Demystifying Security of LoRaWAN v1.1

LoRa and its upper layers definition LoRaWAN is one of the most promising LPWAN technologies for implementing the Internet of Things (IoT). Although being a popular technology, several works in the literature have revealed various weaknesses regarding the security of LoRaWAN v1.0 (the official 1st draft). By using all these recommendations from the academia and industry, the LoRa-Alliance has worked on the v1.0 to develop an enhanced version and provide more secure and trustable architecture. The result of these efforts ended-up with LoRaWAN v1.1, which was released on Oct 11, 2017. This manuscript aims at demystifying the security aspects and provide a comprehensive Security Risk Analysis related to latest version of LoRaWAN. Besides, it provides several remedies to the recognized vulnerabilities. To the best of authors’ knowledge, this work is one of its first kind by providing a detailed security analysis related to latest version of LoRaWAN. According to our analysis, end-device physical capture, rogue gateway and replay attacks are found to be threating for safety operation of the network. Eventually, v1.1 of LoRaWAN is found to be less vulnerable to attacks compared to v1.0, yet possesses several security implications that need to be addressed and fixed for the upcoming releases.