Is it true Gateways can be knocked out by other sensors?

(Stephenwestley) #1

Hello All,
We are looking at various LPWAN solutions and I am not technical so apologises to all of you!
I am trying to understand Lora and the pros and cons. I have been told that as Gateways listen to ALL end nodes and end nodes send data to ANY Gateways there is a possibility that if someone was malice they could target a Gateway and force it to fall over.
Sorry if this is silly question but just trying to understand.
BR All.

(Ud Lo Ra) #2

Any radio technology does not behave like a single wire between the node and the gateway/cell station/router/ etc. Nodes/phones/computers do not send data to a device: they emit some signal, that can be collected by some gateway/cell tower/router/etc. When you transmit, everyone will receive the raw signal. The recipient may then discard what received, if it is not the expected one.
In fact, as you know, you have jammers also for cellular phone signals, and there are documented techniques for Denial of Service on 2G, 3G, 4G. So in principle it could be possible to do it also with LoRa, although I personally would be more worried about the network server/ application security, more traditionally.
Some better expert will give you more detail :slight_smile:


No ,a node cannot ‘select’ a gateway

some study material to start:

(Jeff Uk) #4

If I understand LoRa network operation correctly - and please I stand to be corrected if someone knows better - If there is only one GW reachable in an area and there is then a large swarm of end nodes (or if two GW’s or small number and then a much larger swarm) - intentional or otherwise - all running up to their own duty cycle limits (FUP not withstanding) and continuously/repeatedly issuing join requests and/or ACK’s for all packages (as used to be the case with certain sensor nodes) then the GW can be overwhelmed effectively saturating its downlink TX capacity within duty-cycle limits effectively taking it off air for any further joint req’s, acks, or download command & control & MAC messages for a period…can continue to Rx uplinks of course :slight_smile: Remember also GW’s are effectively half duplex so can’t Rx when Tx so even if not fully saturated the GW’s Rx capacity can start to be limited by forcing lots of downlink Tx’s - as has been demonstrated in a number of academic studies…other half duplex technology based radio networks would suffer similar fate.

As any intentional DoS based on such a swarm is likely malicious there is also a good chance the nodes may also be set up to breach their own duty-cycle limits - effectively reducing the swarm size needed to effect the DoS.

Whilst GW’s are effectively ‘just’ transparent packet fwding engines with meta-data append they have little option to defend them selves, however, it is possible to implement white/black listing/filtering if needed at the GW such that the network can mitigate such attacks by recognising badly behave or malicious nodes then pushing a service denial list out to that lone GW such that it drops packets from such nodes when they are received…if dropped there is then no opportunity for request Join, ACK or app associated downlinks and the attack is nipped in the bud! Problem is risk of false positives or of legit nodes getting accidentally caught in the sweep - perhaps if a node is marginal on signal coverage and having to attempt multiple join req’s before finally establishing a network subscription link…?

I think this is more a theoretical risk than real as where other radio networks can be taken of air by simple jammers - think GPS jammer to stop tracking, or hotels & restaurants blocking cell coverage (illegal or not!) - which are economically available, the investment required to get a large swarm of LoraWAN nodes deployed would be far higher - IMHO.

All radio networks are susceptible to interference or jamming attempts, as stated earlier in the thread, its just a question of bad actor economics…

I believe LoRa based deployments to be more resilient than most (if not resistant as some slides occasionally call out - that’s marketing play! :wink: )

(Jeff Uk) #5

Of course the best way to mitigate against such a swarm attack is to deploy multiple GW’s covering an area…so go join your local TTN community and start deploying! :smile: :sunglasses: