Dennis Heinze,Jiska Classen,Felix Rohrbach

DOI: https://doi.org/10.1145/3395351.3399343

2020-05-15

Abstract:Device pairing in large Internet of Things (IoT) deployments is a challenge for device manufacturers and users. Bluetooth offers a comparably smooth trust on first use pairing experience. Bluetooth, though, is well-known for security flaws in the pairing process. In this paper, we analyze how Apple improves the security of Bluetooth pairing while still maintaining its usability and specification compliance. The proprietary protocol that resides on top of Bluetooth is called MagicPairing. It enables the user to pair a device once with Apple's ecosystem and then seamlessly use it with all their other Apple devices. We analyze both, the security properties provided by this protocol, as well as its implementations. In general, MagicPairing could be adapted by other IoT vendors to improve Bluetooth security. Even though the overall protocol is well-designed, we identified multiple vulnerabilities within Apple's implementations with over-the-air and in-process fuzzing.

Cryptography and Security,Networking and Internet Architecture

Mingrui Ai,Kaiping Xue,Bo Luo,Lutong Chen,Nenghai Yu,Qibin Sun,Feng Wu

DOI: https://doi.org/10.1145/3548606.3560668

2022-01-01

Abstract:ABSTRACTBluetooth is a short-range wireless communication technology widely used by billions of personal computing, IoT, peripheral, and wearable devices. Bluetooth devices exchange commands and data, such as keyboard/mouse inputs, audio, and files, through a secure communication channel that is established through a pairing process. Due to the sensitivity of those commands and data, security mechanisms, such as encryption, authentication, and authorization, have been developed and adopted in the standards. Nevertheless, vulnerabilities continue to be discovered. In the literature, few successful attacks against the Bluetooth connection establishment stage have been reported. Many attacks simply assume that connections are already established or use a compromised agent, e.g, a malicious app or a careless user, to initialize the connection. We argue that such assumptions are strong and impractical. A stealthily established connection is a critical starting point for any practical attack against Bluetooth devices. In this paper, we demonstrate that the Bluetooth Specification contains a series of vulnerabilities that will enable an attacker to impersonate a Bluetooth device and successfully establish a connection with a victim device. The entire process does not require any involvement of the device owner/user or any malicious app on the victim device. The attacker could further escalate permissions by switching Bluetooth profiles to retrieve sensitive information from the victim device and inject arbitrary commands. We name our new attack as the Blacktooth Attack. To demonstrate the effectiveness and practicality of the Blacktooth attack, we evaluate it against 21 different Bluetooth devices with diverse manufacturers and operating systems, and all major Bluetooth versions. We show that the newly proposed attack is successful on all victim devices.

Xiaoyu Ji,Chaohao Li,Xinyan Zhou,Juchuan Zhang,Yanmiao Zhang,Wenyuan Xu

DOI: https://doi.org/10.1145/3399432

2020-01-01

ACM Transactions on Internet of Things

Abstract:Nowadays, most Internet of Things devices in smart homes rely on radio frequency channels for communication, making them exposed to various attacks such as spoofing and eavesdropping attacks. Existing methods using encryption keys may be inapplicable on these resource-constrained devices that cannot afford the computationally expensive encryption operations. Thus, in this article, we design a key-free communication method for such devices in a smart home. In particular, we introduce the Home-limited Channel (HLC) that can be accessed only within a house yet inaccessible for outside-house attackers. Utilizing HLCs, we propose HlcAuth, a challenge-response mechanism to authenticate the communications between smart devices without keys. The advantages of HlcAuth are low cost, lightweight as well as key-free, and requiring no human intervention. According to the security analysis, HlcAuth can defeat replay attacks, message-forgery attacks, and man-in-the-middle (MiTM) attacks, among others. We further evaluate HlcAuth in four different physical scenarios, and results show that HlcAuth achieves 100% true positive rate (TPR) within 4.2m for in-house devices while 0% false positive rate (FPR) for outside attackers, i.e., guaranteeing a high-level usability and security for in-house communications. Finally, we implement HlcAuth in both single-room and multi-room scenarios.

Yue Zhang,Jian Weng,Rajib Dey,Yier Jin,Zhiqiang Lin,Xinwen Fu

DOI: https://doi.org/10.48550/arXiv.1908.10497

2019-09-11

Abstract:To defeat security threats such as man-in-the-middle (MITM) attacks, Bluetooth Low Energy (BLE) 4.2 and 5.x introduce the Secure Connections Only mode, under which a BLE device accepts only secure paring protocols including Passkey Entry and Numeric Comparison from an initiator, e.g., an Android mobile. However, the BLE specification does not explicitly require the Secure Connection Only mode of the initiator. Taking the Android's BLE programming framework for example, we found that it cannot enforce secure pairing, invalidating the security protection provided by the Secure Connection Only mode. The same problem applies to Apple iOS too. Specifically, we examine the life cycle of a BLE pairing process in Android and identify four severe design flaws. These design flaws can be exploited by attackers to perform downgrading attacks, forcing the BLE pairing protocols to run in the insecure mode without the users' awareness. To validate our findings, we selected and tested 18 popular BLE commercial products and our experimental results proved that downgrading attacks and MITM attacks were all possible to these products. All 3501 BLE apps from Androzoo are also subject to these attacks. For defense, we have designed and implemented a prototype of the Secure Connection Only mode on Android 8 through the Android Open Source Project (AOSP). We have reported the identified BLE pairing vulnerabilities to Bluetooth Special Interest Group (SIG), Google, Apple, Texas Instruments (TI) and all of them are actively addressing this issue. Google rated the reported security flaw a High Severity.

Cryptography and Security

Athanasios Kalogiratos,Ioanna Kantzavelou

DOI: https://doi.org/10.48550/arXiv.2211.06451

2022-11-11

Cryptography and Security

Abstract:Bluetooth is a communication technology used to wirelessly exchange data between devices. In the last few years there have been found a great number of security vulnerabilities, and adversaries are taking advantage of them causing harm and significant loss. Numerous system security updates have been approved and installed in order to sort out security holes and bugs, and prevent attacks that could expose personal or other valuable information. But those updates are not sufficient and appropriate and new bugs keep showing up. In Bluetooth technology, pairing is identified as the step where most bugs are found and most attacks target this particular process part of Bluetooth. A new technology that has been proved bulletproof when it comes to security and the exchange of sensitive information is Blockchain. Blockchain technology is promising to be incorporated well in a network of smart devices, and secure an Internet of Things (IoT), where Bluetooth technology is being extensively used. This work presents a vulnerability discovered in Bluetooth pairing process, and proposes a Blockchain solution approach to secure pairing and mitigate this vulnerability. The paper first introduces the Bluetooth technology and delves into how Blockchain technology can be a solution to certain security problems. Then a solution approach shows how Blockchain can be integrated and implemented to ensure the required level of security. Certain attack incidents on Bluetooth vulnerable points are examined and discussion and conclusions give the extension of the security related problems.

Daniele Antonioli,Nils Ole Tippenhauer,Kasper Rasmussen,Mathias Payer

DOI: https://doi.org/10.48550/arXiv.2009.11776

2021-11-08

Abstract:The Bluetooth standard specifies two transports: Bluetooth Classic (BT) for high-throughput wireless services and Bluetooth Low Energy (BLE) for very low-power scenarios. BT and BLE have dedicated pairing protocols and devices have to pair over BT and BLE to use both securely. In 2014, the Bluetooth standard (v4.2) addressed this usability issue by introducing Cross-Transport Key Derivation (CTKD). CTKD allows establishing BT and BLE pairing keys just by pairing over one of the two transports. While CTKD crosses the security boundary between BT and BLE, little is known about the internals of CTKD and its security implications. In this work, we present the first complete description of CTKD obtained by merging the scattered information from the Bluetooth standard with the results from our reverse-engineering experiments. Then, we perform a security evaluation of CTKD and uncover four cross-transport issues in its specification. We leverage these issues to design four standard-compliant attacks on CTKD enabling new ways to exploit Bluetooth (e.g., exploiting BT and BLE by targeting only one of the two). Our attacks work even if the strongest security mechanism for BT and BLE are in place, including Numeric Comparison and Secure Connections. They allow to impersonate, man-in-the-middle, and establish unintended sessions with arbitrary devices. We refer to our attacks as BLUR attacks, as they blur the security boundary between BT and BLE. We provide a low-cost implementation of the BLUR attacks and we successfully evaluate them on 14 devices with 16 unique Bluetooth chips from popular vendors. We discuss the attacks' root causes and present effective countermeasures to fix them. We disclosed our findings and countermeasures to the Bluetooth SIG in May 2020 (CVE-2020-15802), and we reported additional unmitigated issues in May 2021.

Cryptography and Security

K. Saravanan,L. Vijayanand,R. K. Negesh

DOI: https://doi.org/10.48550/arXiv.1203.4649

2012-03-21

Cryptography and Security

Abstract:As an interconnection technology, Bluetooth has to address all traditional security problems, well known from the distributed networks. Moreover, as Bluetooth networks are formed by the radio links, there are also additional security aspects whose impact is yet not well understood. In this paper, we propose a novel Man-In-The-Middle (MITM) attack against Bluetooth enabled mobile phone that support Simple Secure Pairing(SSP). From the literature it was proved that the SSP association models such as Numeric comparison, Just works and passkey Entry are not more secure. Here we propose the Out Of Band (OOB) channeling with enhanced security than the previous methods.

Mingrui Ai,Kaiping Xue,Bo Luo,Lutong Chen,Nenghai Yu,Qibin Sun,Feng Wu

DOI: https://doi.org/10.1145/3548606.3560668

2022-01-01

Abstract:Bluetooth is a short-range wireless communication technology widely used by billions of personal computing, IoT, peripheral, and wearable devices. Bluetooth devices exchange commands and data, such as keyboard/mouse inputs, audio, and files, through a secure communication channel that is established through a pairing process. Due to the sensitivity of those commands and data, security mechanisms, such as encryption, authentication, and authorization, have been developed and adopted in the standards. Nevertheless, vulnerabilities continue to be discovered.

Jiska Classen,Matthias Hollick

DOI: https://doi.org/10.1145/3317549.3319727

2019-05-02

Abstract:Bluetooth is among the dominant standards for wireless short-range communication with multi-billion Bluetooth devices shipped each year. Basic Bluetooth analysis inside consumer hardware such as smartphones can be accomplished observing the Host Controller Interface (HCI) between the operating system's driver and the Bluetooth chip. However, the HCI does not provide insights to tasks running inside a Bluetooth chip or Link Layer (LL) packets exchanged over the air. As of today, consumer hardware internal behavior can only be observed with external, and often expensive tools, that need to be present during initial device pairing. In this paper, we leverage standard smartphones for on-device Bluetooth analysis and reverse engineer a diagnostic protocol that resides inside Broadcom chips. Diagnostic features include sniffing lower layers such as LL for Classic Bluetooth and Bluetooth Low Energy (BLE), transmission and reception statistics, test mode, and memory peek and poke.

