TY - GEN
T1 - CloakLoRa: A Covert Channel over LoRa PHY
AU - Hou, Ningning
AU - Zheng, Yuanqing
N1 - Funding Information:
We would like to thank our shepherd Dr Ashwin Ashok and anonymous reviewers for their constructive feedback and valuable comments for improving the quality of this paper. This work is supported by the National Nature Science Foundation of China under grant 61702437 and Hong Kong GRF under grant PolyU 152165/19E. Yuanqing Zheng is the corresponding author.
Publisher Copyright:
© 2020 IEEE.
PY - 2020/10/13
Y1 - 2020/10/13
N2 - This paper describes our design and implementation of a covert channel over LoRa physical layer (PHY). LoRa adopts a unique modulation scheme (chirp spread spectrum (CSS)) to enable long range communication at low-power consumption. CSS uses the initial frequencies of LoRa chirps to differentiate LoRa symbols, while simply ignoring other RF parameters (e.g., amplitude and phase). Our study reveals that the LoRa physical layer leaves sufficient room to build a covert channel by embedding covert information with a modulation scheme orthogonal to CSS. To demonstrate the feasibility of building a covert channel, we implement CloakLoRa. CloakLoRa embeds covert information into a regular LoRa packet by modulating the amplitudes of LoRa chirps while keeping the frequency intact. As amplitude modulation is orthogonal to CSS, a regular LoRa node receives the LoRa packet as if no secret information is embedded into the packet. Such an embedding method is transparent to all security mechanisms at upper layers in current LoRaWAN. As such, an attacker can create an amplitude modulated covert channel over LoRa without being detected by current LoRaWAN security mechanism. We conduct comprehensive evaluations with COTS LoRa nodes and receive-only software defined radios and experiment results show that CloakLoRa can send covert information over 250m.
AB - This paper describes our design and implementation of a covert channel over LoRa physical layer (PHY). LoRa adopts a unique modulation scheme (chirp spread spectrum (CSS)) to enable long range communication at low-power consumption. CSS uses the initial frequencies of LoRa chirps to differentiate LoRa symbols, while simply ignoring other RF parameters (e.g., amplitude and phase). Our study reveals that the LoRa physical layer leaves sufficient room to build a covert channel by embedding covert information with a modulation scheme orthogonal to CSS. To demonstrate the feasibility of building a covert channel, we implement CloakLoRa. CloakLoRa embeds covert information into a regular LoRa packet by modulating the amplitudes of LoRa chirps while keeping the frequency intact. As amplitude modulation is orthogonal to CSS, a regular LoRa node receives the LoRa packet as if no secret information is embedded into the packet. Such an embedding method is transparent to all security mechanisms at upper layers in current LoRaWAN. As such, an attacker can create an amplitude modulated covert channel over LoRa without being detected by current LoRaWAN security mechanism. We conduct comprehensive evaluations with COTS LoRa nodes and receive-only software defined radios and experiment results show that CloakLoRa can send covert information over 250m.
KW - Covert communication
KW - LoRa
UR - http://www.scopus.com/inward/record.url?scp=85097200119&partnerID=8YFLogxK
U2 - 10.1109/ICNP49622.2020.9259364
DO - 10.1109/ICNP49622.2020.9259364
M3 - Conference article published in proceeding or book
AN - SCOPUS:85097200119
T3 - Proceedings - International Conference on Network Protocols, ICNP
SP - 1
EP - 11
BT - 28th IEEE International Conference on Network Protocols, ICNP 2020
PB - IEEE Computer Society
T2 - 28th IEEE International Conference on Network Protocols, ICNP 2020
Y2 - 13 October 2020 through 16 October 2020
ER -