short-paper

Device Re-identification in LoRaWAN through Messages Linkage

Authors:
Samuel Pélissier

University of Lyon, INSA-Lyon, Inria, CITI Lab., Lyon, France

University of Lyon, INSA-Lyon, Inria, CITI Lab., Lyon, France
View Profile

,
Mathieu Cunche

University of Lyon, INSA-Lyon, Inria, CITI Lab., Lyon, France

University of Lyon, INSA-Lyon, Inria, CITI Lab., Lyon, France
View Profile

,
Vincent Roca

University Grenoble Alpes, Inria, Grenoble, France

University Grenoble Alpes, Inria, Grenoble, France
View Profile

,
Didier Donsez

University Grenoble Alpes, LIG, Grenoble, France

University Grenoble Alpes, LIG, Grenoble, France
View Profile

WiSec '22: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile NetworksMay 2022Pages 98–103https://doi.org/10.1145/3507657.3528556

Published:16 May 2022Publication History

WiSec '22: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Pages 98–103

ABSTRACT

In LoRaWAN networks, devices are identified by two identifiers: a globally unique and stable one called DevEUI, and an ephemeral and randomly assigned pseudonym called DevAddr. The association between those identifiers is only known by the network and join servers, and is not available to a passive eavesdropper.

In this work, we consider the problem of linking the DevAddr with the corresponding DevAddr based on passive observation of the LoRa traffic transmitted over the air. Leveraging metadata exposed in LoRa frames, we devise a technique to link two messages containing respectively the DevEUI and the DevAddr, thus identifying the link between those identifiers. The approach is based on machine learning algorithms using various pieces of information including timing, signal strength, and fields of the frames. Based on an evaluation using a real-world dataset of 11 million messages, with ground truth available, we show that multiple machine learning models are able to reliably link those identifiers. The best of them achieves an impressive true positive rate of over 0.8 and a false positive rate of 0.001.

References

Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, and Selcuk Uluagac. 2020. Peek-a-Boo: i See Your Smart Home Activities, Even Encrypted!. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM. https://doi.org/10.1145/3395351.3399421Google ScholarDigital Library
Lucas Ancian and Mathieu Cunche. 2020. Re-identifying addresses in LoRaWAN networks. Unpublished Research Report. Inria Rhône-Alpes; INSA de Lyon. https://hal.inria.fr/hal-02926894Google Scholar
Noah Apthorpe, Danny Yuxing Huang, Dillon Reisman, Arvind Narayanan, and Nick Feamster. 2019. Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping. Proceedings on Privacy Enhancing Technologies, Vol. 2019, 3 (July 2019), 128--148. https://doi.org/10.2478/popets-2019-0040Google ScholarCross Ref
Emekcan Aras, Nicolas Small, Gowri Sankar Ramachandran, Stéphane Delbruel, Wouter Joosen, and Danny Hughes. 2017Selective Jamming of LoRaWAN using Commodity Hardware. In Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services. ACM, 363--372. https://doi.org/10.1145/3144457.3144478Google ScholarDigital Library
Johannes K Becker, David Li, and David Starobinski. 2019. Tracking Anonymized Bluetooth Devices. Proceedings on Privacy Enhancing Technologies, Vol. 2019, 3 (July 2019), 50--65. https://doi.org/10.2478/popets-2019-0036Google ScholarCross Ref
Davide Chicco and Giuseppe Jurman. 2020. The Advantages of the Matthews Correlation Coefficient (MCC ) over F1 Score and Accuracy in Binary Classification Evaluation. BMC Genomics, Vol. 21, 1 (Dec. 2020), 6. https://doi.org/10.1186/s12864-019-6413-7Google ScholarCross Ref
LoRa Alliance Technical Committee. 2017. LoRaWAN ® Specification v1.1.Google Scholar
Bogdan Copos, Karl Levitt, Matt Bishop, and Jeff Rowe. 2016. Is Anybody Home? Inferring Activity From Smart Home Network Traffic. In 2016 IEEE Security and Privacy Workshops (SPW). IEEE, 245--251. https://doi.org/10.1109/SPW.2016.48Google Scholar
Rachel L. Finn, David Wright, and Michael Friedewald. 2013. Seven Types of Privacy. In European Data Protection: Coming of Age. https://doi.org/10.1007/978-94-007-5170-5_1Google Scholar
Dalton A. Hahn, Arslan Munir, and Vahid Behzadan. 2021. Security and Privacy Issues in Intelligent Transportation Systems: Classification and Challenges. IEEE Intell. Transp. Syst. Mag., Vol. 13, 1 (2021), 181--196.Google ScholarCross Ref
Jetmir Haxhibeqiri, Eli De Poorter, Ingrid Moerman, and Jeroen Hoebeke. 2018. A Survey of LoRaWAN for IoT: From Technology to Application. Sensors, Vol. 18, 11 (Nov. 2018), 3995. https://doi.org/10.3390/s18113995Google ScholarCross Ref
Guolin Ke, Qi Meng, Thomas Finley, Taifeng Wang, Wei Chen, Weidong Ma, Qiwei Ye, and Tie-Yan Liu. 2017. Lightgbm: A Highly Efficient Gradient Boosting Decision Tree. Advances in neural information processing systems, Vol. 30 (2017), 3146--3154.Google Scholar
Ron Kohavi. 1995. A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection. In Ijcai, Vol. 14. 1137--1145.Google ScholarDigital Library
Patrick Leu, Ivan Puddu, Aanjhan Ranganathan, and Srdjan Čpkun. 2018. I Send, Therefore I Leak: Information Leakage in Low-Power Wide Area Networks. In Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks - WiSec '18. https://doi.org/10.1145/3212480.3212508Google ScholarDigital Library
Norbert Ludant, Tien D. Vo-Huu, Sashank Narain, and Guevara Noubir. 2021. Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 1318--1331. https://doi.org/10.1109/SP40001.2021.00102Google Scholar
Jeremy Martin, Erik Rye, and Robert Beverly. 2016. Decomposition of MAC address structure for granular device inference. In Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM, 78--88. https://doi.org/10.1145/2991079.2991098Google ScholarDigital Library
F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. 2011. Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research, Vol. 12 (2011), 2825--2830.Google ScholarDigital Library
Toni Perković, Hrvoje Rude?, Slaven Damjanović, and Antun Nakić. 2021. Low-Cost Implementation of Reactive Jammer on LoRaWAN Network. Electronics, Vol. 10, 7 (April 2021), 864. https://doi.org/10.3390/electronics10070864Google ScholarCross Ref
Pieter Robyns, Eduard Marin, Wim Lamotte, Peter Quax, Dave Singelée, and Bart Preneel. 2017. Physical-Layer Fingerprinting of LoRa Devices Using Supervised and Zero-Shot Learning. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 58--63. https://doi.org/10.1145/3098243.3098267Google ScholarDigital Library
Juan D. Rodriguez, Aritz Perez, and Jose A. Lozano. 2009. Sensitivity Analysis of K-Fold Cross Validation in Prediction Error Estimation. IEEE transactions on pattern analysis and machine intelligence, Vol. 32, 3 (2009), 569--575.Google Scholar
Pietro Spadaccino, Domenico Garlisi, Francesca Cuomo, Giorgio Pillon, and Patrizio Pisani. 2021. Discovery Privacy Threats via Device De-Anonymization in LoRaWAN. In 19th Mediterranean Communication and Computer Networking Conference. 1--8. https://doi.org/10.1109/MedComNet52149.2021.9501247Google ScholarCross Ref
Nuno Torres, Pedro Pinto, and Sérgio Ivan Lopes. 2021. Security Vulnerabilities in LPWANs -- An Attack Vector Analysis for the IoT Ecosystem. Applied Sciences, Vol. 11, 7 (Jan. 2021), 3176. https://doi.org/10.3390/app11073176Google ScholarCross Ref
Mathy Vanhoef, Célestin Matte, Mathieu Cunche, Leonardo S. Cardoso, and Frank Piessens. 2016. Why MAC Address Randomization is Not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS '16). ACM, 413--424. https://doi.org/10.1145/2897845.2897883Google ScholarDigital Library
Sanjay Yadav and Sanyam Shukla. 2016. Analysis of K-Fold Cross-Validation over Hold-out Validation on Colossal Datasets for Quality Classification. In 2016 IEEE 6th International Conference on Advanced Computing (IACC ). IEEE, 78--83.Google ScholarCross Ref

Index Terms

Device Re-identification in LoRaWAN through Messages Linkage

Recommendations

When LoRaWAN Frames Collide
WiNTECH '18: Proceedings of the 12th International Workshop on Wireless Network Testbeds, Experimental Evaluation & Characterization

LoRa, an abbreviation of Long Range, is a Low-Power Wide Area Network (LPWAN) radio technology that has quickly gained popularity as a communications means for the Internet-of-Things (IoT). LoRa is typically used together with the MAC protocol LoRaWAN ...
Read More
LoRaWAN SCHC Fragmentation Demystified
Ad-Hoc, Mobile, and Wireless Networks
Abstract
Low Power Wide Area Networks (LPWANs) have emerged as new networks for Internet of Things (IoT). LPWANs are characterized by long-range communications and low energy consumption. Furthermore, LPWAN technologies have a small data unit and do not ...
Read More
On the Performance of LoRaWAN in Smart City: End-Device Design and Communication Coverage
Distributed Computer and Communication Networks
Abstract
Expected communication scenarios within the emerging landscape of Internet of Things (IoT) bring the growth of smart devices connected in the communication network. The communication technologies of greatest interest for IoT are known as Low-Power ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
WiSec '22: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks
May 2022
314 pages
ISBN:9781450392167
DOI:10.1145/3507657
General Chair:
Murtuza Jadliwala
University of Texas at San Antonio, San Antonio, Texas, USA
,
Program Chairs:
Yongdae Kim
Korea Advanced Institute of Science and Technology (KAIST), Daejeon, South Korea
,
Alexandra Dmitrienko
University of Würzburg, Würzburg, Germany
Copyright © 2022 ACM
© 2022 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 16 May 2022
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Badges
Author Tags
iot
lorawan
privacy
re-identification attack
Qualifiers
- short-paper
Conference

Acceptance Rates
Overall Acceptance Rate98of338submissions,29%
Upcoming Conference
WiSec '24

Sponsor:

sigsac

17th ACM Conference on Security and Privacy in Wireless and Mobile Networks

May 27 - 29, 2024

Seoul , Republic of Korea
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 181
  Total Downloads
- Downloads (Last 12 months)83
- Downloads (Last 6 weeks)7
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Device Re-identification in LoRaWAN through Messages Linkage

WiSec '22: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks

ABSTRACT

References

Cited By

Index Terms

Recommendations

When LoRaWAN Frames Collide

LoRaWAN SCHC Fragmentation Demystified

On the Performance of LoRaWAN in Smart City: End-Device Design and Communication Coverage