Networking and Internet Architecture

Xiaolong Bai,Luyi Xing,Nan Zhang,XiaoFeng Wang,Xiaojing Liao,Tongxin Li,Shi-Min Hu

DOI: https://doi.org/10.1109/SP.2016.45

2016-01-01

Abstract:With the popularity of today's usability-oriented designs, dubbed Zero Configuration or ZeroConf, unclear are the security implications of these automatic service discovery, "plug-and-play" techniques. In this paper, we report the first systematic study on this issue, focusing on the security features of the systems related to Apple, the major proponent of ZeroConf techniques. Our research brings to light a disturbing lack of security consideration in these systems' designs: major ZeroConf frameworks on the Apple platforms, including the Core Bluetooth Framework, Multipeer Connectivity and Bonjour, are mostly unprotected and popular apps and system services, such as Tencent QQ, Apple Handoff, printer discovery and AirDrop, turn out to be completely vulnerable to an impersonation or Man-in-the-Middle (MitM) attack, even though attempts have been made to protect them against such threats. The consequences are serious, allowing a malicious device to steal the user's SMS messages, email notifications, documents to be printed out or transferred to another device. Most importantly, our study highlights the fundamental security challenges underlying ZeroConf techniques: in the absence of any pre-configured secret across different devices, authentication has to rely on Apple-issued public-key certificate, which however cannot be properly verified due to the difficulty in finding a unique, nonsensitive and widely known identity of a human user to bind her to her certificate. To address this issue, we developed a suite of new techniques, including a conflict detection approach and a biometric technique that enables the user to speak out her certificate through 6 distinct, rare but pronounceable words to let those who know her voice verify her certificate. We performed a security analysis on the new protection and evaluated its usability and effectiveness using two user studies involving 60 participants. Our research shows that the new protection fits well with the existing ZeroConf systems such as AirDrop. It is well received by users and also providing effective defense even against recently proposed speech synthesis attacks.

Yan Michalevsky,Suman Nath,Jie Liu

DOI: https://doi.org/10.1145/2973750.2973778

2016-01-01

Abstract:We present new applications for cryptographic secret handshakes between mobile devices on top of Bluetooth Low Energy (LE). Secret handshakes enable mutual authentication, with the property that the parties learn nothing about each other unless they have been both issued credentials by a group administrator. This property provides strong privacy guarantees that enable interesting applications. One of them is proximity-based discovery for private communities. We introduce MASHaBLE, a mobile application that enables participants to discover and interact with nearby users if and only if they belong to the same secret community. We use direct peer-to-peer communication over Bluetooth LE, rather than relying on a central server. We discuss the specifics of implementing secret handshakes over Bluetooth LE and present our prototype implementation.

chen kai,xu haiming,xu zhen,lin dongdai,liu yong

DOI: https://doi.org/10.3969/j.issn.0372-2112.2016.08.005

2016-01-01

Abstract:Bluetooth lowenergy( BLE) is designed for the devices with computational and power limitations. But it has been confirmed that Secure Simple Pairing( SSP) is vulnerable to the MITMattack. We identify the root causes of the problem : the pairing messages being tampered,and the vulnerability of the JW model. In this paper,we propose two hashbased SSP schemes for the devices in Mobile Cloud Computing( MCC). The proposed schemes enhance the SSP security with the help of MCC. Scheme I is applied into the devices which support the PE or OOB model. It uses the hash function to ensure the authenticity and integrity of the pairing messages. Scheme II is suitable for the devices which only support the JW model. It improves the security of the JW model through using the hash array. At the end of this paper,we examine the performance for the proposed schemes,and perform the security analysis to showthat they can provide the MITMprotection against the adversaries with different levels of power.

Dongkun Hou,Jie Zhang,Ka Lok Man

DOI: https://doi.org/10.1109/trustcom50675.2020.00224

2020-01-01

Abstract:Bluetooth wireless technology is widely deployed in consumer electronics such as mobile phones, headsets, medical wearables and so on. Security is a significant concern of users, since such devices collect and store personal data. Security schemes are provided in the Bluetooth Core Specification version 5.0, but they cannot resist the emerging side-channel attacks which can leak long-term secrets through physical manners. In this paper, the security of Bluetooth under side-channel attacks is studied. Specifically, we improved the security of Secure Simple Pairing (SSP) protocol in Bluetooth 5.0 by developing two leakage-resilient methods to resist side-channel attacks. The leakage-resilient SSP protocols are designed using exponent splitting and multiplicative mask leakage-resilient methods respectively to prevent the long-term secrets from being leaked to side-channel attackers. Prototypes of the new and original protocols are realized, and we simulate a set of experiences to evaluate and compare their performance. We find the increased computation cost of the new protocols is slight and acceptable.

Jianliang Wu,Yuhong Nan,Vireshwar Kumar,Dave (Jing) Tian,Antonio Bianchi,Mathias Payer,Dongyan Xu

2020-01-01

Abstract:The Bluetooth Low Energy (BLE) protocol ubiquitously enables energy-efficient wireless communication among resource-constrained devices. To ease its adoption, BLE requires limited or no user interaction to establish a connection between two devices. Unfortunately, this simplicity is the root cause of several security issues. In this paper, we analyze the security of the BLE link-layer, focusing on the scenario in which two previously-connected devices reconnect. Based on a formal analysis of the reconnection procedure defined by the BLE specification, we highlight two critical security weaknesses in the specification. As a result, even a device implementing the BLE protocol correctly may be vulnerable to spoofing attacks. To demonstrate these design weaknesses, and further study their security implications, we develop BLE Spoofing Attacks (BLESA). These attacks enable an attacker to impersonate a BLE device and to provide spoofed data to another previously-paired device. BLESA can be easily carried out against some implementations of the BLE protocol, such as the one used in Linux. Additionally, for the BLE stack implementations used by Android and iOS, we found a logic bug enabling BLESA. We reported this security issue to the affected parties (Google and Apple), and they acknowledged our findings.

Muhammed Ali Yurdagul,Husrev Taha Sencar

DOI: https://doi.org/10.48550/arXiv.2103.16235

2021-03-30

Abstract:Bluetooth Low Energy (BLE) has become one of the most popular wireless communication protocols and is used in billions of smart devices. Despite several security features, the hardware and software limitations of these devices makes them vulnerable to man-in-the-middle (MITM) attacks. Due to the use of these devices in increasingly diverse and safety-critical applications, the capability to detect MITM attacks has become more critical. To address this challenge, we propose the use of the response time behavior of a BLE device observed in relation to select read and write operations and introduce an activeMITM attack detection system that identifies changes in response time. Our measurements on several BLE devices show that theirresponse time behavior exhibits very high regularity, making it a very reliable attack indicator that cannot be concealed by an attacker. Test results show that our system can very accurately and quickly detect MITM attacks while requiring a simple learning approach.

Cryptography and Security

Chandranshu Gupta,Gaurav Varshney

DOI: https://doi.org/10.1016/j.comcom.2023.01.001

2022-04-29

Abstract:Bluetooth Low Energy (BLE) devices have become very popular because of their Low energy consumption and hence a prolonged battery life. They are being used in smart wearable devices, smart home automation system, beacons and many more areas. BLE uses pairing mechanisms to achieve a level of peer entity authentication as well as encryption. Although, there are a set of pairing mechanisms available but BLE devices having no keyboard or display mechanism (and hence using the Just Works pairing) are still vulnerable. In this paper, we propose and implement, a light-weight digital certificate based authentication mechanism for the BLE devices making use of Just Works model. The proposed model is an add-on to the already existing pairing mechanism and therefore can be easily incorporated in the existing BLE stack. To counter the existing Man-in-The-Middle attack scenario in Just Works pairing (device spoofing), our proposed model allows the client and peripheral to make use of the popular Public Key Infrastructure (PKI) to establish peer entity authentication and a secure cryptographic tunnel for communication. We have also developed a lightweight BLE profiled digital certificate containing the bare minimum fields required for resource constrained devices, which significantly reduces the memory (about 90\% reduction) and energy consumption. We have experimentally evaluated the energy consumption of the device using the proposed pairing mechanism to demonstrate that the model can be easily deployed with less changes to the power requirements of the chips. The model has been formally verified using automatic verification tool for protocol testing.

