Blockchain-Based Security Model for LoRaWAN Firmware Updates

The Internet of Things (IoT) is changing the way consumers, businesses, and governments interact with the physical and cyber worlds. More often than not, IoT devices are designed for specific functional requirements or use cases without paying too much attention to security. Consequently, attackers usually compromise IoT devices with lax security to retrieve sensitive information such as encryption keys, user passwords, and sensitive URLs. Moreover, expanding IoT use cases and the exponential growth in connected smart devices significantly widen the attack surface. Despite efforts to deal with security problems, the security of IoT devices and the privacy of the data they collect and process are still areas of concern in research. Whenever vulnerabilities are discovered, device manufacturers are expected to release patches or new firmware to fix the vulnerabilities. There is a need to prioritize firmware attacks, because they enable the most high-impact threats that go beyond what is possible with traditional attacks. In IoT, delivering and deploying new firmware securely to affected devices remains a challenge. This study aims to develop a security model that employs Blockchain and the InterPlanentary File System (IPFS) to secure firmware transmission over a low data rate, constrained Long-Range Wide Area Network (LoRaWAN). The proposed security model ensures integrity, confidentiality, availability, and authentication and focuses on resource-constrained low-powered devices. To demonstrate the utility and applicability of the proposed model, a proof of concept was implemented and evaluated using low-powered devices. The experimental results show that the proposed model is feasible for constrained and low-powered LoRaWAN devices.