Visible to the public Biblio

Filters: Keyword is Bluetooth  [Clear All Filters]
2020-04-03
Bello-Ogunu, Emmanuel, Shehab, Mohamed, Miazi, Nazmus Sakib.  2019.  Privacy Is The Best Policy: A Framework for BLE Beacon Privacy Management. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 1:823—832.
Bluetooth Low Energy (BLE) beacons are an emerging type of technology in the Internet-of-Things (IoT) realm, which use BLE signals to broadcast a unique identifier that is detected by a compatible device to determine the location of nearby users. Beacons can be used to provide a tailored user experience with each encounter, yet can also constitute an invasion of privacy, due to their covertness and ability to track user behavior. Therefore, we hypothesize that user-driven privacy policy configuration is key to enabling effective and trustworthy privacy management during beacon encounters. We developed a framework for beacon privacy management that provides a policy configuration platform. Through an empirical analysis with 90 users, we evaluated this framework through a proof-of-concept app called Beacon Privacy Manager (BPM), which focused on the user experience of such a tool. Using BPM, we provided users with the ability to create privacy policies for beacons, testing different configuration schemes to refine the framework and then offer recommendations for future research.
2020-02-24
Ahmadi-Assalemi, Gabriela, al-Khateeb, Haider M., Epiphaniou, Gregory, Cosson, Jon, Jahankhani, Hamid, Pillai, Prashant.  2019.  Federated Blockchain-Based Tracking and Liability Attribution Framework for Employees and Cyber-Physical Objects in a Smart Workplace. 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3). :1–9.
The systematic integration of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) into the supply chain to increase operational efficiency and quality has also introduced new complexities to the threat landscape. The myriad of sensors could increase data collection capabilities for businesses to facilitate process automation aided by Artificial Intelligence (AI) but without adopting an appropriate Security-by-Design framework, threat detection and response are destined to fail. The emerging concept of Smart Workplace incorporates many CPS (e.g. Robots and Drones) to execute tasks alongside Employees both of which can be exploited as Insider Threats. We introduce and discuss forensic-readiness, liability attribution and the ability to track moving Smart SPS Objects to support modern Digital Forensics and Incident Response (DFIR) within a defence-in-depth strategy. We present a framework to facilitate the tracking of object behaviour within Smart Controlled Business Environments (SCBE) to support resilience by enabling proactive insider threat detection. Several components of the framework were piloted in a company to discuss a real-life case study and demonstrate anomaly detection and the emerging of behavioural patterns according to objects' movement with relation to their job role, workspace position and nearest entry or exit. The empirical data was collected from a Bluetooth-based Proximity Monitoring Solution. Furthermore, a key strength of the framework is a federated Blockchain (BC) model to achieve forensic-readiness by establishing a digital Chain-of-Custody (CoC) and a collaborative environment for CPS to qualify as Digital Witnesses (DW) to support post-incident investigations.
2020-02-17
Pandelea, Alexandru-Ionut, Chiroiu, Mihai-Daniel.  2019.  Password Guessing Using Machine Learning on Wearables. 2019 22nd International Conference on Control Systems and Computer Science (CSCS). :304–311.
Wearables are now ubiquitous items equipped with a multitude of sensors such as GPS, accelerometer, or Bluetooth. The raw data from this sensors are typically used in a health context. However, we can also use it for security purposes. In this paper, we present a solution that aims at using data from the sensors of a wearable device to identify the password a user is typing on a keyboard by using machine learning algorithms. Hence, the purpose is to determine whether a malicious third party application could extract sensitive data through the raw data that it has access to.
Zhang, Lili, Han, Dianqi, Li, Ang, Li, Tao, Zhang, Yan, Zhang, Yanchao.  2019.  WristUnlock: Secure and Usable Smartphone Unlocking with Wrist Wearables. 2019 IEEE Conference on Communications and Network Security (CNS). :28–36.
We propose WristUnlock, a novel technique that uses a wrist wearable to unlock a smartphone in a secure and usable fashion. WristUnlock explores both the physical proximity and secure Bluetooth connection between the smartphone and wrist wearable. There are two modes in WristUnlock with different security and usability features. In the WristRaise mode, the user raises his smartphone in his natural way with the same arm carrying the wrist wearable; the smartphone gets unlocked if the acceleration data on the smartphone and wrist wearable satisfy an anticipated relationship specific to the user himself. In the WristTouch mode, the wrist wearable sends a random number to the smartphone through both the Bluetooth channel and a touch-based physical channel; the smartphone gets unlocked if the numbers received from both channels are equal. We thoroughly analyze the security of WristUnlock and confirm its high efficacy through detailed experiments.
2020-02-10
Rizvi, Syed, Imler, Jarrett, Ritchey, Luke, Tokar, Michael.  2019.  Securing PKES against Relay Attacks using Coordinate Tracing and Multi-Factor Authentication. 2019 53rd Annual Conference on Information Sciences and Systems (CISS). :1–6.