Cryptography and Security

Cn Yang,Ht Teng,Ts Chen

2004-01-01

Abstract:Motivated by the reused unit key problem described in Bluetooth security white paper, we herein propose a method to modify the usage of the unit key, which is a common secret key established in Bluetooth pairing communication session. The reused problem causes the disclosure of confidential information due to the same unit key of other devices that has been authenticated or paired before. Bluetooth Security Expert Group (BSEG) recommends that using combination keys as link keys would be more appropriate than using unit keys for authentication and encryption. However, it is not a good choice for those devices with limited memory to store a lot of combination keys. Therefore, we propose a method based on one-way hash function to modify the usage of unit keys. It makes unit keys unique as well as combination keys in each pairing communication such that no malicious users are able to eavesdrop with the reused unit keys. Besides, no additional memory space will be required to store keys.

Chien-Ming Chen,King-Hang Wang,Tsu-Yang Wu,Jeng-Shyang Pan,Hung-Min Sun

DOI: https://doi.org/10.1109/tifs.2013.2270106

IF: 7.231

2013-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The man-in-the-middle (MITM) attack is the major threat for handheld devices to agree on a session key in which they do not share any prior secret in advance, even if these devices are physically located in the same place. Apart from insecurely typing passwords into handheld devices or comparing long hexadecimal keys displayed on the devices' screens, many other human-verifiable protocols have been proposed in the literature to solve the problem. Unfortunately, most of these schemes are unscalable to more users. Even when there are only three entities attempting to agree on a session key, these protocols need to be rerun three times. In this paper, we present a bipartite and a tripartite authentication protocol using a temporary confidential channel. Besides, we further extend the system into a transitive authentication protocol that allows multiple handheld devices to establish a conference key securely and efficiently. In addition, we provide a formal proof to our protocol to demonstrate our scheme is indeed secure. We also implement the prototype of the system on a mobile phone with satisfying performance.

Sai Swaroop Madugula,Ruizhong Wei

DOI: https://doi.org/10.48550/arXiv.2101.09381

2021-01-23

Abstract:In this paper, we propose a simple enhancement for the passkey entry protocol in the authentication stage 1 of Secure Simple Pairing using preexisting cryptographic hash functions and random integer generation present in the protocol. The new protocol is more secure and efficient than previous known protocols. Our research mainly focuses on strengthening the passkey entry protocol and protecting the devices against passive eavesdropping and active Man-in-the-middle (MITM) attacks in both Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (Bluetooth LE). This method can be used for any device which uses the passkey entry protocol.

Cryptography and Security

Jianliang Wu,Yuhong Nan,Vireshwar Kumar,Mathias Payer,Dongyan Xu

2020-01-01

Abstract:Many IoT devices are equipped with Bluetooth Low Energy (BLE) to support communication in an energy-efficient manner. Unfortunately, BLE is prone to spoofing attacks where an attacker can impersonate a benign BLE device and feed malicious data to its users. Defending against spoofing attacks is extremely difficult as security patches to mitigate them may not be adopted across vendors promptly; not to mention the millions of legacy BLE devices with limited I/O capabilities that do not support firmware updates. As a first line of defense against spoofing attacks, we propose BlueShield, a legacy-friendly, non-intrusive monitoring system. BlueShield is motivated by the observation that all spoofing attacks result in anomalies in certain cyber-physical features of the advertising packets containing the BLE device’s identity. BlueShield leverages these features to detect anomalous packets generated by an attacker. More importantly, the unique design of BlueShield makes it robust against an advanced attacker with the capability to mimic all features. BlueShield can be deployed on low-cost off-the-shelf platforms, and does not require any modification in the BLE device or its user. Our evaluation with nine common BLE devices deployed in a real-world office environment validates that BlueShield can effectively detect spoofing attacks at a very low false positive and false negative rate.