Visible to the public CloakLoRa: A Covert Channel over LoRa PHY

TitleCloakLoRa: A Covert Channel over LoRa PHY
Publication TypeConference Paper
Year of Publication2020
AuthorsHou, N., Zheng, Y.
Conference Name2020 IEEE 28th International Conference on Network Protocols (ICNP)
Keywordsamplitude modulated covert channel, amplitude modulation, Buildings, Cascading style sheets, Chirp, CloakLoRa, compositionality, COTS LoRa nodes, covert channels, covert communication, covert information, cryptography, data encapsulation, differentiate LoRa symbols, Frequency modulation, lora, LoRa chirps, LoRa PHY, LoRa physical layer, Payloads, pubcrawl, Receivers, regular LoRa node, regular LoRa packet, resilience, Resiliency, Scalability, security, software radio, spread spectrum communication, telecommunication security, unique modulation scheme, wireless channels
AbstractThis paper describes our design and implementation of a covert channel over LoRa physical layer (PHY). LoRa adopts a unique modulation scheme (chirp spread spectrum (CSS)) to enable long range communication at low-power consumption. CSS uses the initial frequencies of LoRa chirps to differentiate LoRa symbols, while simply ignoring other RF parameters (e.g., amplitude and phase). Our study reveals that the LoRa physical layer leaves sufficient room to build a covert channel by embedding covert information with a modulation scheme orthogonal to CSS. To demonstrate the feasibility of building a covert channel, we implement CloakLoRa. CloakLoRa embeds covert information into a regular LoRa packet by modulating the amplitudes of LoRa chirps while keeping the frequency intact. As amplitude modulation is orthogonal to CSS, a regular LoRa node receives the LoRa packet as if no secret information is embedded into the packet. Such an embedding method is transparent to all security mechanisms at upper layers in current LoRaWAN. As such, an attacker can create an amplitude modulated covert channel over LoRa without being detected by current LoRaWAN security mechanism. We conduct comprehensive evaluations with COTS LoRa nodes and receive-only software defined radios and experiment results show that CloakLoRa can send covert information over 250m.
Citation Keyhou_cloaklora_2020