Back to Search Start Over

Discovery privacy threats via device de-anonymization in LoRaWAN

Authors :
Francesca Cuomo
Patrizio Pisani
Giorgio Pillon
Pietro Spadaccino
Domenico Garlisi
Spadaccino P.
Garlisi D.
Cuomo F.
Pillon G.
Pisani P.
Source :
19th Mediterranean Communication and Computer Networking Conference (MedComNet), Computer Communications, MedComNet, 2021 19th Mediterranean Communication and Computer Networking Conference (MedComNet)
Publication Year :
2022
Publisher :
Elsevier BV, 2022.

Abstract

LoRaWAN (Long Range WAN) is one of the well-known emerging technologies for the Internet of Things (IoT). Many IoT applications involve simple devices that transmit their data toward network gateways or access points that, in their turn, redirect data to application servers. While several security issues have been addressed in the LoRaWAN specification v1.1, there are still some aspects that may undermine privacy and security of the interconnected IoT devices. In this paper, we tackle a privacy aspect related to LoRaWAN device identity. The proposed approach, by monitoring the network traffic in LoRaWAN, is able to derive, in a probabilistic way, the unique identifier of the IoT device from the temporal address assigned by the network. In other words, the method identifies the relationship between the LoRaWAN DevAddress and the device manufacturer DevEUI. The proposed approach, named DEVIL (DEVice Identification and privacy Leakage), is based on temporal patterns arising in the packets transmissions. The paper presents also a detailed study of two real datasets: i) one derived by IoT devices interconnected to a prominent network operator in Italy; ii) one taken from the literature (the LoED dataset in Bhatia et al. (2020)). DEVIL is evaluated on the first dataset while the second is analyzed to support the hypothesis under the DEVIL operation. The results of our analysis, compared with other literature approaches, show how device identification through DEVIL can expose IoT devices to privacy leakage. Finally, the paper also provides some guidelines to mitigate the user re-identification threats.

Details

ISBN :
978-1-66543-590-1
ISSN :
01403664
ISBNs :
9781665435901
Volume :
189
Database :
OpenAIRE
Journal :
Computer Communications
Accession number :
edsair.doi.dedup.....e8b2075ed2f9471e6d636ff0851d7c35
Full Text :
https://doi.org/10.1016/j.comcom.2022.02.017