Low-Power Wide Area Networks (LPWANs), and LoRaWAN in particular, are increasingly used in maritime telemetry because they combine long-range communication, low-power operation, and low deployment cost. These same advantages, however, also create a security environment in which protocol misuse, targeted radio interference, and traffic predictability may generate substantial operational risk even when payload encryption remains intact. This paper presents a reproducible simulation study of three security-relevant threat surfaces in maritime LoRaWAN settings: replay attacks, deterministic narrowband jamming, and metadata-based re-identification exposure. The work adopts a digital-twin methodology in which a maritime-like LoRaWAN baseline is synthesized under EU863–870 MHz settings, temporally shaped to resemble port-oriented operational cycles, and then transformed through controlled attack injection and descriptive statistical analysis. The implemented generator creates 20{,}000 baseline transmissions from 180 simulated devices over a 72 h observation horizon, after which replay and jamming scenarios are added and device-level metadata-risk scores are computed from cadence regularity and parameter predictability. In the executed dataset, replay injection generated 400 delayed duplicates and remained statistically close to non-replay traffic across spreading factor, payload size, RSSI, and SNR. By contrast, deterministic narrowband jamming produced a highly pronounced SNR shift while leaving the remaining radio features comparatively stable. Device-level metadata-risk scores were measurable but moderate, indicating that metadata exposure remains relevant but model-dependent. The study demonstrates that a digital-twin framework can support systematic cybersecurity experimentation for maritime LPWAN environments without requiring direct access to proprietary operational data. It also shows that replay, jamming, and metadata leakage should be treated not as isolated technical curiosities, but as interrelated operational security concerns that emerge from the interaction of protocol behavior, temporal structure, and radio-layer observability.
Low-Power Wide Area Networks (LPWANs), and LoRaWAN in particular, are increasingly used in maritime telemetry because they combine long-range communication, low-power operation, and low deployment cost. These same advantages, however, also create a security environment in which protocol misuse, targeted radio interference, and traffic predictability may generate substantial operational risk even when payload encryption remains intact. This paper presents a reproducible simulation study of three security-relevant threat surfaces in maritime LoRaWAN settings: replay attacks, deterministic narrowband jamming, and metadata-based re-identification exposure. The work adopts a digital-twin methodology in which a maritime-like LoRaWAN baseline is synthesized under EU863–870 MHz settings, temporally shaped to resemble port-oriented operational cycles, and then transformed through controlled attack injection and descriptive statistical analysis. The implemented generator creates 20{,}000 baseline transmissions from 180 simulated devices over a 72 h observation horizon, after which replay and jamming scenarios are added and device-level metadata-risk scores are computed from cadence regularity and parameter predictability. In the executed dataset, replay injection generated 400 delayed duplicates and remained statistically close to non-replay traffic across spreading factor, payload size, RSSI, and SNR. By contrast, deterministic narrowband jamming produced a highly pronounced SNR shift while leaving the remaining radio features comparatively stable. Device-level metadata-risk scores were measurable but moderate, indicating that metadata exposure remains relevant but model-dependent. The study demonstrates that a digital-twin framework can support systematic cybersecurity experimentation for maritime LPWAN environments without requiring direct access to proprietary operational data. It also shows that replay, jamming, and metadata leakage should be treated not as isolated technical curiosities, but as interrelated operational security concerns that emerge from the interaction of protocol behavior, temporal structure, and radio-layer observability.
