{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T14:59:07Z","timestamp":1775487547760,"version":"3.50.1"},"reference-count":41,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2018,12,21]],"date-time":"2018-12-21T00:00:00Z","timestamp":1545350400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["20201010 (SMART Project)"],"award-info":[{"award-number":["20201010 (SMART Project)"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>LoRa (along with its upper layers definition\u2014LoRaWAN) is one of the most promising Low Power Wide Area Network (LPWAN) technologies for implementing Internet of Things (IoT)-based applications. Although being a popular technology, several works in the literature have revealed vulnerabilities and risks regarding the security of LoRaWAN v1.0 (the official 1st specification draft). The LoRa-Alliance has built upon these findings and introduced several improvements in the security and architecture of LoRa. The result of these efforts resulted in LoRaWAN v1.1, released on 11 October 2017. This work aims at reviewing and clarifying the security aspects of LoRaWAN v1.1. By following ETSI guidelines, we provide a comprehensive Security Risk Analysis of the protocol and discuss several remedies to the security risks described. A threat catalog is presented, along with discussions and analysis in view of the scale, impact, and likelihood of each threat. To the best of the authors\u2019 knowledge, this work is one of the first of its kind, by providing a detailed security risk analysis related to the latest version of LoRaWAN. Our analysis highlights important practical threats, such as end-device physical capture, rogue gateway and self-replay, which require particular attention by developers and organizations implementing LoRa networks.<\/jats:p>","DOI":"10.3390\/fi11010003","type":"journal-article","created":{"date-parts":[[2018,12,21]],"date-time":"2018-12-21T09:24:11Z","timestamp":1545384251000},"page":"3","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":102,"title":["Security Risk Analysis of LoRaWAN and Future Directions"],"prefix":"10.3390","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1723-5741","authenticated-orcid":false,"given":"Ismail","family":"Butun","sequence":"first","affiliation":[{"name":"Information Systems and Technology, Mid Sweden University, 851 70 Sundsvall, Sweden"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6370-9373","authenticated-orcid":false,"given":"Nuno","family":"Pereira","sequence":"additional","affiliation":[{"name":"School of Engineering (DEI\/ISEP), Polytechnic of Porto (IPP), 4200-072 Porto, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0873-7827","authenticated-orcid":false,"given":"Mikael","family":"Gidlund","sequence":"additional","affiliation":[{"name":"Information Systems and Technology, Mid Sweden University, 851 70 Sundsvall, Sweden"}]}],"member":"1968","published-online":{"date-parts":[[2018,12,21]]},"reference":[{"key":"ref_1","unstructured":"Friedman, V. (2018, September 13). On the Edge: Solving the Challenges of Edge Computing in the Era of IoT. Available online: https:\/\/data-economy.com\/on-the-edge-solving-the-challenges-of-edge-computing-in-the-era-of-iot\/."},{"key":"ref_2","unstructured":"Rohan, M. (2018, August 22). Low Power Wide Area Network Market Worth 24.46 Billion USD by 2021. Available online: https:\/\/www.bizjournals.com\/prnewswire\/press_releases."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Kocakulak, M., and Butun, I. (2017, January 9\u201311). An overview of Wireless Sensor Networks towards internet of things. Proceedings of the 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC.2017.7868374"},{"key":"ref_4","unstructured":"De Carvalho Silva, J., Rodrigues, J.J., Alberti, A.M., Solic, P., and Aquino, A.L. (2017, January 12\u201314). LoRaWAN\u2014A low power WAN protocol for Internet of Things: A review and opportunities. Proceedings of the 2017 2nd International Multidisciplinary Conference on Computer and Energy Science (SpliTech), Split, Croatia."},{"key":"ref_5","unstructured":"LoRa Technology (2018, August 22). Semtech Inc.. Available online: http:\/\/www.semtech.com\/wireless-rf\/internet-of-things\/what-is-lora\/."},{"key":"ref_6","unstructured":"(2018, August 22). Sigfox Inc.. Available online: https:\/\/sigfox.com."},{"key":"ref_7","unstructured":"(2018, October 22). Home Standardization of NB-IoT Completed. Available online: http:\/\/www.3gpp.org\/news-events\/3gpp-news\/1785-nb_iot_complete."},{"key":"ref_8","unstructured":"(2018, August 22). Weightless SIG. Available online: http:\/\/weightless.org\/."},{"key":"ref_9","unstructured":"(2018, August 22). Waviot Inc.. Available online: http:\/\/waviot.com\/."},{"key":"ref_10","unstructured":"(2018, August 22). Nwave Technologies Inc.. Available online: http:\/\/nwave.io."},{"key":"ref_11","unstructured":"(2018, August 22). Ingenu Inc.. Available online: http:\/\/ingenu.com\/technology\/rpma\/."},{"key":"ref_12","unstructured":"(2018, August 22). Telensa Inc.. Available online: https:\/\/telensa.com\/unb-wireless\/."},{"key":"ref_13","unstructured":"(2018, August 22). Qowisio Inc.. Available online: http:\/\/qowisio.com."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Vangelista, L., Zanella, A., and Zorzi, M. (2015). Long-range IoT technologies: The dawn of LoRa\u2122. Future Access Enablers of Ubiquitous and Intelligent Infrastructures, Springer.","DOI":"10.1007\/978-3-319-27072-2_7"},{"key":"ref_15","unstructured":"(2018, August 22). The Things Network. Available online: http:\/\/thethingsnetwork.org\/."},{"key":"ref_16","unstructured":"(2018, August 22). LoRaWAN 1.1 Specification. Lora Alliance. Available online: http:\/\/lora-alliance.org\/lorawan-for-developers."},{"key":"ref_17","unstructured":"(2018, August 22). The New Gumstix Conduit Dev Boards. Available online: https:\/\/gumstix.com\/lorawan-family\/."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"487","DOI":"10.1109\/SURV.2012.021312.00138","article-title":"Attacks and countermeasures on 802.16: Analysis and assessment","volume":"15","author":"Kolias","year":"2013","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_19","unstructured":"Antipolis, S., and Girard, P. (2015). Low Power Wide Area Networks Security, Gemalto Inc.. White Paper."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Tomasin, S., Zulian, S., and Vangelista, L. (2017, January 19\u201322). Security Analysis of LoRaWAN Join Procedure for Internet of Things Networks. Proceedings of the 2017 IEEE Wireless Communications and Networking Conference Workshops (WCNCW), San Francisco, CA, USA.","DOI":"10.1109\/WCNCW.2017.7919091"},{"key":"ref_21","unstructured":"Zulian, S. (2016). Security Threat Analysis and Countermeasures for Lorawan Join Procedure. [Master\u2019s Thesis, Universit\u2019a degli Studi di Padova]."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Naoui, S., Elhdhili, M.E., and Saidane, L.A. (2016, January 22\u201325). Enhancing the security of the IoT LoraWAN architecture. Proceedings of the 2016 International Conference on Performance Evaluation and Modeling in Wired and Wireless Networks (PEMWN), Paris, France.","DOI":"10.1109\/PEMWN.2016.7842904"},{"key":"ref_23","unstructured":"Miller, R. (2017, January 31). Lora Security: Building a Secure Lora Solution. Proceedings of the 2017 SyScan360 Information Security Conference, Seattle, WA, USA."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Kim, J., and Song, J. (2017). A Dual Key-Based Activation Scheme for Secure LoRaWAN. Wirel. Commun. Mob. Comput., 2017.","DOI":"10.1155\/2017\/6590713"},{"key":"ref_25","unstructured":"Na, S., Hwang, D., Shin, W., and Kim, K.H. (2017, January 11\u201313). Scenario and countermeasure for replay attack using join request messages in LoRaWAN. Proceedings of the 2017 International Conference on Information Networking (ICOIN), Da Nang, Vietnam."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Mahmood, A., Sisinni, E., Guntupalli, L., Rondon, R., Hassan, S.A., and Gidlund, M. (2018). Scalability Analysis of a LoRa Network under Imperfect Orthogonality. IEEE Trans. Ind. Inform.","DOI":"10.1109\/TII.2018.2864681"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Aras, E., Ramachandran, G.S., Lawrence, P., and Hughes, D. (2017, January 21\u201323). Exploring The Security Vulnerabilities of LoRa. Proceedings of the 2017 3rd IEEE International Conference on Cybernetics (CYBCONF), Exeter, UK.","DOI":"10.1109\/CYBConf.2017.7985777"},{"key":"ref_28","unstructured":"Voigt, T., Bor, M., Roedig, U., and Alonso, J. (2017, January 20\u201322). Mitigating Inter-network Interference in LoRa Networks. Proceedings of the 2017 International Conference on Embedded Wireless Systems and Networks, Uppsala, Sweden."