Brussels / 3 & 4 February 2018


LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR

LoRa is a novel wireless modulation scheme designed for low data rate, low-power and long-range communications. In this presentation, we will discuss the various processing stages taking place on the LoRa PHY layer, including coding, whitening, interleaving, modulation and preamble detection. We will subsequently learn how hardware LoRa radios can be reverse engineered in order to build our own LoRa decoder with GNU Radio and software defined radios. The concept of PHY-layer fingerprinting will also be briefly explained, showing how we can identify individual LoRa radios using only their raw radio signals and a neural network. Finally, we will see how software defined radios can be leveraged to perform electromagnetic side-channel attacks on the AES encryption scheme, which is used by LoRa and various other wireless protocols. Such attacks enable the recovery of an unknown secret key given a set of known plaintexts and proximal measurements of the electromagnetic spectrum taken during the encryption process.


Photo of Pieter Robyns Pieter Robyns