Visible to the public Biblio

Filters: Keyword is Bluetooth  [Clear All Filters]
2019-10-30
Hong, James, Levy, Amit, Riliskis, Laurynas, Levis, Philip.  2018.  Don't Talk Unless I Say So! Securing the Internet of Things with Default-Off Networking. 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI). :117-128.

The Internet of Things (IoT) is changing the way we interact with everyday objects. "Smart" devices will reduce energy use, keep our homes safe, and improve our health. However, as recent attacks have shown, these devices also create tremendous security vulnerabilities in our computing networks. Securing all of these devices is a daunting task. In this paper, we argue that IoT device communications should be default-off and desired network communications must be explicitly enabled. Unlike traditional networked applications or devices like a web browser or PC, IoT applications and devices serve narrowly defined purposes and do not require access to all services in the network. Our proposal, Bark, a policy language and runtime for specifying and enforcing minimal access permissions in IoT networks, exploits this fact. Bark phrases access control policies in terms of natural questions (who, what, where, when, and how) and transforms them into transparently enforceable rules for IoT application protocols. Bark can express detailed rules such as "Let the lights see the luminosity of the bedroom sensor at any time" and "Let a device at my front door, if I approve it, unlock my smart lock for 30 seconds" in a way that is presentable and explainable to users. We implement Bark for Wi-Fi/IP and Bluetooth Low Energy (BLE) networks and evaluate its efficacy on several example applications and attacks.

2019-08-05
Thapliyal, H., Ratajczak, N., Wendroth, O., Labrado, C..  2018.  Amazon Echo Enabled IoT Home Security System for Smart Home Environment. 2018 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS). :31–36.

Ever-driven by technological innovation, the Internet of Things (IoT) is continuing its exceptional evolution and growth into the common consumer space. In the wake of these developments, this paper proposes a framework for an IoT home security system that is secure, expandable, and accessible. Congruent with the ideals of the IoT, we are proposing a system utilizing an ultra-low-power wireless sensor network which would interface with a central hub via Bluetooth 4, commonly referred to as Bluetooth Low Energy (BLE), to monitor the home. Additionally, the system would interface with an Amazon Echo to accept user voice commands. The aforementioned central hub would also act as a web server and host an internet accessible configuration page from which users could monitor and customize their system. An internet-connected system would carry the capability to notify the users of system alarms via SMS or email. Finally, this proof of concept is intended to demonstrate expandability into other areas of home automation or building monitoring functions in general.

2019-04-01
Ledbetter, W., Glisson, W., McDonald, T., Andel, T., Grispos, G., Choo, K..  2018.  Digital Blues: An Investigation Into the Use of Bluetooth Protocols. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :498–503.
The proliferation of Bluetooth mobile device communications into all aspects of modern society raises security questions by both academicians and practitioners. This environment prompted an investigation into the real-world use of Bluetooth protocols along with an analysis of documented security attacks. The experiment discussed in this paper collected data for one week in a local coffee shop. The data collection took about an hour each day and identified 478 distinct devices. The contribution of this research is two-fold. First, it provides insight into real-world Bluetooth protocols that are being utilized by the general public. Second, it provides foundational research that is necessary for future Bluetooth penetration testing research.
Robles-Cordero, A. M., Zayas, W. J., Peker, Y. K..  2018.  Extracting the Security Features Implemented in a Bluetooth LE Connection. 2018 IEEE International Conference on Big Data (Big Data). :2559–2563.
Since its introduction in 2010, Bluetooth Low Energy (LE) has seen an abrupt adoption by top companies in the world. From smartphones, PCs, tablets, smartwatches to fitness bands; Bluetooth Low Energy is being implemented more and more on technological devices. Even though the Bluetooth Special Interest Group includes and strongly recommends implementations for security features in their standards for Bluetooth LE devices, recent studies show that many Bluetooth devices do not follow the recommendations. Even worse consumers are rarely informed about what security features are implemented by the products they use. The ultimate goal in this study is to provide a mechanism for users to inform them of the security features implemented in a Bluetooth LE connection that they have initiated. To this end, we developed an app for Android phones that extracts the security features of a Bluetooth LE connection using the btsnoop log stored on the phone. We have verified the correctness of our app using the Frontline BPA Low Energy Analyzer.
Alibadi, S. H., Sadkhan, S. B..  2018.  A Proposed Security Evaluation Method for Bluetooth E0Based on Fuzzy Logic. 2018 International Conference on Advanced Science and Engineering (ICOASE). :324–329.

The security level is very important in Bluetooth, because the network or devices using secure communication, are susceptible to many attacks against the transmitted data received through eavesdropping. The cryptosystem designers needs to know the complexity of the designed Bluetooth E0. And what the advantages given by any development performed on any known Bluetooth E0Encryption method. The most important criteria can be used in evaluation method is considered as an important aspect. This paper introduce a proposed fuzzy logic technique to evaluate the complexity of Bluetooth E0Encryption system by choosing two parameters, which are entropy and correlation rate, as inputs to proposed fuzzy logic based Evaluator, which can be applied with MATLAB system.

Celosia, Guillaume, Cunche, Mathieu.  2018.  Detecting Smartphone State Changes Through a Bluetooth Based Timing Attack. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :154–159.
Bluetooth is a popular wireless communication technology that is available on most mobile devices. Although Bluetooth includes security and privacy preserving mechanisms, we show that a Bluetooth harmless inherent request-response mechanism can taint users privacy. More specifically, we introduce a timing attack that can be triggered by a remote attacker in order to infer information about a Bluetooth device state. By observing the L2CAP layer ping mechanism timing variations, it is possible to detect device state changes, for instance when the device goes in or out of the locked state. Our experimental results show that change point detection analysis of the timing allows to detect device state changes with a high accuracy. Finally, we discuss applications and countermeasures.
Korolova, Aleksandra, Sharma, Vinod.  2018.  Cross-App Tracking via Nearby Bluetooth Low Energy Devices. Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. :43–52.
Today an increasing number of consumer devices such as head phones, wearables, light bulbs and even baseball bats, are Bluetooth-enabled thanks to the widespread support of the technology by phone manufacturers and mobile operating system vendors. The ability for any device to seamlessly connect and exchange information with smartphones via Bluetooth Low Energy (BLE) protocol promises unlimited room for innovation. However, it also brings about new privacy challenges. We show that the BLE protocol together with the Bluetooth permission model implemented in the Android and iOS operating systems can be used for cross-app tracking unbeknownst to the individuals. Specifically, through experiments and analyses based on real-world smartphone data we show that by listening to advertising packets broadcasted by nearby BLE-enabled devices and recording information contained in them, app developers can derive fairly unique "fingerprints" for their users, which can be used for cross-app tracking, i.e., linking pseudonymous users of different apps to each other. We demonstrate that privacy protections put in place by the Bluetooth Special Interest Group, Google, and Apple are not sufficient to prevent such fingerprinting or to make cross-app tracking difficult to execute. Our main contribution is to demonstrate the feasibility of cross-app tracking using nearby BLE and raise awareness that changes are needed in order to prevent it from becoming widespread. We also propose mitigation strategies to decrease the feasibility of tracking using nearby BLE devices while preserving the utility of the BLE technology.
Peters, Travis, Lal, Reshma, Varadarajan, Srikanth, Pappachan, Pradeep, Kotz, David.  2018.  BASTION-SGX: Bluetooth and Architectural Support for Trusted I/O on SGX. Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy. :3:1–3:9.
This paper presents work towards realizing architectural support for Bluetooth Trusted I/O on SGX-enabled platforms, with the goal of providing I/O data protection that does not rely on system software security. Indeed, we are primarily concerned with protecting I/O from all software adversaries, including privileged software. In this paper we describe the challenges in designing and implementing Trusted I/O at the architectural level for Bluetooth. We propose solutions to these challenges. In addition, we describe our proof-of-concept work that extends existing over-the-air Bluetooth security all the way to an SGX enclave by securing user data between the Bluetooth Controller and an SGX enclave.
2019-03-15
Yazicigil, R. T., Nadeau, P., Richman, D., Juvekar, C., Vaidya, K., Chandrakasan, A. P..  2018.  Ultra-Fast Bit-Level Frequency-Hopping Transmitter for Securing Low-Power Wireless Devices. 2018 IEEE Radio Frequency Integrated Circuits Symposium (RFIC). :176-179.

Current BLE transmitters are susceptible to selective jamming due to long dwell times in a channel. To mitigate these attacks, we propose physical-layer security through an ultra-fast bit-level frequency-hopping (FH) scheme by exploiting the frequency agility of bulk acoustic wave resonators (BAW). Here we demonstrate the first integrated bit-level FH transmitter (TX) that hops at 1$μ$s period and uses data-driven random dynamic channel selection to enable secure wireless communications with additional data encryption. This system consists of a time-interleaved BAW-based TX implemented in 65nm CMOS technology with 80MHz coverage in the 2.4GHz ISM band and a measured power consumption of 10.9mW from 1.1V supply.

2019-01-16
Shrestha, P., Shrestha, B., Saxena, N..  2018.  Home Alone: The Insider Threat of Unattended Wearables and A Defense using Audio Proximity. 2018 IEEE Conference on Communications and Network Security (CNS). :1–9.

In this paper, we highlight and study the threat arising from the unattended wearable devices pre-paired with a smartphone over a wireless communication medium. Most users may not lock their wearables due to their small form factor, and may strip themselves off of these devices often, leaving or forgetting them unattended while away from homes (or shared office spaces). An “insider” attacker (potentially a disgruntled friend, roommate, colleague, or even a spouse) can therefore get hold of the wearable, take it near the user's phone (i.e., within radio communication range) at another location (e.g., user's office), and surreptitiously use it across physical barriers for various nefarious purposes, including pulling and learning sensitive information from the phone (such as messages, photos or emails), and pushing sensitive commands to the phone (such as making phone calls, sending text messages and taking pictures). The attacker can then safely restore the wearable, wait for it to be left unattended again and may repeat the process for maximum impact, while the victim remains completely oblivious to the ongoing attack activity. This malicious behavior is in sharp contrast to the threat of stolen wearables where the victim would unpair the wearable as soon as the theft is detected. Considering the severity of this threat, we also respond by building a defense based on audio proximity, which limits the wearable to interface with the phone only when it can pick up on an active audio challenge produced by the phone.

Adomnicai, A., Fournier, J. J. A., Masson, L..  2018.  Hardware Security Threats Against Bluetooth Mesh Networks. 2018 IEEE Conference on Communications and Network Security (CNS). :1–9.
Because major smartphone platforms are equipped with Bluetooth Low Energy (BLE) capabilities, more and more smart devices have adopted BLE technologies to communicate with smartphones. In order to support the mesh topology in BLE networks, several proposals have been designed. Among them, the Bluetooth Special Interest Group (SIG) recently released a specification for Bluetooth mesh networks based upon BLE technology. This paper focuses on this standard solution and analyses its security protocol with hardware security in mind. As it is expected that internet of things (IoT) devices will be deployed everywhere, the risk of physical attacks must be assessed. First, we provide a comprehensive survey of the security features involved in Bluetooth mesh. Then, we introduce some physical attacks identified as serious threats for the IoT and discuss their relevance in the case of Bluetooth mesh networks. Finally, we briefly discuss possible countermeasures to reach a secure implementation.
2018-08-23
Cheah, M., Bryans, J., Fowler, D. S., Shaikh, S. A..  2017.  Threat Intelligence for Bluetooth-Enabled Systems with Automotive Applications: An Empirical Study. 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). :36–43.