In most produced modern vehicles, Passive Keyless Entry and Start System (PKES), a newer form of an entry access system, is becoming more and more popular. The PKES system allows the consumer to enter within a certain range and have the vehicle's doors unlock automatically without pressing any buttons on the key. This technology increases the overall convenience to the consumer; however, it is vulnerable to attacks known as relay and amplified relay attacks. A relay attack consists of placing a device near the vehicle and a device near the key to relay the signal between the key and the vehicle. On the other hand, an amplified relay attack uses only a singular amplifier to increase the range of the vehicle sensors to reach the key. By exploiting these two different vulnerabilities within the PKES system, an attacker can gain unauthorized access to the vehicle, leading to damage or even stolen property. To minimize both vulnerabilities, we propose a coordinate tracing system with an additional Bluetooth communication channel. The coordinate tracing system, or PKES Forcefield, traces the authorized key's longitude and latitude in real time using two proposed algorithms, known as the Key Bearing algorithm and the Longitude and Latitude Key (LLK) algorithm. To further add security, a Bluetooth communication channel will be implemented. With an additional channel established, a second frequency can be traced within a secondary PKES Forcefield. The LLK Algorithm computes both locations of frequencies and analyzes the results to form a pattern. Furthermore, the PKES Forcefield movement-tracing allows a vehicle to understand when an attacker attempts to transmit an unauthenticated signal and blocks any signal from being amplified over a fixed range.

2020-01-20
Bardoutsos, Andreas, Filios, Gabriel, Katsidimas, Ioannis, Nikoletseas, Sotiris.  2019.  Energy Efficient Algorithm for Multihop BLE Networks on Resource-Constrained Devices. 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). :400–407.

Bluetooth Low Energy is a fast growing protocol which has gained wide acceptance during last years. Key features for this growth are its high data rate and its ultra low energy consumption, making it the perfect candidate for piconets. However, the lack of expandability without serious impact on its energy consumption profile, prevents its adoption on more complex systems which depend on long network lifetime. Thus, a lot of academic research has been focused on the solution of BLE expandability problem and BLE mesh has been introduced on the latest Bluetooth version. In our point of view, most of the related work cannot be efficiently implemented in networks which are mostly comprised of constrained-resource nodes. Thus, we propose a new energy efficient tree algorithm for BLE static constrained-resources networks, which achieves a longer network lifetime by both reducing as much as possible the number of needed connection events and balancing the energy dissipation in the network.

2019-10-30
Hong, James, Levy, Amit, Riliskis, Laurynas, Levis, Philip.  2018.  Don't Talk Unless I Say So! Securing the Internet of Things with Default-Off Networking. 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI). :117-128.

The Internet of Things (IoT) is changing the way we interact with everyday objects. "Smart" devices will reduce energy use, keep our homes safe, and improve our health. However, as recent attacks have shown, these devices also create tremendous security vulnerabilities in our computing networks. Securing all of these devices is a daunting task. In this paper, we argue that IoT device communications should be default-off and desired network communications must be explicitly enabled. Unlike traditional networked applications or devices like a web browser or PC, IoT applications and devices serve narrowly defined purposes and do not require access to all services in the network. Our proposal, Bark, a policy language and runtime for specifying and enforcing minimal access permissions in IoT networks, exploits this fact. Bark phrases access control policies in terms of natural questions (who, what, where, when, and how) and transforms them into transparently enforceable rules for IoT application protocols. Bark can express detailed rules such as "Let the lights see the luminosity of the bedroom sensor at any time" and "Let a device at my front door, if I approve it, unlock my smart lock for 30 seconds" in a way that is presentable and explainable to users. We implement Bark for Wi-Fi/IP and Bluetooth Low Energy (BLE) networks and evaluate its efficacy on several example applications and attacks.

