Abstract
With the contrast of limited performance and big responsibility of IoT devices, potential security breaches can have serious impacts in means of safety and privacy. Potential consequences of attacks on IoT devices could be leakage of individuals daily habits and political decisions being influenced. While the consequences might not be avoidable in their entirety, adequate knowledge is a fundamental part of realizing the importance of IoT security and during the assessment of damages following a breach. This chapter will focus on two low-powered wide area network (LPWAN) technologies, narrow-band iot (NB-IoT) and long-range wide area network (LoRaWAN). Further, three use cases will be considered—healthcare, smart cities, and industry—which all to some degree rely on IoT devices. It is shown that with enough knowledge of possible attacks and their corresponding implications, more secure IoT systems can be developed.
TopBackground
This section will provide a fundamental explanation about IoT, general information about NB-IoT and LoRaWAN, and some fundamental knowledge about the Confidentiality, Integrity, and Availability (CIA) model and cyber-attacks.
Key Terms in this Chapter
LoRa: A proprietary Long-Range LPWAN radio communication technology which uses CSS (Chirp Spread Spectrum) modulation and offers communications up to 100 kms and a battery lifetime of 10 years.
Narrow-Band IoT (NB-IoT): Uses existing licensed frequency bands and can coexist with GSM and LTE. It is focused on very low data rates and is ideal for simpler sensor applications while LTE supports devices that need to communicate in real-time.
Public Key Cryptography (PKC): Also known as asymmetric cryptography, is a class of cryptographic algorithms that uses pairs of keys: A public key that everyone can know and a private key that is only known by one entity.
LPWAN: Low-Powered Wide Area Network, which allows long-range networking for low-powered IoT devices.
Man-in-the-Middle Attacks (MITM): In this kind of cyber-attack, an attacker intercepts the incoming transmission (data, or packets) to a victim node, fulfills the desired task (copying or altering the data) and then re-transmits the data to the intended victim.
Denial of Service Attacks (DoS): In this type of cyber-attack, targeted victim (server, service, etc.) is overwhelmed by the fake requests (such as fabricated user queries), so that it is prevented from serving the legit requests (such as the queries resulting from real users).