYWNlc3NpYmlsaWRhZGUgZSBkZSBtZWxob3IgaWRlbnRpZmljYcOnw6NvIGRvIHRyYWJhbGhvIHN1Ym1ldGlkbywgZGVzZGUgcXVlIG7Do28gc2VqYSBhbHRlcmFkbyBzZXUgY29udGXDumRvIGludGVsZWN0dWFsLgoKQW8gY29uY2x1aXIgYXMgZXRhcGFzIGRvIHByb2Nlc3NvIGRlIHN1Ym1pc3PDo28gZGUgYXJxdWl2b3Mgbm8gUmVwb3NpdMOzcmlvIEluc3RpdHVjaW9uYWwgVU5JRkVTUCwgYXRlc3RvIHF1ZSBsaSBlIGNvbmNvcmRlaSBpbnRlZ3JhbG1lbnRlIGNvbSBvcyB0ZXJtb3MgYWNpbWEgZGVsaW1pdGFkb3MsIHNlbSBmYXplciBxdWFscXVlciByZXNlcnZhIGUgbm92YW1lbnRlIGNvbmZpcm1hbmRvIHF1ZSBjdW1wcm8gb3MgcmVxdWlzaXRvcyBpbmRpY2Fkb3Mgbm9zIGl0ZW5zIG1lbmNpb25hZG9zIGFudGVyaW9ybWVudGUuCgpIYXZlbmRvIHF1YWxxdWVyIGRpc2NvcmTDom5jaWEgZW0gcmVsYcOnw6NvIGEgcHJlc2VudGUgbGljZW7Dp2Egb3UgbsOjbyBzZSB2ZXJpZmljYW5kbyBvIGV4aWdpZG8gbm9zIGl0ZW5zIGFudGVyaW9yZXMsIHZvY8OqIGRldmUgaW50ZXJyb21wZXIgaW1lZGlhdGFtZW50ZSBvIHByb2Nlc3NvIGRlIHN1Ym1pc3PDo28uIEEgY29udGludWlkYWRlIGRvIHByb2Nlc3NvIGVxdWl2YWxlIMOgIGNvbmNvcmTDom5jaWEgZSDDoCBhc3NpbmF0dXJhIGRlc3RlIGRvY3VtZW50bywgY29tIHRvZGFzIGFzIGNvbnNlcXXDqm5jaWFzIG5lbGUgcHJldmlzdGFzLCBzdWplaXRhbmRvLXNlIG8gc2lnbmF0w6FyaW8gYSBzYW7Dp8O1ZXMgY2l2aXMgZSBjcmltaW5haXMgY2FzbyBuw6NvIHNlamEgdGl0dWxhciBkb3MgZGlyZWl0b3MgYXV0b3JhaXMgcGF0cmltb25pYWlzIGUvb3UgY29uZXhvcyBhcGxpY8OhdmVpcyDDoCBPYnJhIGRlcG9zaXRhZGEgZHVyYW50ZSBlc3RlIHByb2Nlc3NvLCBvdSBjYXNvIG7Do28gdGVuaGEgb2J0aWRvIHByw6l2aWEgZSBleHByZXNzYSBhdXRvcml6YcOnw6NvIGRvIHRpdHVsYXIgcGFyYSBvIGRlcMOzc2l0byBlIHRvZG9zIG9zIHVzb3MgZGEgT2JyYSBlbnZvbHZpZG9zLgoKU2UgdGl2ZXIgcXVhbHF1ZXIgZMO6dmlkYSBxdWFudG8gYW9zIHRlcm1vcyBkZSBsaWNlbmNpYW1lbnRvIGUgcXVhbnRvIGFvIHByb2Nlc3NvIGRlIHN1Ym1pc3PDo28sIGVudHJlIGVtIGNvbnRhdG8gY29tIGEgYmlibGlvdGVjYSBkbyBzZXUgY2FtcHVzIChjb25zdWx0ZSBlbTogaHR0cHM6Ly9iaWJsaW90ZWNhcy51bmlmZXNwLmJyL2JpYmxpb3RlY2FzLWRhLXJlZGUpLiAKClPDo28gUGF1bG8sIFR1ZSBKdWwgMTMgMjE6Mzg6MzYgQlJUIDIwMjEuCgo=
dc.title.pt_BR.fl_str_mv Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros
dc.title.alternative.pt_BR.fl_str_mv Data Security in LoRaWAN Network with Third-Party Network Server
title Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros
spellingShingle Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros
de Moraes, Poliana [UNIFESP]
LoRaWAN
Security
Internet of Things
title_short Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros
title_full Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros
title_fullStr Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros
title_full_unstemmed Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros
title_sort Segurança Cibernética de Dados em Redes LoRaWAN com Servidores de Rede de Terceiros
author de Moraes, Poliana [UNIFESP]
author_facet de Moraes, Poliana [UNIFESP]
author_role author
dc.contributor.advisor-coLattes.pt_BR.fl_str_mv http://lattes.cnpq.br/2934786440085983
dc.contributor.advisorLattes.pt_BR.fl_str_mv http://lattes.cnpq.br/1725477351660877
dc.contributor.authorLattes.pt_BR.fl_str_mv http://lattes.cnpq.br/4759215146674764
dc.contributor.author.fl_str_mv de Moraes, Poliana [UNIFESP]
dc.contributor.advisor1.fl_str_mv da Conceição, Arlindo Flavio
dc.contributor.advisor-co1.fl_str_mv Batista, Daniel
contributor_str_mv da Conceição, Arlindo Flavio
Batista, Daniel
dc.subject.por.fl_str_mv LoRaWAN
Security
Internet of Things
topic LoRaWAN
Security
Internet of Things
description The age of the Internet of Things is daily bringing the connection of new devices to the Internet, expecting fifty billion units by 2021. Internet of Things devices are nowadays one of the most relevant targets as an entrance for security attacks. LoRaWAN is a new wide-area wireless network technology used in Internet of Things long-range communication and it is specified to provide high data security resilience using end-to-end encryption. LoRaWAN application is a system of a system concept, and a commercial solution is usually shared with numerous parties. Then, LoRaWAN applications can operate with a third-party network server that can not be assumed as a trusted entity. In that scenario, the data can undergo an integrity attack. As the network server owns the network session key, the payload encryption is done using a XOR operation and the protocol specification is opened allowing to determine easily the data location. Furthermore, in a LoRaWAN specification version 1.0, the network server also knows the parameters to calculate an application session key that allows the network server to perform a confidentiality attack. This study aims to develop a security mechanism to improve data security resilience in LoRaWAN applications that use third-party network servers. Following that objective, an Internet of Things system was designed based on the LoRaWAN specification version 1.0. A prototype was built with Radioenge LoRa communication components in end device and gateway. The Things Network server was applied as network and application server. A risk assessment was executed to demonstrate the hazards of third-party network servers in data security. To mitigate the identified risks against unauthorized data access, a proprietary payload is proposed to be included in the application layer. The proprietary payload is formed by the data and the 4 last bytes of its SHA256 hash to delivery integrity in the application layer. Finally, the entire payload is encrypted by AES-CTR to provide confidentiality to the integrity parameter. To be easily reused in end devices of LoRaWAN applications, the proposed security mechanism was encapsulated in a library, and it is available in https://github.com/polimoraes/LoRaWANDataSecurity. In conclusion, when LoRaWAN is implemented with third-party network servers, it is essential to include additional security mechanisms to increase data security resilience, and the security mechanism developed in this work can provide resilience to LoRaWAN applications complied with 1.0 and 1.1 specification versions.
publishDate 2021
dc.date.accessioned.fl_str_mv 2021-07-16T13:58:51Z
dc.date.available.fl_str_mv 2021-07-16T13:58:51Z
dc.date.issued.fl_str_mv 2021-06-10
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://repositorio.unifesp.br/handle/11600/61279
dc.identifier.dark.fl_str_mv ark:/48912/001300002t9b6
url https://repositorio.unifesp.br/handle/11600/61279
identifier_str_mv ark:/48912/001300002t9b6
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv 103 f.
dc.coverage.spatial.pt_BR.fl_str_mv Online
dc.publisher.none.fl_str_mv Universidade Federal de São Paulo
publisher.none.fl_str_mv Universidade Federal de São Paulo
dc.source.none.fl_str_mv reponame:Repositório Institucional da UNIFESP
instname:Universidade Federal de São Paulo (UNIFESP)
instacron:UNIFESP
instname_str Universidade Federal de São Paulo (UNIFESP)
instacron_str UNIFESP
institution UNIFESP
reponame_str Repositório Institucional da UNIFESP
collection Repositório Institucional da UNIFESP
bitstream.url.fl_str_mv https://repositorio.unifesp.br/bitstreams/b9b72811-e13a-47f5-952f-f634d6a2c0e4/download
https://repositorio.unifesp.br/bitstreams/0b1a49fe-1188-4d0f-8cfd-a41b0f893823/download
https://repositorio.unifesp.br/bitstreams/58cf05e2-212d-4acf-b1f4-b77f6d7037dc/download
https://repositorio.unifesp.br/bitstreams/73af8372-1409-4134-8090-512212f653cf/download
bitstream.checksum.fl_str_mv 9c7ed6b83bb18ff55f18232e5652f61f
73e095b12c643c8770857a151d3bb57a
d41d93afd3595598e499ab01b23d5ace
219dacb9972f56f15e9ba09fdaedb19c
bitstream.checksumAlgorithm.fl_str_mv MD5
MD5
MD5
MD5
repository.name.fl_str_mv Repositório Institucional da UNIFESP - Universidade Federal de São Paulo (UNIFESP)
repository.mail.fl_str_mv biblioteca.csp@unifesp.br
_version_ 1863846501781864448

Registros relacionados