https://media.ccc.de/v/35c3-9491-hunting_the_sigfox_wireless_iot_network_security
Dissecting the radio protocol of Sigfox, the global cellular network for the IoT you have probably never heard of
Sigfox is an emerging low-power wide-area network (LP-WAN) technology for IoT devices, comparable to LoRa.
This talk recounts my analysis of Sigfox’s radio protocol and presents an open reference implementation of an alternative Sigfox protocol stack.
It confirms that while Sigfox ensures authenticity and integrity, transmitted payloads are not confidential.
This presentation is targeted at a technical audience with some basic knowledge of cryptography (security goals, AES), but no knowledge in RF technology (modulation, scrambling, error correction) is required.
Sigfox can be compared to a cellular network, but for mostly battery-powered IoT devices that don’t need to transmit much data. While some sparse details on Sigfox’s architecture and its security have been published and some basic reverse engineering has been carried out, most of the protocol specifications remain proprietary and closed, so by now, no independent security audit was performed. Advertised use cases of Sigfox include air quality monitoring, weather stations, utilities metering and tracking farm animals. In this talk, I illustrate why these applications are fine, but why one might not want to track a money transporter with Sigfox or base a home alarm system on it.
The Sigfox network is very atypical, with uplink and downlink based on different physical layers.
After a short introduction, I begin the presentation by taking a deep dive into Sigfox’s radio protocol with a focus on its Security. Basics of radio technology (SDRs, ultra-narrow band (UNB) modulation, SRD bands) and techniques for analyzing protocols are briefly summarized and the uplink’s and downlink’s frame structures are presented.
Subsequently, I show how a radio sniffer that has captured Sigfox messages can extract the uplink’s and downlink’s contents. While the uplink’s payload is already contained in plaintext, the downlink is scrambled, but I indicate how the downlink’s pseudorandom whitening sequence used for scrambling can be generated or brute-forced by an eavesdropper. Moreover, I outline attacks that could even compromise Sigfox’s authenticity checking.
Finally, I provide some suggestions on how to improve Sigfox’s security.
The reference implementation of an alternative Sigfox protocol stack “librenard” that was created as part of this work as well as reconstructed protocol specifications detailing the uplink and significant portions of the downlink protocol will be published immediately after this talk.
Florian Euchner (Jeija)
https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9491.html
Related Post:
- Liquid Telecom, Sigfox partner IoT network across Kenya
- APARTMENT HUNTING 101:THINGS YOU NEED TO KNOW BEFORE APARTMENT HUNTING!
- Hidden Gem Hunting Ep. 4 – So Many Gems! – Crypto 100X Potential Coins! Altcoin Gem Hunting Crypto
- Hidden Gem Hunting Ep. 15 – LOW & MID CAP! – Crypto 100X Potential Coins! Altcoin Gem Hunting Crypto
- Bitcoin sẽ chiếm ưu thế trên thế giới, bcc sẽ bị xóa khỏi sàn tin bitcoin ngày 9
- Wireless News Desk – October 11, 2019 – Security Concerns with IoT and Tools
- Sigfox at IoT Asia 2018
- ¿Qué es SIGFOX? – Arduino MKR FOX1200 – IoT Español
- IoT: Gigantic Network of Connected Devices | IoT Tutorial | IoT Internet of Things | Edureka
- IoT INTERNET OF THINHS EXPLAINED IN HINDI, WHAT IS IOT NETWORK, IOT EXPLAINED