Discovery privacy threats via device de-anonymization in LoRaWAN

Pietro Spadaccino, D. Garlisi, F. Cuomo, Giorgio Pillon, Patrizio Pisani
{"title":"Discovery privacy threats via device de-anonymization in LoRaWAN","authors":"Pietro Spadaccino, D. Garlisi, F. Cuomo, Giorgio Pillon, Patrizio Pisani","doi":"10.1109/MedComNet52149.2021.9501247","DOIUrl":null,"url":null,"abstract":"LoRaWAN (Long Range WAN) is one of the well-known emerging technologies for the Internet of Things (IoT). Many IoT applications involve simple devices that transmit their data toward network gateways or access points that, in turn, redirect the data to application servers. While several security issues have been faced in the LoRaWAN v1.1 specification from the very beginning, there are still some aspects that may undermine the privacy and the security of the IoT devices. In this paper we tackle the privacy aspect in the LoRaWAN device identity. The proposed approach, by monitoring the traffic of a LoRaWAN Network, is able to derive, in a probabilistic way, the unique identifier of the device from the temporal address assigned from the network. In other words, the method identifies the relationship between the LoRaWAN DevAddress and the device manufacturer DevEUI. The proposed approach, named DEVIL (DEVice Identification and privacy Leakage), is based on temporal patterns arising in the packet transmissions by LoRaWAN devices, and it is evaluated on the dataset extracted from real applications scenario deployed in Italy by a network operator. The results of our analysis show how device identification, during the time, can expose users to privacy leakage.","PeriodicalId":272937,"journal":{"name":"2021 19th Mediterranean Communication and Computer Networking Conference (MedComNet)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 19th Mediterranean Communication and Computer Networking Conference (MedComNet)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MedComNet52149.2021.9501247","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8

Abstract

LoRaWAN (Long Range WAN) is one of the well-known emerging technologies for the Internet of Things (IoT). Many IoT applications involve simple devices that transmit their data toward network gateways or access points that, in turn, redirect the data to application servers. While several security issues have been faced in the LoRaWAN v1.1 specification from the very beginning, there are still some aspects that may undermine the privacy and the security of the IoT devices. In this paper we tackle the privacy aspect in the LoRaWAN device identity. The proposed approach, by monitoring the traffic of a LoRaWAN Network, is able to derive, in a probabilistic way, the unique identifier of the device from the temporal address assigned from the network. In other words, the method identifies the relationship between the LoRaWAN DevAddress and the device manufacturer DevEUI. The proposed approach, named DEVIL (DEVice Identification and privacy Leakage), is based on temporal patterns arising in the packet transmissions by LoRaWAN devices, and it is evaluated on the dataset extracted from real applications scenario deployed in Italy by a network operator. The results of our analysis show how device identification, during the time, can expose users to privacy leakage.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
LoRaWAN中通过设备去匿名化发现隐私威胁
LoRaWAN (Long Range WAN)是物联网(IoT)的新兴技术之一。许多物联网应用涉及简单的设备,这些设备将数据传输到网络网关或接入点,进而将数据重定向到应用服务器。虽然LoRaWAN v1.1规范从一开始就面临着一些安全问题,但仍有一些方面可能会破坏物联网设备的隐私和安全性。本文主要研究LoRaWAN设备身份认证中的隐私问题。该方法通过监测LoRaWAN网络的流量,能够以概率方式从网络分配的时间地址中导出设备的唯一标识符。也就是说,该方法识别了LoRaWAN DevAddress与设备制造商DevEUI之间的关系。提出的方法名为DEVIL(设备识别和隐私泄漏),它基于LoRaWAN设备在数据包传输中产生的时间模式,并在意大利网络运营商部署的真实应用场景中提取的数据集上进行了评估。我们的分析结果表明,在此期间,设备识别如何使用户暴露于隐私泄露。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
From PLATO to Platoons Reputation-Based Spectrum Data Fusion against Falsification Attacks in Cognitive Networks Passive Device-Free Multi-Point CSI Localization and Its Obfuscation with Randomized Filtering Combined Spatial Division Multiplexing and Spatial Reuse across Decentral Wireless LANs Geolocation-based Sector Selection for Vehicle-to-Infrastructure 802.11ad Communication
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1