Decoding the LoRa PHY: Dissecting a Modern Wireless Network for the Internet of Things

Presented at 33C3 (2016), Dec. 29, 2016, 6:30 p.m. (60 minutes)

LoRa is an emerging Low Power Wide Area Network, a new class of wireless technology designed to connect everything from streetlights to intelligent mousetraps. I will discuss the design and security implications of LPWANs, dive deep into the LoRa PHY, and demonstrate sniffing and injection with an open source LoRa transceiver built on commodity Software Defined Radio tools.

This talk will demonstrate techniques for decoding the LoRa PHY layer and will introduce gr-lora, an open source implementation of the protocol. LoRa is a Low Power Wide Area Network (LPWAN), an emerging class of wireless technology optimized for embedded and Internet of Things focused applications. LoRa is unique because it uses a chirp spread spectrum modulation that encodes data into RF features more commonly encountered in RADAR systems. LoRa is also designed to operate in unlicensed ISM frequency bands, both avoiding costly spectrum licensing requirements and democratizing long-range network infrastructure to consumers and new commercial operators alike. After briefly introducing the audience to LPWANs, I will walk through the SDR and DSP techniques required to demodulate and decode LoRa packets. In addition I will discuss gr-lora, an open-source implementation of the PHY that can be leveraged to design LoRa security test tools and drive future research.


Presenters:

  • Matt Knight
    Matt is a software engineer and security researcher with Bastille Networks, where he seeks to discover vulnerabilities in the ubiquitous wireless interfaces that connect embedded devices to the Internet of Things. In 2016, he documented the closed-source LoRa PHY based on blind signal analysis. Matt holds a BE with a concentration in Electrical Engineering from Dartmouth College. Matt is a software engineer and security researcher with Bastille Networks, where he seeks to discover vulnerabilities in the ubiquitous wireless interfaces that connect embedded devices to the Internet of Things. In 2016, he documented the closed-source LoRa PHY based on blind signal analysis. Matt previously worked as a hardware and wireless security consultant, leveraging Software Defined Radio to craft custom attacks against embedded devices, and has developed wireless networking products for a variety of customers. Matt holds a BE with a concentration in Electrical Engineering from Dartmouth College.

Links:

Similar Presentations: