The protection of LP-WAN Endpoints via TEE: A Chemical Storage Case Study

Industrial IoT (IIoT) solutions typically rely on Low-Power Wide Area Network (LP-WAN) protocols to transmit data over long distances while preserving battery life. Regrettably, the distributed nature of LP-WAN deployments and the adoption of managed services make the endpoints-from the field up to the cloud-target of attacks, which could threaten the security and resilience of the infrastructure under monitoring. In this paper, we propose a solution for improving the security of LoRa-based monitoring infrastructures, which is by far the most widely used LP-WAN protocol in the IIoT landscape. We combine two different trusted execution technologies, i.e., ARM TrustZone and Intel SGX, to preserve the chain-of-trust throughout the entire data cycle, i.e. from collection to transmission and processing, and finally to storage. An experimental evaluation is conducted on a real chemical storage infrastructure, managed by Attilio Carmagnani 'AC' S.p.A. We demonstrate the practicability of the proposed approach, i.e. we prove that our solution improves security while also satisfying the performance and energy consumption requirements of a real setup. The technique can be extended to other LP-WAN deployments with minor engineering efforts.