University of Oulu

Pospisil, O.; Fujdiak, R.; Mikhaylov, K.; Ruotsalainen, H.; Misurec, J. Testbed for LoRaWAN Security: Design and Validation through Man-in-the-Middle Attacks Study. Appl. Sci. 2021, 11, 7642.

Testbed for LoRaWAN security : design and validation through man-in-the-middle attacks study

Saved in:
Author: Pospisil, Ondrej1; Fujdiak, Radek1; Mikhaylov, Konstantin2;
Organizations: 1Department of Telecommunications, Faculty of Electrical Engineering and Communication, Brno University of Technology, Technicka 12, 61600 Brno, Czech Republic
2Centre for Wireless Communications, University of Oulu, Erkki Koiso-Kanttilan katu 3, 90014 Oulu, Finland
3Institute of IT Security Research, St. Pölten University of Applied Sciences, Campus-Platz 1, 3100 St. Pölten, Austria
Format: article
Version: published version
Access: open
Online Access: PDF Full Text (PDF, 9.8 MB)
Persistent link:
Language: English
Published: Multidisciplinary Digital Publishing Institute, 2021
Publish Date: 2021-08-27


The low-power wide-area (LPWA) technologies, which enable cost and energy-efficient wireless connectivity for massive deployments of autonomous machines, have enabled and boosted the development of many new Internet of things (IoT) applications; however, the security of LPWA technologies in general, and specifically those operating in the license-free frequency bands, have received somewhat limited attention so far. This paper focuses specifically on the security and privacy aspects of one of the most popular license-free-band LPWA technologies, which is named LoRaWAN. The paper’s key contributions are the details of the design and experimental validation of a security-focused testbed, based on the combination of software-defined radio (SDR) and GNU Radio software with a standalone LoRaWAN transceiver. By implementing the two practical man-in-the-middle attacks (i.e., the replay and bit-flipping attacks through intercepting the over-the-air activation procedure by an external to the network attacker device), we demonstrate that the developed testbed enables practical experiments for on-air security in real-life conditions. This makes the designed testbed perspective for validating the novel security solutions and approaches and draws attention to some of the relevant security challenges extant in LoRaWAN.

see all

Series: Applied sciences
ISSN: 2076-3417
ISSN-E: 2076-3417
ISSN-L: 2076-3417
Volume: 11
Issue: 16
Article number: 7642
DOI: 10.3390/app11167642
Type of Publication: A1 Journal article – refereed
Field of Science: 213 Electronic, automation and communications engineering, electronics
Funding: The research was funded by the Technology Agency of the Czech Republic under Grant reg. No. TK02030013. The work of K.M. was also supported by the Academy of Finland 6Genesis Flagship under Grant No. 318927.
Academy of Finland Grant Number: 318927
Detailed Information: 318927 (Academy of Finland Funding decision)
Copyright information: © 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (