Renaud Lifchitz

Renaud LifchitzSpeaker Name: Renaud Lifchitz

Title: Security review of LoRaWAN networks

LoRa is on the most well-known LPWAN (Low–Power, Wide-Area Networks) protocol used in IoT environments. LoRaWAN is the operated version of LoRa, currently being deployed in many countries by network operators for various usages: smart home, smart building, smart city, smart metering, We will study thoroughly all aspects of the LoRaWAN security and give recommendations accordingly.



 Introduction to LoRaWAN networks & protocol

  • Use cases
  • Radio protocol
  • Device classes (Class A, B and C devices)
  • Cryptography

Protocol attacks

  • De-anonymization
  • Attacks on encryption
  • Attacks on plain text messages
  • Attacks on encrypted messages
  • MIC brute forcing
  • Attacks on activation
  • Join requests replay
  • Recommendations

Implementation weaknesses

  • Attacks on join requests nonce
  • Key management weaknesses
  • Recommendations

Hardware attacks on node devices

  •  Key recovery using debug ports
  • Key recovery using side-channel attacks
  • Message injection
  • Recommendations
About the Speaker
Renaud Lifchitz is a French senior IT security consultant. He has a solid penetration testing, training and research background. His main interests are protocol security (authentication, cryptography, protocol security, information leakage, zero-knowledge proof, RFID security) and number theory. He currently mostly works on wireless protocols security and was speaker for the following international conferences: CCC 2010 (Germany), Hackito Ergo Sum 2010 & 2012 & 2014 (France), DeepSec 2012 (Austria), Nuit Du Hack 2016 (France), Shakacon 2012 (USA), 8dot8 2013 (Chile).