We present security vulnerabilities of LoRaWAN v1.1 in backward
compatibility scenarios and propose countermeasures. Novel low-power
wireless communication technologies are continuously introduced into the
IoT ecosystem, while the existing ones continue their evolution by
adding new features and fixing known problems. Since most of IoT-based
applications involve communication of sensitive data with remote users,
it is crucial to scrutinize the security of the emerging low-power
wireless communication technologies. LoRaWAN is a Low Power Wide Area
Network (LPWAN) protocol that is optimized for wireless battery-powered
IoT devices. The current LoRaWAN v1.1 states only one possible backward
compatibility scenario without defining all the associated security
behaviors and their implications for the system’s overall security. This
work examines the applicability of v1.0.2 attacks in fall-back cases by
consolidating the vulnerabilities of v1.0.2 and the resulting attacks.
After determining the possible attacks, countermeasures to prevent DoS
attacks that target the join procedure, replay of data, and eavesdropping in backward compatibility scenarios are proposed.