This document discusses security considerations for low-power wide-area networks (LPWANs) that are used for internet of things applications. It addresses why security is important for LPWANs given tradeoffs with functionality, outlines a process for evaluating security needs based on use cases and potential threats, and reviews features that various LPWAN technologies like LTE-M, NB-IoT, LoRaWAN and Sigfox provide related to confidentiality, integrity, availability, authentication, authorization and assurance. The document uses smart utility metering as an example use case to illustrate potential threats and relevant security features.

1. Franklin Heath Ltd
What Security Do You Need From
Low-Power Wide-Area Networks?
Craig Heath
@heathcr
Mobile360 – Privacy & Security
24 May 2017

2. © Franklin Heath Ltd c b CC BY 4.0
What Security Do You Need From
Low-Power Wide-Area Networks?
24 May 2017 2
 Why do You Need to Know?
 How do You Work it Out?
 What Features do You Need?
 Which LPWANs Suit You?
White Paper:
LPWA Technology
Security Comparison
franklinheath.co.uk/blog/

3. © Franklin Heath Ltd c b CC BY 4.0
Why do You Need to Know?
24 May 2017 3
 Low-Power WANs provide benefits for the Internet of Things:
 low BoM cost (← lower device complexity ?)
 extended coverage (← lower data rates ?)
 long battery life (← lower data throughput ?)
 Security features usually have costs, such as:
 more device complexity (→ higher BoM cost ?)
 higher data rates (→ reduced coverage ?)
 higher data throughput (→ reduced battery life ?)
 Trade-offs have to be managed

4. © Franklin Heath Ltd c b CC BY 4.0
How do You Work it Out?
24 May 2017 4
 You know your use case
 Who / what are the threats? Why?
 Consider the relevant risks:
 S poofing
 T ampering
 R epudiation
 I nformation Disclosure
 D enial of Service
 E levation of Privilege

5. © Franklin Heath Ltd c b CC BY 4.0
Example Use Case: Utility Metering
24 May 2017 5
 Example threats:
 Utility customer: wants to cheat to reduce their bills?
 Burglar: wants to know when the property is unoccupied?
 STRIDE (and resilience) risks:
 Spoofing (e.g. customer replaces device)
 Tampering (e.g. customer changes the readings sent)
 Information Disclosure (e.g. burglar sees when readings are low)
 Resilience (e.g. blackmail threat of disabling many meters)
(e.g. OTA update required for inaccessible meters)

6. © Franklin Heath Ltd c b CC BY 4.0
What Features do You Need?
24 May 2017 6
Spoofing Tampering Repudiation Information
Disclosure
Denial of
Service
Elevation of
Privilege
Resilience
Confidentiality 4 / 4
Integrity 1 / 3 2 / 3 1 / 3
Availability 1 / 1 1 / 1 1 / 1
Authentication 3 / 3 1 / 3
Authorization 1 / 1
Assurance 2 / 6 1 / 6 6 / 6
Renewability 2 / 2

7. © Franklin Heath Ltd c b CC BY 4.0
Utility Metering Example: 6 of 20 Features
24 May 2017 7
LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Identity Protection Yes Yes Yes Partial No
Device/Subscriber
Authentication
Subscriber
(opt. Device)
Subscriber
(opt. Device)
Subscriber
(opt. Device)
Either Device
Data Integrity Limited Optional Limited Limited Variable
Updatability
(Device)
Possible Possible Possible Limited No
Updatability
(Keys/Algorithms)
Optional Optional Optional Limited No
Class Break
Resistance
Yes Yes Yes Optional Yes
I
S
T

8. © Franklin Heath Ltd c b CC BY 4.0
Other Example Use Cases in our Report
24 May 2017 8
LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Smart Pallet Good Good * Adequate Good Poor
Smart Agriculture Good Good Good Adequate Adequate
Smart Street Lighting Adequate Good * Adequate Adequate * Adequate
Utility Metering Adequate * Good * Adequate * Adequate Poor
Domestic Smoke Detectors Good Good Good Adequate Adequate
Assessments marked * include some features which are optional to the service provider

9. © Franklin Heath Ltd c b CC BY 4.0
Thank You!
24 May 2017
craig@franklinheath.co.uk
@heathcr
@franklinheath
9

10. © Franklin Heath Ltd c b CC BY 3.024 May 2017 10
Backup Slides

11. © Franklin Heath Ltd c b CC BY 4.0
LPWAN Security Features (1/5)
24 May 2017 11
Confidentiality LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Identity Protection Yes Yes Yes Partial No
Data
Confidentiality
Yes Yes Optional Yes No
End-to-Middle
Security
No No Partial Yes No
Forward Secrecy No No No No No
I
I
I
I

12. © Franklin Heath Ltd c b CC BY 4.0
LPWAN Security Features (2/5)
24 May 2017 12
Integrity LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Data Integrity Limited Optional Limited Limited Variable
Control Integrity Yes Yes Optional Yes Unknown
Replay Protection Yes Optional Limited Yes Yes
T
S
T R
T RD
Availability LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Reliable Delivery Yes Yes Yes No No

13. © Franklin Heath Ltd c b CC BY 4.0
LPWAN Security Features (3/5)
24 May 2017 13
Authentication LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Globally Unique
Identifiers
Yes Yes Yes Optional Yes
Device/Subscriber
Authentication
Subscriber
(opt. Device)
Subscriber
(opt. Device)
Subscriber
(opt. Device)
Either Device
Network
Authentication
Yes Yes Yes Optional No
Authorisation LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Critical
Infrastructure Class
Yes Yes Yes No No
S
S
S
E
R

14. © Franklin Heath Ltd c b CC BY 4.0
LPWAN Security Features (4/5)
24 May 2017 14
Assurance LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Network Monitoring
and Filtering
Yes Yes Yes Limited
Monitoring
only
Key Provisioning
OTA
possible
OTA
possible
OTA
possible
OTA
possible
Not OTA
Algorithm
Negotiation
Yes Yes Yes No No
Class Break
Resistance
Yes Yes Yes Optional Yes
Certified
Equipment
Required Required Required Optional Required
IP Network Optional Optional Yes No No
DE
D

15. © Franklin Heath Ltd c b CC BY 4.0
LPWAN Security Features (5/5)
24 May 2017 15
Renewability LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Updatability
(Device)
Possible Possible Possible Limited No
Updatability
(Keys/Algorithms)
Optional Optional Optional Limited No