Modern vehicles are opening up, with wireless interfaces such as Bluetooth integrated in order to enable comfort and safety features. Furthermore a plethora of aftermarket devices introduce additional connectivity which contributes to the driving experience. This connectivity opens the vehicle to potentially malicious attacks, which could have negative consequences with regards to safety. In this paper, we survey vehicles with Bluetooth connectivity from a threat intelligence perspective to gain insight into conditions during real world driving. We do this in two ways: firstly, by examining Bluetooth implementation in vehicles and gathering information from inside the cabin, and secondly, using war-nibbling (general monitoring and scanning for nearby devices). We find that as the vehicle age decreases, the security (relatively speaking) of the Bluetooth implementation increases, but that there is still some technological lag with regards to Bluetooth implementation in vehicles. We also find that a large proportion of vehicles and aftermarket devices still use legacy pairing (and are therefore more insecure), and that these vehicles remain visible for sufficient time to mount an attack (assuming some premeditation and preparation). We demonstrate a real-world threat scenario as an example of the latter. Finally, we provide some recommendations on how the security risks we discover could be mitigated.

Pandey, S. B., Rawat, M. D., Rathod, H. B., Chauhan, J. M..  2017.  Security throwbot. 2017 International Conference on Inventive Systems and Control (ICISC). :1–6.

We all are very much aware of IoT that is Internet of Things which is emerging technology in today's world. The new and advanced field of technology and inventions make use of IoT for better facility. The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. Our project is based on IoT and other supporting techniques which can bring out required output. Security issues are everywhere now-a-days which we are trying to deal with by our project. Our security throwbot (a throwable device) will be tossed into a room after activating it and it will capture 360 degree panaromic video from a single IP camera, by using two end connectivity that is, robot end and another is user end, will bring more features to this project. Shape of the robot will be shperical so that problem of retrieving back can be solved. Easy to use and cheap to buy is one of our goal which will be helpful to police and soldiers who get stuck in situations where they have to question oneself before entering to dangerous condition/room. Our project will help them to handle and verify any area before entering by just throwing this robot and getting the sufficient results.

Pandit, V., Majgaonkar, P., Meher, P., Sapaliga, S., Bojewar, S..  2017.  Intelligent security lock. 2017 International Conference on Trends in Electronics and Informatics (ICEI). :713–716.

In this paper, we present the design of Intelligent Security Lock prototype which acts as a smart electronic/digital door locking system. The design of lock device and software system including app is discussed. The paper presents idea to control the lock using mobile app via Bluetooth. The lock satisfies comprehensive security requirements using state of the art technologies. It provides strong authentication using face recognition on app. It stores records of all lock/unlock operations with date and time. It also provides intrusion detection notification and real time camera surveillance on app. Hence, the lock is a unique combination of various aforementioned security features providing absolute solution to problem of security.

Wong, K., Hunter, A..  2017.  Bluetooth for decoy systems: A practical study. 2017 IEEE Conference on Communications and Network Security (CNS). :86–387.

We present an approach to tracking the behaviour of an attacker on a decoy system, where the decoy communicates with the real system only through low energy bluetooth. The result is a low-cost solution that does not interrupt the live system, while limiting potential damage. The attacker has no way to detect that they are being monitored, while their actions are being logged for further investigation. The system has been physically implemented using Raspberry PI and Arduino boards to replicate practical performance.

Nallusamy, T., Ravi, R..  2017.  Node energy based virus propagation model for bluetooth. 2017 International Conference on Communication and Signal Processing (ICCSP). :1778–1780.

With the continuous development of mobile based Wireless technologies, Bluetooth plays a vital role in smart-phone Era. In such scenario, the security measures are needed to be enhanced for Bluetooth. We propose a Node Energy Based Virus Propagation Model (NBV) for Bluetooth. The algorithm works with key features of node capacity and node energy in Bluetooth network. This proposed NBV model works along with E-mail worm Propagation model. Finally, this work simulates and compares the virus propagation with respect to Node Energy and network traffic.

Prakash, Y. W., Biradar, V., Vincent, S., Martin, M., Jadhav, A..  2017.  Smart bluetooth low energy security system. 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). :2141–2146.

The need for security in today's world has become a mandatory issue to look after. With the increase in a number of thefts, it has become a necessity to implement a smart security system. Due to the high cost of the existing smart security systems which use conventional Bluetooth and other wireless technologies and their relatively high energy consumption, implementing a security system with low energy consumption at a low cost has become the need of the hour. The objective of the paper is to build a cost effective and low energy consumption security system using the Bluetooth Low Energy (BLE) technology. This system will help the user to monitor and manage the security of the house even when the user is outside the house with the help of webpage. This paper presents the design and implementation of a security system using PSoC 4 BLE which can automatically lock and unlock the door when the user in the vicinity and leaving the vicinity of the door respectively by establishing a wireless connection between the physical lock and the smartphone. The system also captures an image of a person arriving at the house and transmits it wirelessly to a webpage. The system also notifies the user of any intrusion by sending a message and the image of the intruder to the webpage. The user can also access the door remotely on the go from the website.

2018-04-02
Langone, M., Setola, R., Lopez, J..  2017.  Cybersecurity of Wearable Devices: An Experimental Analysis and a Vulnerability Assessment Method. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC). 2:304–309.

The widespread diffusion of the Internet of Things (IoT) is introducing a huge number of Internet-connected devices in our daily life. Mainly, wearable devices are going to have a large impact on our lifestyle, especially in a healthcare scenario. In this framework, it is fundamental to secure exchanged information between these devices. Among other factors, it is important to take into account the link between a wearable device and a smart unit (e.g., smartphone). This connection is generally obtained via specific wireless protocols such as Bluetooth Low Energy (BLE): the main topic of this work is to analyse the security of this communication link. In this paper we expose, via an experimental campaign, a methodology to perform a vulnerability assessment (VA) on wearable devices communicating with a smartphone. In this way, we identify several security issues in a set of commercial wearable devices.

Kolamunna, H., Chauhan, J., Hu, Y., Thilakarathna, K., Perino, D., Makaroff, D., Seneviratne, A..  2017.  Are Wearables Ready for HTTPS? On the Potential of Direct Secure Communication on Wearables 2017 IEEE 42nd Conference on Local Computer Networks (LCN). :321–329.

The majority of available wearable computing devices require communication with Internet servers for data analysis and storage, and rely on a paired smartphone to enable secure communication. However, many wearables are equipped with WiFi network interfaces, enabling direct communication with the Internet. Secure communication protocols could then run on these wearables themselves, yet it is not clear if they can be efficiently supported.,,,,In this paper, we show that wearables are ready for direct and secure Internet communication by means of experiments with both controlled local web servers and Internet servers. We observe that the overall energy consumption and communication delay can be reduced with direct Internet connection via WiFi from wearables compared to using smartphones as relays via Bluetooth. We also show that the additional HTTPS cost caused by TLS handshake and encryption is closely related to the number of parallel connections, and has the same relative impact on wearables and smartphones.

Zhang, Q., Liang, Z..  2017.  Security Analysis of Bluetooth Low Energy Based Smart Wristbands. 2017 2nd International Conference on Frontiers of Sensors Technologies (ICFST). :421–425.

Wearable devices are being more popular in our daily life. Especially, smart wristbands are booming in the market recently, which can be used to monitor health status, track fitness data, or even do medical tests, etc. For this reason, smart wristbands can obtain a lot of personal data. Hence, users and manufacturers should pay more attention to the security aspects of smart wristbands. However, we have found that some Bluetooth Low Energy based smart wristbands have very weak or even no security protection mechanism, therefore, they are vulnerable to replay attacks, man-in-the-middle attacks, brute-force attacks, Denial of Service (DoS) attacks, etc. We have investigated four different popular smart wristbands and a smart watch. Among them, only the smart watch is protected by some security mechanisms while the other four smart wristbands are not protected. In our experiments, we have also figured out all the message formats of the controlling commands of these smart wristbands and developed an Android software application as a testing tool. Powered by the resolved command formats, this tool can directly control these wristbands, and any other wristbands of these four models, without using the official supporting applications.

2018-02-15
Ramatsakane, K. I., Leung, W. S..  2017.  Pick location security: Seamless integrated multi-factor authentication. 2017 IST-Africa Week Conference (IST-Africa). :1–10.
Authentication is one of the key aspects of securing applications and systems alike. While in most existing systems this is achieved using usernames and passwords it has been continuously shown that this authentication method is not secure. Studies that have been conducted have shown that these systems have vulnerabilities which lead to cases of impersonation and identity theft thus there is need to improve such systems to protect sensitive data. In this research, we explore the combination of the user's location together with traditional usernames and passwords as a multi factor authentication system to make authentication more secure. The idea involves comparing a user's mobile device location with that of the browser and comparing the device's Bluetooth key with the key used during registration. We believe by leveraging existing technologies such as Bluetooth and GPS we can reduce implementation costs whilst improving security.
2018-02-02
Hossain, M., Hasan, R., Zawoad, S..  2017.  Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of Vehicles (IoV). 2017 IEEE International Congress on Internet of Things (ICIOT). :25–32.

The Internet of Vehicles (IoV) is a complex and dynamic mobile network system that enables information sharing between vehicles, their surrounding sensors, and clouds. While IoV opens new opportunities in various applications and services to provide safety on the road, it introduces new challenges in the field of digital forensics investigations. The existing tools and procedures of digital forensics cannot meet the highly distributed, decentralized, dynamic, and mobile infrastructures of the IoV. Forensic investigators will face challenges while identifying necessary pieces of evidence from the IoV environment, and collecting and analyzing the evidence. In this article, we propose TrustIoV - a digital forensic framework for the IoV systems that provides mechanisms to collect and store trustworthy evidence from the distributed infrastructure. Trust-IoV maintains a secure provenance of the evidence to ensure the integrity of the stored evidence and allows investigators to verify the integrity of the evidence during an investigation. Our experimental results on a simulated environment suggest that Trust-IoV can operate with minimal overhead while ensuring the trustworthiness of evidence in a strong adversarial scenario.

2017-09-19
Zúquete, André.  2016.  Exploitation of Dual Channel Transmissions to Increase Security and Reliability in Classic Bluetooth Piconets. Proceedings of the 12th ACM Symposium on QoS and Security for Wireless and Mobile Networks. :55–60.

In this paper we discuss several improvements to the security and reliability of a classic Bluetooth network (piconet) that can arise from the fact of being able to transmit the same frame with two frequencies on each slot, instead of the actual standard, that uses only one frequency. Furthermore, we build upon this possibility and we show that piconet participants can explore many strategies to increase the security of their communications by confounding eavesdroppers, such as multiple hopping sequences, random selection of a hopping sequence on each transmission slot and variable frame encryption per hopping sequence. Finally, all this can be decided independently by any piconet participant without having to agree in real time on some type of service with other participants of the same piconet.

2017-05-17
Bhattacharya, Debasis, Canul, Mario, Knight, Saxon.  2016.  Impact of the Physical Web and BLE Beacons. Proceedings of the 5th Annual Conference on Research in Information Technology. :53–53.

The Physical Web is a project announced by Google's Chrome team that essentially provides a framework to discover "smart" physical objects (e.g. vending machines, classroom, conference room, cafeteria etc.) and interact with specific, contextual content without having to resort to downloading a specific app. A common app such as the open source and freely available Physical Web app on the Google Play Store or the BKON Browser on the Apple App Store, can access nearby beacons. A current work-in-progress at the University of Maui College is developing a campus-wide prototype of beacon technology using Eddystone-URL and EID protocol from various beacon vendors.

2017-03-13
Kamoona, M., El-Sharkawy, M..  Submitted.  FlexiWi-Fi Security Manager Using Freescale Embedded System. 2015 2nd International Conference on Information Science and Security (ICISS). :1–4.

Among the current Wi-Fi two security models (Enterprise and Personal), while the Enterprise model (802.1X) offers an effective framework for authenticating and controlling the user traffic to a protected network, the Personal model (802.11) offers the cheapest and the easiest to setup solution. However, the drawback of the personal model implementation is that all access points and client radio NIC on the wireless LAN should use the same encryption key. A major underlying problem of the 802.11 standard is that the pre-shared keys are cumbersome to change. So if those keys are not updated frequently, unauthorized users with some resources and within a short timeframe can crack the key and breach the network security. The purpose of this paper is to propose and implement an effective method for the system administrator to manage the users connected to a router, update the keys and further distribute them for the trusted clients using the Freescale embedded system, Infrared and Bluetooth modules.