LoRaWAN is an IoT protocol deployed worldwide. Whereas the first version 1.0 has been shown to be weak against several types of attacks, the new version 1.1 has been recently released, and aims, in particular, at providing corrections to the previous release. It introduces also a third entity, turning the original 2-party protocol into a 3-party protocol. In this paper, we provide the first security analysis of LoRaWANÂ 1.1 in its 3-party setting with a provable approach, and show that it suffers from several flaws. Based on the 3(S)ACCE model of Bhargavan et al., we then propose an extended framework that we use to analyse the security of LoRaWAN-like 3-party protocols, and describe a generic 3-party protocol provably secure in this extended model. We use this provable security approach to propose a slightly modified version of LoRaWANÂ 1.1. We show how to concretely instantiate this alternative, and formally prove its security in our extended model.
CITATION STYLE
Canard, S., & Ferreira, L. (2019). Extended 3-party ACCE and application to LoRaWAN 1.1. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11627 LNCS, pp. 21–38). Springer Verlag. https://doi.org/10.1007/978-3-030-23696-0_2
Mendeley helps you to discover research relevant for your work.