The Design of Security Framework for LoRaWAN FUOTA

Nur Hayati

doi:10.18196/jet.v7i2.22360

The Design of Security Framework for LoRaWAN FUOTA

Authors

Nur Hayati Department of Electrical Engineering, Faculty of Engineering, Universitas Muhammadiyah Yogyakarta

DOI:

https://doi.org/10.18196/jet.v7i2.22360

Keywords:

LoRaWAN, FUOTA, Security, Framework, IoT

Abstract

This research outlines a comprehensive security framework for LoRaWAN Firmware Updates Over-The-Air (FUOTA), which is essential for ensuring the reliability of IoT devices in critical infrastructures. It addresses multiple security threats specific to the wireless transmission of firmware updates, initiating an assessment of the vulnerabilities faced by the LoRaWAN FUOTA process. The framework incorporates several security measures, including secure transmission using lightweight encryption to maintain data confidentiality, robust authentication and authorization strategies to prevent unauthorized access, and digital signatures for integrity verification to ensure only authentic firmware updates are installed. It also includes anti-replay measures like sequence numbers and timestamps to protect against replay attacks and emphasizes efficient resource management to optimize power and computational resources for IoT devices. Additionally, secure multicast management techniques are employed to handle the challenges of simultaneously distributing updates to multiple devices. The framework provides an integrated and detailed approach to enhancing the security and operational efficiency of LoRaWAN FUOTA, making it an invaluable resource for practitioners and researchers in the field.

References

J. Catalano, “LoRaWAN Firmware Update Over-The-Air (FUOTA),” JICTS, Apr. 2021, doi: 10.13052/jicts2245-800X.913.

M. Pule and A. M. Abu-Mahfouz, “Firmware Updates Over the Air Mechanisms for Low Power Wide Area Networks: A Review,” in 2019 International Multidisciplinary Information Technology and Engineering Conference (IMITEC), Vanderbijlpark, South Africa: IEEE, Nov. 2019, pp. 1–7. doi: 10.1109/IMITEC45504.2019.9015851.

N. Sornin, “LoRaWAN®: Firmware Updates Over-the-Air,” 2020.

K. Abdelfadeel, T. Farrell, D. McDonald, and D. Pesch, “How to Make Firmware Updates over LoRaWAN Possible,” in 2020 IEEE 21st International Symposium on “A World of Wireless, Mobile and Multimedia Networks” (WoWMoM), Cork, Ireland: IEEE, Aug. 2020, pp. 16–25. doi: 10.1109/WoWMoM49955.2020.00018.

C. Nicolas, B. Naila, and R.-C. Amar, “Energy efficient Firmware Over The Air Update for TinyML models in LoRaWAN agricultural networks,” in 2022 32nd International Telecommunication Networks and Applications Conference (ITNAC), Wellington, New Zealand: IEEE, Nov. 2022, pp. 21–27. doi: 10.1109/ITNAC55475.2022.9998338.

S. El Jaouhari, “Toward a Secure Firmware OTA Updates for constrained IoT devices,” in 2022 IEEE International Smart Cities Conference (ISC2), Pafos, Cyprus: IEEE, Sep. 2022, pp. 1–6. doi: 10.1109/ISC255366.2022.9922087.

W. Mao et al., “Reliable and Energy-Efficient Reprogramming for Smart LoRaWAN,” in 2023 IEEE Smart World Congress (SWC), Portsmouth, United Kingdom: IEEE, Aug. 2023, pp. 1–8. doi: 10.1109/SWC57546.2023.10449002.

A. Anastasiou, P. Christodoulou, K. Christodoulou, V. Vassiliou, and Z. Zinonos, “IoT Device Firmware Update over LoRa: The Blockchain Solution,” in 2020 16th International Conference on Distributed Computing in Sensor Systems (DCOSS), Marina del Rey, CA, USA: IEEE, May 2020, pp. 404–411. doi: 10.1109/DCOSS49796.2020.00070.

N. Hayati, S. Windarta, M. Suryanegara, B. Pranggono, and K. Ramli, “A Novel Session Key Update Scheme for LoRaWAN,” IEEE Access, vol. 10, pp. 89696–89713, 2022, doi: 10.1109/ACCESS.2022.3200397.

N. Hayati, K. Ramli, M. Suryanegara, and Y. Suryanto, “Potential Development of AES 128-bit Key Generation for LoRaWAN Security,” in 2019 2nd International Conference on Communication Engineering and Technology (ICCET), Nagoya, Japan: IEEE, Apr. 2019, pp. 57–61. doi: 10.1109/ICCET.2019.8726884.

J. Qadir, I. Butun, P. Gastaldo, O. Aiello, and D. D. Caviglia, “Mitigating Cyber Attacks in LoRaWAN via Lightweight Secure Key Management Scheme,” IEEE Access, vol. 11, pp. 68301–68315, 2023, doi: 10.1109/ACCESS.2023.3291420.

N. Hayati, K. Ramli, S. Windarta, and M. Suryanegara, “A Novel Secure Root Key Updating Scheme for LoRaWANs Based on CTR_AES DRBG 128,” IEEE Access, vol. 10, pp. 18807–18819, 2022, doi: 10.1109/ACCESS.2022.3150281.

D. K. Nilsson and U. E. Larson, “Secure Firmware Updates over the Air in Intelligent Vehicles,” in ICC Workshops - 2008 IEEE International Conference on Communications Workshops, Beijing, China: IEEE, May 2008, pp. 380–384. doi: 10.1109/ICCW.2008.78.

J. Navarro-Ortiz, N. Chinchilla-Romero, F. Delgado-Ferro, and J. J. Ramos-Munoz, “A LoRaWAN Network Architecture with MQTT2MULTICAST,” Electronics, vol. 11, no. 6, p. 872, Mar. 2022, doi: 10.3390/electronics11060872.

F. Samiullah, M.-L. Gan, S. Akleylek, and Y. Aun, “Group Key Management in Internet of Things: A Systematic Literature Review,” IEEE Access, vol. 11, pp. 77464–77491, 2023, doi: 10.1109/ACCESS.2023.3298024.

Downloads

Published

2024-05-21

How to Cite

Hayati, N. (2024). The Design of Security Framework for LoRaWAN FUOTA. Journal of Electrical Technology UMY, 7(2), 82–88. https://doi.org/10.18196/jet.v7i2.22360

Download Citation

Issue

Vol. 7 No. 2 (2023): December

Section

Articles

License

Copyright

The Authors submitting a manuscript do so on the understanding that if accepted for publication, copyright of the article shall be assigned to Journal of Electrical Technology UMY. Copyright encompasses rights to reproduce and deliver the article in all form and media, including reprints, photographs, microfilms, and any other similar reproductions, as well as translations.

Authors should sign Copyright Transfer Agreement when they have approved the final proofs sent by the journal prior the publication. JET UMY strives to ensure that no errors occur in the articles that have been published, both data errors and statements in the article.

JET UMY keep the rights to articles that have been published. Authors are permitted to disseminate published article by sharing the link of JET UMY website. Authors are allowed to use their works for any purposes deemed necessary without written permission from JET UMY with an acknowledgement of initial publication in this journal.

License

All articles published in JET UMY are licensed under a Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA) license. You are free to:

Share — copy and redistribute the material in any medium or format
Adapt — remix, transform, and build upon the material for any purpose, even commercially.

The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms:

Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.