BLE Security in EECS 582 Spring 2015 Course

ble security n.w
1 / 16
Embed
Share

Explore various aspects of Bluetooth Low Energy (BLE) security in the EECS 582 course from Spring 2015, covering topics such as attacks, improvements, authentication, privacy, and more. Dive into the layers of BLE technology and learn about link layer connections, encryption methods, and the initiation of BLE connections. Discover how to sniff ongoing connections and secure pairings in BLE 4.2 with elliptic curve Diffie-Hellman. Increase your knowledge of BLE security protocols and practices with insightful visuals and detailed explanations.

  • BLE Security
  • EECS 582
  • Spring 2015
  • Bluetooth Low Energy
  • Security Protocols
rayaanacharya
jaelynekl Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. BLE Security EECS 582 -- Spring 2015

  2. Overview BLE Refresher Attacks Improvements Authentication Privacy Discussion

  3. BLE: Quick/Simplified Refresh Application Layer GATT ATT L2CAP Link Layer Physical Layer

  4. Link Layer State Machine

  5. Link Layer Connections - Steps 1. Initiate Connection 2. Exchange keys <- Attack! 3. Authenticate 4. Send encrypted messages

  6. BLE CONNECT_REQ Packet

  7. Initiating a BLE Connection Peripheral advertises Initiator starts connection o hopInterval o hopIncrement o accessAddress o crcInit Initiator and peripheral move to next channel

  8. Sniffing an on going connection Eliminate false positives (how do you know what is a packet) o Look for 16-bit header for empty packet, take prior 32-bits as AA o crcInit can be reversed, by running the packet through the LFSR in reverse (magic, magic, math, math...) o Access Address is set in each packet. Wait on a channel and observe subsequent packets, record time between Wait for a packet on two separate data channels

  9. Encryption - BLE 4.0 & 4.1 Custom key exchange o Select TK (128 bit AES key) o Use TK to agree upon LTK What s TK? o Just WorksTM: key == 0 o 6-digit passkey: key in 0-999,999 o Out of Band: You re on your own.

  10. BLE 4.2 - Secure Simple Pairing Elliptic Curve Diffie Hellman o 96 bits of entropy with P-192 or 128 bits with P-256 Protects against passive eavesdropping Does not protect against MITM Association models (anti-MITM) o Numeric comparison o Out of Band o Passkey Secure Connections Only Mode

  11. Link Layer Encryption TCP/IP o No encryption o No authentication o Relies on application layer o Vulnerable to passive listener BLE o Node-to-node encryption o Impractical authentication (for many IoT) o Simply Secure is safe from passive listener

  12. Could I be tracked? Device Address Randomization o Access Address generated by identity key (IRK) o IRK exchanged during bonding Do people use it? o We do not currently employ Bluetooth Smart in this capability. o ...we do not use randomize device address. o As far as we are aware, our two products that use BLE do not utilize this feature.

  13. Summary Proven link-layer encryption scheme node to node (in 4.2) No protection against MITM without traditional I/O Option for randomizing device address

  14. Wishlist Better way to do authentication o Many IoT class devices don t have classical I/O o How to I control what devices are connected to my gateway? o How can I control what gateways I connect to? Multihop communication o Do I trust the nodes in between the gateway and destination? o What happens if one of my devices is compromised? Do I trust my gateway?

  15. References https://lacklustre.net/bluetooth/Ryan_Bluetooth_Low_Energy_USENIX_WOOT. pdf https://eprint.iacr.org/2013/309.pdf https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=28643 9

  16. What does IoT need? Confidentiality o I don t want people monitoring my habits at home ...but people can already see if my lights are on o Communication between nodes should be kept secret Authentication o We want to know what nodes are on our network and that they re legit. Preventing pivots o If a node is compromised, it should be hard for that node to pop other devices. Do I want people to know what devices I have in my house? Prevent neighbors from turning off lights General framework that different classes of devices can inherit from: medical IoT can specify something that fitness IoT needn t have.

Related


The IoT World Forum Standardized Architecture Overview

The IoT World Forum Standardized Architecture Overview

zaniyah
Tektronix Technologies- Internet of Things (IOT) Across UAE

Tektronix Technologies- Internet of Things (IOT) Across UAE

Syed4
DoS Detection for IoT Networks Using Machine Learning: Study Overview

DoS Detection for IoT Networks Using Machine Learning: Study Overview

aqua
Discover the power of IoT with Orangeinfomedia.ca - the leading IoT services com

Discover the power of IoT with Orangeinfomedia.ca - the leading IoT services com

orangeinfomedia
IoT Privacy and Security in Addis Ababa Workshop 2019

IoT Privacy and Security in Addis Ababa Workshop 2019

kye
IoT Platforms Design Methodology by Dr. Snehlata Barde - Overview

IoT Platforms Design Methodology by Dr. Snehlata Barde - Overview

joah
BLE Security in EECS 582 - Spring 2015

BLE Security in EECS 582 - Spring 2015

timo
Starlink's Potential for IoT Devices Explained

Starlink's Potential for IoT Devices Explained

teddie
IoT Security Standards and Protocols

IoT Security Standards and Protocols

pandora
Enhancing Railways Operations with IoT Smart Sensors

Enhancing Railways Operations with IoT Smart Sensors

kans455
IoT Data Analytics Architecture for Real-World Use Cases

IoT Data Analytics Architecture for Real-World Use Cases

ksatt
STM32WB BLE Secure Connections Overview

STM32WB BLE Secure Connections Overview

jeffreys_n
Smart IoT Lock for Convenient Home Access

Smart IoT Lock for Convenient Home Access

jas_sa
Faster 5G-IoT Interworking Solution and Market Outlook

Faster 5G-IoT Interworking Solution and Market Outlook

ado_zec
Internet of Things (IoT) in Vocational Education

Internet of Things (IoT) in Vocational Education

bro_g
IoT/IoL Technology for Drone-based Guard Tour Solution

IoT/IoL Technology for Drone-based Guard Tour Solution

maesiebo
IoT Integration with Microsoft Azure IoT Hub

IoT Integration with Microsoft Azure IoT Hub

lilyon
Holistic Approach to IoT Communication: Connecting to BLE Devices

Holistic Approach to IoT Communication: Connecting to BLE Devices

liv_ch
SEC and Fort Worth Regional Office

SEC and Fort Worth Regional Office

mwink
Revolutionizing Energy Conservation with Cloud Computing and IoT

Revolutionizing Energy Conservation with Cloud Computing and IoT

truslow_c
Secure IoT Application Lifecycle Overview

Secure IoT Application Lifecycle Overview

viko563
IoT Value Roadmap and Key Use Cases Across Business Functions

IoT Value Roadmap and Key Use Cases Across Business Functions

ola_b

More Related Content