},{"key":"ref_29","unstructured":"Yang, X. (2017). LoRaWAN: Vulnerability Analysis and Practical Exploitation. [M.Sc. Thesis, Delft University of Technology]."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Lin, J., Shen, Z., and Miao, C. (2017, January 6\u20139). Using Blockchain Technology to Build Trust in Sharing LoRaWAN IoT. Proceedings of the 2nd International Conference on Crowd Science and Engineering, Beijing, China.","DOI":"10.1145\/3126973.3126980"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Sanchez-Iborra, R., S\u00e1nchez-G\u00f3mez, J., P\u00e9rez, S., Fern\u00e1ndez, P.J., Santa, J., Hern\u00e1ndez-Ramos, J.L., and Skarmeta, A.F. (2018). Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach. Sensors, 18.","DOI":"10.3390\/s18061833"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"You, I., Kwon, S., Choudhary, G., Sharma, V., and Seo, J.T. (2018). An Enhanced LoRaWAN Security Protocol for Privacy Preservation in IoT with a Case Study on a Smart Factory-Enabled Parking System. Sensors, 18.","DOI":"10.3390\/s18061888"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Haxhibeqiri, J., De Poorter, E., Moerman, I., and Hoebeke, J. (2018). A Survey of LoRaWAN for IoT: From Technology to Application. Sensors, 18.","DOI":"10.3390\/s18113995"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1016\/j.procs.2018.07.143","article-title":"Security of LoRaWAN v1.1 in Backward Compatibility Scenarios","volume":"134","author":"Nigussie","year":"2018","journal-title":"Procedia Comput. Sci."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Butun, I., Pereira, N., and Gidlund, M. (2018, January 25). Analysis of LoRaWAN V1.1 Security: Research Paper. Proceedings of the 4th ACM MobiHoc Workshop on Experiences with the Design and Implementation of Smart Objects, Los Angeles, CA, USA.","DOI":"10.1145\/3213299.3213304"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Pl\u00f3sz, S., Farshad, A., Tauber, M., Lesjak, C., Ruprechter, T., and Pereira, N. (2014, January 16\u201319). Security vulnerabilities and risks in industrial usage of wireless communication. Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA), Barcelona, Spain.","DOI":"10.1109\/ETFA.2014.7005129"},{"key":"ref_37","unstructured":"ETSI, TS. (2003). Telecommunications and Internet Protocol Harmonization over Networks (TIPHON) Release 4; Protocol Framework Definition; Methods and Protocols for Security; Part 1: Threat Analysis, ETSI TS. Technical Specification."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1109\/MCOM.2017.1600613","article-title":"Understanding the limits of LoRaWAN","volume":"55","author":"Adelantado","year":"2017","journal-title":"IEEE Commun. Mag."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Boyko, V., MacKenzie, P., and Patel, S. (2000, January 14\u201318). Provably secure password-authenticated key exchange using Diffie-Hellman. Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Bruges, Belgium.","DOI":"10.1007\/3-540-45539-6_12"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Meier, S., Schmidt, B., Cremers, C., and Basin, D. (2013, January 13\u201319). The TAMARIN prover for the symbolic analysis of security protocols. Proceedings of the International Conference on Computer Aided Verification, Saint Petersburg, Russia.","DOI":"10.1007\/978-3-642-39799-8_48"},{"key":"ref_41","unstructured":"Cremers, C.J.F. (2006). Scyther: Semantics and Verification of Security Protocols. [Ph.D. Thesis, Eindhoven University of Technology]."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/11\/1\/3\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:35:22Z","timestamp":1760196922000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/11\/1\/3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,12,21]]},"references-count":41,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2019,1]]}},"alternative-id":["fi11010003"],"URL":"https:\/\/doi.org\/10.3390\/fi11010003","relation":{"has-preprint":[{"id-type":"doi","id":"10.20944\/preprints201811.0531.v1","asserted-by":"object"}]},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,12,21]]}}}