Biblio

Internet of Things devices have spread to near ubiquity this decade. All around us now lies an invisible mesh of communication from devices embedded in seemingly everything. Inevitably some of that communication flying around our heads will contain data that must be protected or otherwise shielded from tampering. The responsibility to protect this sensitive information from malicious actors as it travels through the air then falls upon the standards used to communicate this data. Bluetooth Low Energy (BLE) is one of these standards, the aim of this paper is to put its security standards to test. By attempting to exploit its vulnerabilities we can see how secure this standard really is. In this paper, we present steps for analyzing the security of BLE devices using open-source hardware and software.

IoT devices introduce unprecedented threats into home and professional networks. As they fail to adhere to security best practices, they are broadly exploited by malicious actors to build botnets or steal sensitive information. Their adoption challenges established security standard as classic security measures are often inappropriate to secure them. This is even more problematic in sensitive environments where the presence of insecure IoTs can be exploited to bypass strict security policies. In this paper, we demonstrate an attack against a highly secured network using a Bluetooth smart bulb. This attack allows a malicious actor to take advantage of a smart bulb to exfiltrate data from an air gapped network.

IoT devices introduce unprecedented threats into home and professional networks. As they fail to adhere to security best practices, they are broadly exploited by malicious actors to build botnets or steal sensitive information. Their adoption challenges established security standard as classic security measures are often inappropriate to secure them. This is even more problematic in sensitive environments where the presence of insecure IoTs can be exploited to bypass strict security policies. In this paper, we demonstrate an attack against a highly secured network using a Bluetooth smart bulb. This attack allows a malicious actor to take advantage of a smart bulb to exfiltrate data from an air gapped network.

As the Internet of Things (IoT) continues to expand into every facet of our daily lives, security researchers have warned of its myriad security risks. While denial-of-service attacks and privacy violations have been at the forefront of research, covert channel communications remain an important concern. Utilizing a Bluetooth controlled light bulb, we demonstrate three separate covert channels, consisting of current utilization, luminosity and hue. To study the effectiveness of these channels, we implement exfiltration attacks using standard off-the-shelf smart bulbs and RGB LEDs at ranges of up to 160 feet. We analyze the identified channels for throughput, generality and stealthiness, and report transmission speeds of up to 832 bps.

Bluetooth Low Energy (BLE) beacons are an emerging type of technology in the Internet-of-Things (IoT) realm, which use BLE signals to broadcast a unique identifier that is detected by a compatible device to determine the location of nearby users. Beacons can be used to provide a tailored user experience with each encounter, yet can also constitute an invasion of privacy, due to their covertness and ability to track user behavior. Therefore, we hypothesize that user-driven privacy policy configuration is key to enabling effective and trustworthy privacy management during beacon encounters. We developed a framework for beacon privacy management that provides a policy configuration platform. Through an empirical analysis with 90 users, we evaluated this framework through a proof-of-concept app called Beacon Privacy Manager (BPM), which focused on the user experience of such a tool. Using BPM, we provided users with the ability to create privacy policies for beacons, testing different configuration schemes to refine the framework and then offer recommendations for future research.

The systematic integration of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) into the supply chain to increase operational efficiency and quality has also introduced new complexities to the threat landscape. The myriad of sensors could increase data collection capabilities for businesses to facilitate process automation aided by Artificial Intelligence (AI) but without adopting an appropriate Security-by-Design framework, threat detection and response are destined to fail. The emerging concept of Smart Workplace incorporates many CPS (e.g. Robots and Drones) to execute tasks alongside Employees both of which can be exploited as Insider Threats. We introduce and discuss forensic-readiness, liability attribution and the ability to track moving Smart SPS Objects to support modern Digital Forensics and Incident Response (DFIR) within a defence-in-depth strategy. We present a framework to facilitate the tracking of object behaviour within Smart Controlled Business Environments (SCBE) to support resilience by enabling proactive insider threat detection. Several components of the framework were piloted in a company to discuss a real-life case study and demonstrate anomaly detection and the emerging of behavioural patterns according to objects' movement with relation to their job role, workspace position and nearest entry or exit. The empirical data was collected from a Bluetooth-based Proximity Monitoring Solution. Furthermore, a key strength of the framework is a federated Blockchain (BC) model to achieve forensic-readiness by establishing a digital Chain-of-Custody (CoC) and a collaborative environment for CPS to qualify as Digital Witnesses (DW) to support post-incident investigations.

