Adversarial Attack and Defense for LoRa Device Identification and Authentication via Deep Learning
Yalin E. Sagduyu, Tugba Erpek
TL;DR
This work addresses security challenges in LoRa-based IoT networks by studying DL-based device identification and rogue-signal detection and examining KDE-driven spoofing alongside FGSM-based adversarial attacks. The authors implement CNN and FNN classifiers on real over-the-air LoRa I/Q data for two tasks: device identification and rogue-vs-legitimate classification, and extend to a multi-task setup with shared representations. They demonstrate that both single-task and multi-task models are vulnerable to untargeted and targeted FGSM perturbations, with transferability affecting attack effectiveness, and they propose hybrid perturbations to improve cross-model impact. Defense is provided via adversarial training, which substantially reduces attack success while preserving most of the clean-data accuracy. The results underscore the need for robust defenses in RF fingerprinting-based LoRa security and offer practical, deployable strategies for strengthening IoT networks against subtle, real-world adversarial threats.
Abstract
LoRa provides long-range, energy-efficient communications in Internet of Things (IoT) applications that rely on Low-Power Wide-Area Network (LPWAN) capabilities. Despite these merits, concerns persist regarding the security of LoRa networks, especially in situations where device identification and authentication are imperative to secure the reliable access to the LoRa networks. This paper explores a deep learning (DL) approach to tackle these concerns, focusing on two critical tasks, namely (i) identifying LoRa devices and (ii) classifying them to legitimate and rogue devices. Deep neural networks (DNNs), encompassing both convolutional and feedforward neural networks, are trained for these tasks using actual LoRa signal data. In this setting, the adversaries may spoof rogue LoRa signals through the kernel density estimation (KDE) method based on legitimate device signals that are received by the adversaries. Two cases are considered, (i) training two separate classifiers, one for each of the two tasks, and (ii) training a multi-task classifier for both tasks. The vulnerabilities of the resulting DNNs to manipulations in input samples are studied in form of untargeted and targeted adversarial attacks using the Fast Gradient Sign Method (FGSM). Individual and common perturbations are considered against single-task and multi-task classifiers for the LoRa signal analysis. To provide resilience against such attacks, a defense approach is presented by increasing the robustness of classifiers with adversarial training. Results quantify how vulnerable LoRa signal classification tasks are to adversarial attacks and emphasize the need to fortify IoT applications against these subtle yet effective threats.