2019-08-05
Thapliyal, H., Ratajczak, N., Wendroth, O., Labrado, C..  2018.  Amazon Echo Enabled IoT Home Security System for Smart Home Environment. 2018 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS). :31–36.

Ever-driven by technological innovation, the Internet of Things (IoT) is continuing its exceptional evolution and growth into the common consumer space. In the wake of these developments, this paper proposes a framework for an IoT home security system that is secure, expandable, and accessible. Congruent with the ideals of the IoT, we are proposing a system utilizing an ultra-low-power wireless sensor network which would interface with a central hub via Bluetooth 4, commonly referred to as Bluetooth Low Energy (BLE), to monitor the home. Additionally, the system would interface with an Amazon Echo to accept user voice commands. The aforementioned central hub would also act as a web server and host an internet accessible configuration page from which users could monitor and customize their system. An internet-connected system would carry the capability to notify the users of system alarms via SMS or email. Finally, this proof of concept is intended to demonstrate expandability into other areas of home automation or building monitoring functions in general.

2019-04-01
Ledbetter, W., Glisson, W., McDonald, T., Andel, T., Grispos, G., Choo, K..  2018.  Digital Blues: An Investigation Into the Use of Bluetooth Protocols. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :498–503.
The proliferation of Bluetooth mobile device communications into all aspects of modern society raises security questions by both academicians and practitioners. This environment prompted an investigation into the real-world use of Bluetooth protocols along with an analysis of documented security attacks. The experiment discussed in this paper collected data for one week in a local coffee shop. The data collection took about an hour each day and identified 478 distinct devices. The contribution of this research is two-fold. First, it provides insight into real-world Bluetooth protocols that are being utilized by the general public. Second, it provides foundational research that is necessary for future Bluetooth penetration testing research.
Robles-Cordero, A. M., Zayas, W. J., Peker, Y. K..  2018.  Extracting the Security Features Implemented in a Bluetooth LE Connection. 2018 IEEE International Conference on Big Data (Big Data). :2559–2563.
Since its introduction in 2010, Bluetooth Low Energy (LE) has seen an abrupt adoption by top companies in the world. From smartphones, PCs, tablets, smartwatches to fitness bands; Bluetooth Low Energy is being implemented more and more on technological devices. Even though the Bluetooth Special Interest Group includes and strongly recommends implementations for security features in their standards for Bluetooth LE devices, recent studies show that many Bluetooth devices do not follow the recommendations. Even worse consumers are rarely informed about what security features are implemented by the products they use. The ultimate goal in this study is to provide a mechanism for users to inform them of the security features implemented in a Bluetooth LE connection that they have initiated. To this end, we developed an app for Android phones that extracts the security features of a Bluetooth LE connection using the btsnoop log stored on the phone. We have verified the correctness of our app using the Frontline BPA Low Energy Analyzer.
Alibadi, S. H., Sadkhan, S. B..  2018.  A Proposed Security Evaluation Method for Bluetooth E0Based on Fuzzy Logic. 2018 International Conference on Advanced Science and Engineering (ICOASE). :324–329.

The security level is very important in Bluetooth, because the network or devices using secure communication, are susceptible to many attacks against the transmitted data received through eavesdropping. The cryptosystem designers needs to know the complexity of the designed Bluetooth E0. And what the advantages given by any development performed on any known Bluetooth E0Encryption method. The most important criteria can be used in evaluation method is considered as an important aspect. This paper introduce a proposed fuzzy logic technique to evaluate the complexity of Bluetooth E0Encryption system by choosing two parameters, which are entropy and correlation rate, as inputs to proposed fuzzy logic based Evaluator, which can be applied with MATLAB system.