Wearables are now ubiquitous items equipped with a multitude of sensors such as GPS, accelerometer, or Bluetooth. The raw data from this sensors are typically used in a health context. However, we can also use it for security purposes. In this paper, we present a solution that aims at using data from the sensors of a wearable device to identify the password a user is typing on a keyboard by using machine learning algorithms. Hence, the purpose is to determine whether a malicious third party application could extract sensitive data through the raw data that it has access to.

We propose WristUnlock, a novel technique that uses a wrist wearable to unlock a smartphone in a secure and usable fashion. WristUnlock explores both the physical proximity and secure Bluetooth connection between the smartphone and wrist wearable. There are two modes in WristUnlock with different security and usability features. In the WristRaise mode, the user raises his smartphone in his natural way with the same arm carrying the wrist wearable; the smartphone gets unlocked if the acceleration data on the smartphone and wrist wearable satisfy an anticipated relationship specific to the user himself. In the WristTouch mode, the wrist wearable sends a random number to the smartphone through both the Bluetooth channel and a touch-based physical channel; the smartphone gets unlocked if the numbers received from both channels are equal. We thoroughly analyze the security of WristUnlock and confirm its high efficacy through detailed experiments.

In most produced modern vehicles, Passive Keyless Entry and Start System (PKES), a newer form of an entry access system, is becoming more and more popular. The PKES system allows the consumer to enter within a certain range and have the vehicle's doors unlock automatically without pressing any buttons on the key. This technology increases the overall convenience to the consumer; however, it is vulnerable to attacks known as relay and amplified relay attacks. A relay attack consists of placing a device near the vehicle and a device near the key to relay the signal between the key and the vehicle. On the other hand, an amplified relay attack uses only a singular amplifier to increase the range of the vehicle sensors to reach the key. By exploiting these two different vulnerabilities within the PKES system, an attacker can gain unauthorized access to the vehicle, leading to damage or even stolen property. To minimize both vulnerabilities, we propose a coordinate tracing system with an additional Bluetooth communication channel. The coordinate tracing system, or PKES Forcefield, traces the authorized key's longitude and latitude in real time using two proposed algorithms, known as the Key Bearing algorithm and the Longitude and Latitude Key (LLK) algorithm. To further add security, a Bluetooth communication channel will be implemented. With an additional channel established, a second frequency can be traced within a secondary PKES Forcefield. The LLK Algorithm computes both locations of frequencies and analyzes the results to form a pattern. Furthermore, the PKES Forcefield movement-tracing allows a vehicle to understand when an attacker attempts to transmit an unauthenticated signal and blocks any signal from being amplified over a fixed range.

Bluetooth Low Energy is a fast growing protocol which has gained wide acceptance during last years. Key features for this growth are its high data rate and its ultra low energy consumption, making it the perfect candidate for piconets. However, the lack of expandability without serious impact on its energy consumption profile, prevents its adoption on more complex systems which depend on long network lifetime. Thus, a lot of academic research has been focused on the solution of BLE expandability problem and BLE mesh has been introduced on the latest Bluetooth version. In our point of view, most of the related work cannot be efficiently implemented in networks which are mostly comprised of constrained-resource nodes. Thus, we propose a new energy efficient tree algorithm for BLE static constrained-resources networks, which achieves a longer network lifetime by both reducing as much as possible the number of needed connection events and balancing the energy dissipation in the network.

The Internet of Things (IoT) is changing the way we interact with everyday objects. "Smart" devices will reduce energy use, keep our homes safe, and improve our health. However, as recent attacks have shown, these devices also create tremendous security vulnerabilities in our computing networks. Securing all of these devices is a daunting task. In this paper, we argue that IoT device communications should be default-off and desired network communications must be explicitly enabled. Unlike traditional networked applications or devices like a web browser or PC, IoT applications and devices serve narrowly defined purposes and do not require access to all services in the network. Our proposal, Bark, a policy language and runtime for specifying and enforcing minimal access permissions in IoT networks, exploits this fact. Bark phrases access control policies in terms of natural questions (who, what, where, when, and how) and transforms them into transparently enforceable rules for IoT application protocols. Bark can express detailed rules such as "Let the lights see the luminosity of the bedroom sensor at any time" and "Let a device at my front door, if I approve it, unlock my smart lock for 30 seconds" in a way that is presentable and explainable to users. We implement Bark for Wi-Fi/IP and Bluetooth Low Energy (BLE) networks and evaluate its efficacy on several example applications and attacks.

Ever-driven by technological innovation, the Internet of Things (IoT) is continuing its exceptional evolution and growth into the common consumer space. In the wake of these developments, this paper proposes a framework for an IoT home security system that is secure, expandable, and accessible. Congruent with the ideals of the IoT, we are proposing a system utilizing an ultra-low-power wireless sensor network which would interface with a central hub via Bluetooth 4, commonly referred to as Bluetooth Low Energy (BLE), to monitor the home. Additionally, the system would interface with an Amazon Echo to accept user voice commands. The aforementioned central hub would also act as a web server and host an internet accessible configuration page from which users could monitor and customize their system. An internet-connected system would carry the capability to notify the users of system alarms via SMS or email. Finally, this proof of concept is intended to demonstrate expandability into other areas of home automation or building monitoring functions in general.

The proliferation of Bluetooth mobile device communications into all aspects of modern society raises security questions by both academicians and practitioners. This environment prompted an investigation into the real-world use of Bluetooth protocols along with an analysis of documented security attacks. The experiment discussed in this paper collected data for one week in a local coffee shop. The data collection took about an hour each day and identified 478 distinct devices. The contribution of this research is two-fold. First, it provides insight into real-world Bluetooth protocols that are being utilized by the general public. Second, it provides foundational research that is necessary for future Bluetooth penetration testing research.

Since its introduction in 2010, Bluetooth Low Energy (LE) has seen an abrupt adoption by top companies in the world. From smartphones, PCs, tablets, smartwatches to fitness bands; Bluetooth Low Energy is being implemented more and more on technological devices. Even though the Bluetooth Special Interest Group includes and strongly recommends implementations for security features in their standards for Bluetooth LE devices, recent studies show that many Bluetooth devices do not follow the recommendations. Even worse consumers are rarely informed about what security features are implemented by the products they use. The ultimate goal in this study is to provide a mechanism for users to inform them of the security features implemented in a Bluetooth LE connection that they have initiated. To this end, we developed an app for Android phones that extracts the security features of a Bluetooth LE connection using the btsnoop log stored on the phone. We have verified the correctness of our app using the Frontline BPA Low Energy Analyzer.

The security level is very important in Bluetooth, because the network or devices using secure communication, are susceptible to many attacks against the transmitted data received through eavesdropping. The cryptosystem designers needs to know the complexity of the designed Bluetooth E0. And what the advantages given by any development performed on any known Bluetooth E0Encryption method. The most important criteria can be used in evaluation method is considered as an important aspect. This paper introduce a proposed fuzzy logic technique to evaluate the complexity of Bluetooth E0Encryption system by choosing two parameters, which are entropy and correlation rate, as inputs to proposed fuzzy logic based Evaluator, which can be applied with MATLAB system.

Bluetooth is a popular wireless communication technology that is available on most mobile devices. Although Bluetooth includes security and privacy preserving mechanisms, we show that a Bluetooth harmless inherent request-response mechanism can taint users privacy. More specifically, we introduce a timing attack that can be triggered by a remote attacker in order to infer information about a Bluetooth device state. By observing the L2CAP layer ping mechanism timing variations, it is possible to detect device state changes, for instance when the device goes in or out of the locked state. Our experimental results show that change point detection analysis of the timing allows to detect device state changes with a high accuracy. Finally, we discuss applications and countermeasures.

Today an increasing number of consumer devices such as head phones, wearables, light bulbs and even baseball bats, are Bluetooth-enabled thanks to the widespread support of the technology by phone manufacturers and mobile operating system vendors. The ability for any device to seamlessly connect and exchange information with smartphones via Bluetooth Low Energy (BLE) protocol promises unlimited room for innovation. However, it also brings about new privacy challenges. We show that the BLE protocol together with the Bluetooth permission model implemented in the Android and iOS operating systems can be used for cross-app tracking unbeknownst to the individuals. Specifically, through experiments and analyses based on real-world smartphone data we show that by listening to advertising packets broadcasted by nearby BLE-enabled devices and recording information contained in them, app developers can derive fairly unique "fingerprints" for their users, which can be used for cross-app tracking, i.e., linking pseudonymous users of different apps to each other. We demonstrate that privacy protections put in place by the Bluetooth Special Interest Group, Google, and Apple are not sufficient to prevent such fingerprinting or to make cross-app tracking difficult to execute. Our main contribution is to demonstrate the feasibility of cross-app tracking using nearby BLE and raise awareness that changes are needed in order to prevent it from becoming widespread. We also propose mitigation strategies to decrease the feasibility of tracking using nearby BLE devices while preserving the utility of the BLE technology.

This paper presents work towards realizing architectural support for Bluetooth Trusted I/O on SGX-enabled platforms, with the goal of providing I/O data protection that does not rely on system software security. Indeed, we are primarily concerned with protecting I/O from all software adversaries, including privileged software. In this paper we describe the challenges in designing and implementing Trusted I/O at the architectural level for Bluetooth. We propose solutions to these challenges. In addition, we describe our proof-of-concept work that extends existing over-the-air Bluetooth security all the way to an SGX enclave by securing user data between the Bluetooth Controller and an SGX enclave.

Current BLE transmitters are susceptible to selective jamming due to long dwell times in a channel. To mitigate these attacks, we propose physical-layer security through an ultra-fast bit-level frequency-hopping (FH) scheme by exploiting the frequency agility of bulk acoustic wave resonators (BAW). Here we demonstrate the first integrated bit-level FH transmitter (TX) that hops at 1$μ$s period and uses data-driven random dynamic channel selection to enable secure wireless communications with additional data encryption. This system consists of a time-interleaved BAW-based TX implemented in 65nm CMOS technology with 80MHz coverage in the 2.4GHz ISM band and a measured power consumption of 10.9mW from 1.1V supply.

In this paper, we highlight and study the threat arising from the unattended wearable devices pre-paired with a smartphone over a wireless communication medium. Most users may not lock their wearables due to their small form factor, and may strip themselves off of these devices often, leaving or forgetting them unattended while away from homes (or shared office spaces). An “insider” attacker (potentially a disgruntled friend, roommate, colleague, or even a spouse) can therefore get hold of the wearable, take it near the user's phone (i.e., within radio communication range) at another location (e.g., user's office), and surreptitiously use it across physical barriers for various nefarious purposes, including pulling and learning sensitive information from the phone (such as messages, photos or emails), and pushing sensitive commands to the phone (such as making phone calls, sending text messages and taking pictures). The attacker can then safely restore the wearable, wait for it to be left unattended again and may repeat the process for maximum impact, while the victim remains completely oblivious to the ongoing attack activity. This malicious behavior is in sharp contrast to the threat of stolen wearables where the victim would unpair the wearable as soon as the theft is detected. Considering the severity of this threat, we also respond by building a defense based on audio proximity, which limits the wearable to interface with the phone only when it can pick up on an active audio challenge produced by the phone.

