A Novel IoBT Security Assessment Framework: LoRaWAN Case Study

The Internet of Things (IoT) is interesting because this potentially disruptive technology can also be used as a low-cost approach to augment information in military systems. This makes following IoT trends important when considering the future of command and control systems. However, it is critical to make sure that employing IoT for defense purposes, the so-called Internet of Battle eld Things (IoBT), does not introduce unacceptable security risks into the missions. Because of the large variety of devices and the di erent ways in which they can be used, there is no one-size- ts-all security solution, and individual assessments would, ideally, have to be performed for each speci c case. This can quickly become an unmanageable overhead in the mission-planning phase, which can lead to either discarding the technology or using it in an insecure way. In this paper, we discuss a more systematic and e cient approach to assess and manage the security risks associated with IoBT. We outline a modular framework where mission-dependent security requirements can be derived and tested against actual security assessments of relevant IoT devices and technologies. Residual risk can then be identi ed and systematically reduced to an acceptable level where possible. We evaluate the framework by assessing the security of two implementations of the Long Range Wide Area Network (LoRaWAN) protocol in two different military scenarios.