Last week, engineering firm Occam Technology Group and Syniverse advanced an intelligent parking solution at Syniverse’s headquarters in Tampa, Florida, signaling empty spaces using LoRa technology.
Sensors identify vacant parking spaces and communicate the status of each space back to the Innovation Lab for the Proof-of-Concept across a secure connection to the Syniverse Secure Global Access network.
Security was an important part of the test, which is why Syniverse chose to partner with Occam on the test.
“LoRa connectivity is often used in devices that are stationary in nature and rely on lower amounts of battery usage over an extended time span,” said Michael O’Brien, Syniverse Group Vice President, Corporate Development and Strategy. “Traditionally, while these connections have used minimal power, they have been vulnerable from a security perspective, so we are solving that challenge via our work with Occam.”
Occam designs and develops IoT solutions using multiple communication protocols with special expertise in non-cellular IoT LoRa connectivity for low-power, wide-area networks. The company incorporates radio transceivers into IoT devices and adds its gateway software to connect those devices into Syniverse’s Innovation lab across a secure connection to Syniverse Secure Global Access that mitigates the risks of cyberattacks by operating independently from the public internet.
Last year, the IEEE published a paper on securing LoRa networks, and wrote “LPWAN technologies minimize deployment complexity, while offering long coverages in the order of kilometers. LPWAN technologies such as LoRa and Sigfox are widely used for applications such as smart metering and factory monitoring. In such applications, it is important to ensure that the devices are not vulnerable to security attacks.”
The IEEE also said, “The security of LoRa networks and devices is currently being put to the test in the wild and has already become a major challenge. New features and characteristics of LoRa technology also introduce new vulnerabilities against security attacks.” In the paper, available here, the IEES analyzes the LoRa network stack and discusses the possible susceptibility of LoRa devices to different types of attacks using commercial-off-the-shelf hardware. Their analysis shows that the long-range transmissions of LoRa are vulnerable to multiple security attacks.
“IoT devices that connect via non-cellular LoRa networks are missing a security layer of protection, representing significant potential risk,” said Raymond Carr, Occam Technology Group’s Chief Technology Officer and founder. “Our collaboration with Syniverse is critical in providing the missing security component, so we can help businesses grow and maintain a hardened IoT infrastructure at scale.”
LoRa technology enables wide signal coverage with low power usage that results in sensor batteries that only need to be maintained every five to 10 years, on average. LoRa is well-suited for applications where sensors are not easily accessible over relatively large geographic areas, making long battery life important to avoid having to “rip and replace” sensors.
Security on LoRa networks has been a challenge, given that securing end-points does require compute, and therefore can consume battery.
NCBI recently published a paper on security associated with LoRaWAN, “a media access layer protocol for long-range communication between the devices and application servers via LPWAN gateways.
They wrote, “LoRaWAN comes with fewer security features as a much-secured protocol consumes more battery because of the exorbitant computational overheads. The standard protocol fails to support end-to-end security and perfect forward secrecy while being vulnerable to the replay attack that makes LoRaWAN limited in supporting applications where security (especially end-to-end security) is important.”
They go on to recommend an enhanced LoRaWAN security protocol which not only provides the basic functions of connectivity between the application server and the end device, but additionally addresses security challenges.
In their view, the proposed protocol is developed with two options, the Default Option (DO) and the Security-Enhanced Option (SEO). The protocol is validated through Burrows–Abadi–Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool.
The proposed protocol is also analyzed for overheads through system-based and low-power device-based evaluations.
Their test bed, like the one announced by Syniverse and Occam, was based on a smart factory-enabled parking system.
“The results, in terms of network latency with reliability fitting and signaling overheads, show paramount improvements and better performance for the proposed protocol compared with the two handshake options, Pre-Shared Key (PSK) and Elliptic Curve Cryptography (ECC), of Datagram Transport Layer Security (DTLS),” the study concluded.
Occam Technology Group in June announced its collaboration with Google Cloud and officially became a Google Cloud Partner, announcing the availability of the OccamSmart’s Network Server Stack on Google Cloud Platform, which the company says “enables companies and individuals around the world to innovate, reduce costs, and implement a complete LoRaWAN ecosystem within Google Cloud’s global infrastructure and security model.”
OccamSmart’s Network Server Stack is a component on Google Cloud Platform which implements a LoRaWAN v1.0 Class A network server on the internet. The Network Server Stack receives LoRaWAN device data from gateways which it de-duplicates, validates, and decrypts. The data is then published to an MQTT broker.
Their Network Server Stack also manages device registrations to allow devices to join the network, send and receive data. The server stack supports both Over-The-Air Activation (OTAA) or Activation by Personalization (ABP), as well as Adaptive Data Rate, confirmed uplink data messages, and message deduplication.
Edited by Ken Briodagh