Celosia, Guillaume, Cunche, Mathieu.  2018.  Detecting Smartphone State Changes Through a Bluetooth Based Timing Attack. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :154–159.
Bluetooth is a popular wireless communication technology that is available on most mobile devices. Although Bluetooth includes security and privacy preserving mechanisms, we show that a Bluetooth harmless inherent request-response mechanism can taint users privacy. More specifically, we introduce a timing attack that can be triggered by a remote attacker in order to infer information about a Bluetooth device state. By observing the L2CAP layer ping mechanism timing variations, it is possible to detect device state changes, for instance when the device goes in or out of the locked state. Our experimental results show that change point detection analysis of the timing allows to detect device state changes with a high accuracy. Finally, we discuss applications and countermeasures.
Korolova, Aleksandra, Sharma, Vinod.  2018.  Cross-App Tracking via Nearby Bluetooth Low Energy Devices. Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. :43–52.
Today an increasing number of consumer devices such as head phones, wearables, light bulbs and even baseball bats, are Bluetooth-enabled thanks to the widespread support of the technology by phone manufacturers and mobile operating system vendors. The ability for any device to seamlessly connect and exchange information with smartphones via Bluetooth Low Energy (BLE) protocol promises unlimited room for innovation. However, it also brings about new privacy challenges. We show that the BLE protocol together with the Bluetooth permission model implemented in the Android and iOS operating systems can be used for cross-app tracking unbeknownst to the individuals. Specifically, through experiments and analyses based on real-world smartphone data we show that by listening to advertising packets broadcasted by nearby BLE-enabled devices and recording information contained in them, app developers can derive fairly unique "fingerprints" for their users, which can be used for cross-app tracking, i.e., linking pseudonymous users of different apps to each other. We demonstrate that privacy protections put in place by the Bluetooth Special Interest Group, Google, and Apple are not sufficient to prevent such fingerprinting or to make cross-app tracking difficult to execute. Our main contribution is to demonstrate the feasibility of cross-app tracking using nearby BLE and raise awareness that changes are needed in order to prevent it from becoming widespread. We also propose mitigation strategies to decrease the feasibility of tracking using nearby BLE devices while preserving the utility of the BLE technology.
Peters, Travis, Lal, Reshma, Varadarajan, Srikanth, Pappachan, Pradeep, Kotz, David.  2018.  BASTION-SGX: Bluetooth and Architectural Support for Trusted I/O on SGX. Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy. :3:1–3:9.
This paper presents work towards realizing architectural support for Bluetooth Trusted I/O on SGX-enabled platforms, with the goal of providing I/O data protection that does not rely on system software security. Indeed, we are primarily concerned with protecting I/O from all software adversaries, including privileged software. In this paper we describe the challenges in designing and implementing Trusted I/O at the architectural level for Bluetooth. We propose solutions to these challenges. In addition, we describe our proof-of-concept work that extends existing over-the-air Bluetooth security all the way to an SGX enclave by securing user data between the Bluetooth Controller and an SGX enclave.
2019-03-15
Yazicigil, R. T., Nadeau, P., Richman, D., Juvekar, C., Vaidya, K., Chandrakasan, A. P..  2018.  Ultra-Fast Bit-Level Frequency-Hopping Transmitter for Securing Low-Power Wireless Devices. 2018 IEEE Radio Frequency Integrated Circuits Symposium (RFIC). :176-179.

Current BLE transmitters are susceptible to selective jamming due to long dwell times in a channel. To mitigate these attacks, we propose physical-layer security through an ultra-fast bit-level frequency-hopping (FH) scheme by exploiting the frequency agility of bulk acoustic wave resonators (BAW). Here we demonstrate the first integrated bit-level FH transmitter (TX) that hops at 1$μ$s period and uses data-driven random dynamic channel selection to enable secure wireless communications with additional data encryption. This system consists of a time-interleaved BAW-based TX implemented in 65nm CMOS technology with 80MHz coverage in the 2.4GHz ISM band and a measured power consumption of 10.9mW from 1.1V supply.

2019-01-16
Shrestha, P., Shrestha, B., Saxena, N..  2018.  Home Alone: The Insider Threat of Unattended Wearables and A Defense using Audio Proximity. 2018 IEEE Conference on Communications and Network Security (CNS). :1–9.

In this paper, we highlight and study the threat arising from the unattended wearable devices pre-paired with a smartphone over a wireless communication medium. Most users may not lock their wearables due to their small form factor, and may strip themselves off of these devices often, leaving or forgetting them unattended while away from homes (or shared office spaces). An “insider” attacker (potentially a disgruntled friend, roommate, colleague, or even a spouse) can therefore get hold of the wearable, take it near the user's phone (i.e., within radio communication range) at another location (e.g., user's office), and surreptitiously use it across physical barriers for various nefarious purposes, including pulling and learning sensitive information from the phone (such as messages, photos or emails), and pushing sensitive commands to the phone (such as making phone calls, sending text messages and taking pictures). The attacker can then safely restore the wearable, wait for it to be left unattended again and may repeat the process for maximum impact, while the victim remains completely oblivious to the ongoing attack activity. This malicious behavior is in sharp contrast to the threat of stolen wearables where the victim would unpair the wearable as soon as the theft is detected. Considering the severity of this threat, we also respond by building a defense based on audio proximity, which limits the wearable to interface with the phone only when it can pick up on an active audio challenge produced by the phone.

Adomnicai, A., Fournier, J. J. A., Masson, L..  2018.  Hardware Security Threats Against Bluetooth Mesh Networks. 2018 IEEE Conference on Communications and Network Security (CNS). :1–9.
Because major smartphone platforms are equipped with Bluetooth Low Energy (BLE) capabilities, more and more smart devices have adopted BLE technologies to communicate with smartphones. In order to support the mesh topology in BLE networks, several proposals have been designed. Among them, the Bluetooth Special Interest Group (SIG) recently released a specification for Bluetooth mesh networks based upon BLE technology. This paper focuses on this standard solution and analyses its security protocol with hardware security in mind. As it is expected that internet of things (IoT) devices will be deployed everywhere, the risk of physical attacks must be assessed. First, we provide a comprehensive survey of the security features involved in Bluetooth mesh. Then, we introduce some physical attacks identified as serious threats for the IoT and discuss their relevance in the case of Bluetooth mesh networks. Finally, we briefly discuss possible countermeasures to reach a secure implementation.
2018-08-23
Cheah, M., Bryans, J., Fowler, D. S., Shaikh, S. A..  2017.  Threat Intelligence for Bluetooth-Enabled Systems with Automotive Applications: An Empirical Study. 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). :36–43.

Modern vehicles are opening up, with wireless interfaces such as Bluetooth integrated in order to enable comfort and safety features. Furthermore a plethora of aftermarket devices introduce additional connectivity which contributes to the driving experience. This connectivity opens the vehicle to potentially malicious attacks, which could have negative consequences with regards to safety. In this paper, we survey vehicles with Bluetooth connectivity from a threat intelligence perspective to gain insight into conditions during real world driving. We do this in two ways: firstly, by examining Bluetooth implementation in vehicles and gathering information from inside the cabin, and secondly, using war-nibbling (general monitoring and scanning for nearby devices). We find that as the vehicle age decreases, the security (relatively speaking) of the Bluetooth implementation increases, but that there is still some technological lag with regards to Bluetooth implementation in vehicles. We also find that a large proportion of vehicles and aftermarket devices still use legacy pairing (and are therefore more insecure), and that these vehicles remain visible for sufficient time to mount an attack (assuming some premeditation and preparation). We demonstrate a real-world threat scenario as an example of the latter. Finally, we provide some recommendations on how the security risks we discover could be mitigated.

Pandey, S. B., Rawat, M. D., Rathod, H. B., Chauhan, J. M..  2017.  Security throwbot. 2017 International Conference on Inventive Systems and Control (ICISC). :1–6.

We all are very much aware of IoT that is Internet of Things which is emerging technology in today's world. The new and advanced field of technology and inventions make use of IoT for better facility. The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. Our project is based on IoT and other supporting techniques which can bring out required output. Security issues are everywhere now-a-days which we are trying to deal with by our project. Our security throwbot (a throwable device) will be tossed into a room after activating it and it will capture 360 degree panaromic video from a single IP camera, by using two end connectivity that is, robot end and another is user end, will bring more features to this project. Shape of the robot will be shperical so that problem of retrieving back can be solved. Easy to use and cheap to buy is one of our goal which will be helpful to police and soldiers who get stuck in situations where they have to question oneself before entering to dangerous condition/room. Our project will help them to handle and verify any area before entering by just throwing this robot and getting the sufficient results.

Pandit, V., Majgaonkar, P., Meher, P., Sapaliga, S., Bojewar, S..  2017.  Intelligent security lock. 2017 International Conference on Trends in Electronics and Informatics (ICEI). :713–716.

In this paper, we present the design of Intelligent Security Lock prototype which acts as a smart electronic/digital door locking system. The design of lock device and software system including app is discussed. The paper presents idea to control the lock using mobile app via Bluetooth. The lock satisfies comprehensive security requirements using state of the art technologies. It provides strong authentication using face recognition on app. It stores records of all lock/unlock operations with date and time. It also provides intrusion detection notification and real time camera surveillance on app. Hence, the lock is a unique combination of various aforementioned security features providing absolute solution to problem of security.

