Security Vulnerabilities in LPWANs—An Attack Vector Analysis for the IoT Ecosystem

Abstract

Due to its pervasive nature, the Internet of Things (IoT) is demanding for Low Power Wide Area Networks (LPWAN) since wirelessly connected devices need battery-efficient and long-range communications. Due to its low-cost and high availability (regional/city level scale), this type of network has been widely used in several IoT applications, such as Smart Metering, Smart Grids, Smart Buildings, Intelligent Transportation Systems (ITS), SCADA Systems. By using LPWAN technologies, the IoT devices are less dependent on common and existing infrastructure, can operate using small, inexpensive, and long-lasting batteries (up to 10 years), and can be easily deployed within wide areas, typically above 2 km in urban zones. The starting point of this work was an overview of the security vulnerabilities that exist in LPWANs, followed by a literature review with the main goal of substantiating an attack vector analysis specifically designed for the IoT ecosystem. This methodological approach resulted in three main contributions: (i) a systematic review regarding cybersecurity in LPWANs with a focus on vulnerabilities, threats, and typical defense strategies; (ii) a state-of-the-art review on the most prominent results that have been found in the systematic review, with focus on the last three years; (iii) a security analysis on the recent attack vectors regarding IoT applications using LPWANs. Results have shown that LPWANs communication technologies contain security vulnerabilities that can lead to irreversible harm in critical and non-critical IoT application domains. Also, the conception and implementation of up-to-date defenses are relevant to protect systems, networks, and data.