Low Power Wide Area Network (LPWAN) technologies like Long Range Wide Area Network (LoRaWAN) are used for creating low maintenance sensor networks in many scenarios. The central part of a LoRaWAN is the Network Server (NS). Previous security research often focused on conceptual security issues in the protocol, this work evaluates fuzzing, the security testing using semi-valid random messages, as a technique to find vulnerabilities in NSs. We investigate the situation of practical network deployments and software in use. Then we derive an approach for a general fuzzing framework for NSs. We present our fuzzer implementation in detail and describe experiments we conducted with an example network server. The results show that this network server was susceptible to a denial of service attack. We therefore conclude that fuzzing is an appropriate tool for making LoRaWANs more secure by uncovering vulnerabilities in NSs.
Jul 2019
Completed