Wong, K., Hunter, A..  2017.  Bluetooth for decoy systems: A practical study. 2017 IEEE Conference on Communications and Network Security (CNS). :86–387.

We present an approach to tracking the behaviour of an attacker on a decoy system, where the decoy communicates with the real system only through low energy bluetooth. The result is a low-cost solution that does not interrupt the live system, while limiting potential damage. The attacker has no way to detect that they are being monitored, while their actions are being logged for further investigation. The system has been physically implemented using Raspberry PI and Arduino boards to replicate practical performance.

Nallusamy, T., Ravi, R..  2017.  Node energy based virus propagation model for bluetooth. 2017 International Conference on Communication and Signal Processing (ICCSP). :1778–1780.

With the continuous development of mobile based Wireless technologies, Bluetooth plays a vital role in smart-phone Era. In such scenario, the security measures are needed to be enhanced for Bluetooth. We propose a Node Energy Based Virus Propagation Model (NBV) for Bluetooth. The algorithm works with key features of node capacity and node energy in Bluetooth network. This proposed NBV model works along with E-mail worm Propagation model. Finally, this work simulates and compares the virus propagation with respect to Node Energy and network traffic.

Prakash, Y. W., Biradar, V., Vincent, S., Martin, M., Jadhav, A..  2017.  Smart bluetooth low energy security system. 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). :2141–2146.

The need for security in today's world has become a mandatory issue to look after. With the increase in a number of thefts, it has become a necessity to implement a smart security system. Due to the high cost of the existing smart security systems which use conventional Bluetooth and other wireless technologies and their relatively high energy consumption, implementing a security system with low energy consumption at a low cost has become the need of the hour. The objective of the paper is to build a cost effective and low energy consumption security system using the Bluetooth Low Energy (BLE) technology. This system will help the user to monitor and manage the security of the house even when the user is outside the house with the help of webpage. This paper presents the design and implementation of a security system using PSoC 4 BLE which can automatically lock and unlock the door when the user in the vicinity and leaving the vicinity of the door respectively by establishing a wireless connection between the physical lock and the smartphone. The system also captures an image of a person arriving at the house and transmits it wirelessly to a webpage. The system also notifies the user of any intrusion by sending a message and the image of the intruder to the webpage. The user can also access the door remotely on the go from the website.

2018-04-02
Langone, M., Setola, R., Lopez, J..  2017.  Cybersecurity of Wearable Devices: An Experimental Analysis and a Vulnerability Assessment Method. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC). 2:304–309.

The widespread diffusion of the Internet of Things (IoT) is introducing a huge number of Internet-connected devices in our daily life. Mainly, wearable devices are going to have a large impact on our lifestyle, especially in a healthcare scenario. In this framework, it is fundamental to secure exchanged information between these devices. Among other factors, it is important to take into account the link between a wearable device and a smart unit (e.g., smartphone). This connection is generally obtained via specific wireless protocols such as Bluetooth Low Energy (BLE): the main topic of this work is to analyse the security of this communication link. In this paper we expose, via an experimental campaign, a methodology to perform a vulnerability assessment (VA) on wearable devices communicating with a smartphone. In this way, we identify several security issues in a set of commercial wearable devices.

Kolamunna, H., Chauhan, J., Hu, Y., Thilakarathna, K., Perino, D., Makaroff, D., Seneviratne, A..  2017.  Are Wearables Ready for HTTPS? On the Potential of Direct Secure Communication on Wearables 2017 IEEE 42nd Conference on Local Computer Networks (LCN). :321–329.

The majority of available wearable computing devices require communication with Internet servers for data analysis and storage, and rely on a paired smartphone to enable secure communication. However, many wearables are equipped with WiFi network interfaces, enabling direct communication with the Internet. Secure communication protocols could then run on these wearables themselves, yet it is not clear if they can be efficiently supported.,,,,In this paper, we show that wearables are ready for direct and secure Internet communication by means of experiments with both controlled local web servers and Internet servers. We observe that the overall energy consumption and communication delay can be reduced with direct Internet connection via WiFi from wearables compared to using smartphones as relays via Bluetooth. We also show that the additional HTTPS cost caused by TLS handshake and encryption is closely related to the number of parallel connections, and has the same relative impact on wearables and smartphones.