LoRaWAN has become one of the most widely adopted LPWAN technologies, but its large-scale use has also exposed several persistent security weaknesses. Recent studies show that unprotected LoRaWAN links are still vulnerable to basic attacks such as eavesdropping (67% success rate) and replay attempts (about 43%), which highlights the need for more practical and adaptive security solutions suitable for low-power devices. In this work, we develop a security framework that combines a hybrid machine-learning model for anomaly detection with a lightweight Zero Trust authentication mechanism. The anomaly detection module merges a tuned LightGBM classifier with an autoencoder-based unsupervised detector. Across multiple attack categories, the combined model achieved an average detection accuracy of 95% and an AUC-ROC of 0.973 while keeping the memory footprint small enough for LoRa-class devices. We also design a Zero Trust authentication scheme based on an optimized Proof-of-Authority blockchain model and a low-cost mutual authentication protocol. The evaluation shows an average authentication delay of about 187 ms and system availability above 99.9%. Although the full framework introduces an energy overhead of approximately 18%, the projected device lifetime remains more than seven years, which is significantly longer than what existing blockchain-based IoT authentication systems provide.
Abdelhady et al. (Thu,) studied this question.