Because major smartphone platforms are equipped with Bluetooth Low Energy (BLE) capabilities, more and more smart devices have adopted BLE technologies to communicate with smartphones. In order to support the mesh topology in BLE networks, several proposals have been designed. Among them, the Bluetooth Special Interest Group (SIG) recently released a specification for Bluetooth mesh networks based upon BLE technology. This paper focuses on this standard solution and analyses its security protocol with hardware security in mind. As it is expected that internet of things (IoT) devices will be deployed everywhere, the risk of physical attacks must be assessed. First, we provide a comprehensive survey of the security features involved in Bluetooth mesh. Then, we introduce some physical attacks identified as serious threats for the IoT and discuss their relevance in the case of Bluetooth mesh networks. Finally, we briefly discuss possible countermeasures to reach a secure implementation.

Modern vehicles are opening up, with wireless interfaces such as Bluetooth integrated in order to enable comfort and safety features. Furthermore a plethora of aftermarket devices introduce additional connectivity which contributes to the driving experience. This connectivity opens the vehicle to potentially malicious attacks, which could have negative consequences with regards to safety. In this paper, we survey vehicles with Bluetooth connectivity from a threat intelligence perspective to gain insight into conditions during real world driving. We do this in two ways: firstly, by examining Bluetooth implementation in vehicles and gathering information from inside the cabin, and secondly, using war-nibbling (general monitoring and scanning for nearby devices). We find that as the vehicle age decreases, the security (relatively speaking) of the Bluetooth implementation increases, but that there is still some technological lag with regards to Bluetooth implementation in vehicles. We also find that a large proportion of vehicles and aftermarket devices still use legacy pairing (and are therefore more insecure), and that these vehicles remain visible for sufficient time to mount an attack (assuming some premeditation and preparation). We demonstrate a real-world threat scenario as an example of the latter. Finally, we provide some recommendations on how the security risks we discover could be mitigated.

We all are very much aware of IoT that is Internet of Things which is emerging technology in today's world. The new and advanced field of technology and inventions make use of IoT for better facility. The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. Our project is based on IoT and other supporting techniques which can bring out required output. Security issues are everywhere now-a-days which we are trying to deal with by our project. Our security throwbot (a throwable device) will be tossed into a room after activating it and it will capture 360 degree panaromic video from a single IP camera, by using two end connectivity that is, robot end and another is user end, will bring more features to this project. Shape of the robot will be shperical so that problem of retrieving back can be solved. Easy to use and cheap to buy is one of our goal which will be helpful to police and soldiers who get stuck in situations where they have to question oneself before entering to dangerous condition/room. Our project will help them to handle and verify any area before entering by just throwing this robot and getting the sufficient results.

In this paper, we present the design of Intelligent Security Lock prototype which acts as a smart electronic/digital door locking system. The design of lock device and software system including app is discussed. The paper presents idea to control the lock using mobile app via Bluetooth. The lock satisfies comprehensive security requirements using state of the art technologies. It provides strong authentication using face recognition on app. It stores records of all lock/unlock operations with date and time. It also provides intrusion detection notification and real time camera surveillance on app. Hence, the lock is a unique combination of various aforementioned security features providing absolute solution to problem of security.

We present an approach to tracking the behaviour of an attacker on a decoy system, where the decoy communicates with the real system only through low energy bluetooth. The result is a low-cost solution that does not interrupt the live system, while limiting potential damage. The attacker has no way to detect that they are being monitored, while their actions are being logged for further investigation. The system has been physically implemented using Raspberry PI and Arduino boards to replicate practical performance.