Bluetooth Low Energy (BLE) is rapidly becoming the de-facto standard for short-range wireless communications among resource-constrained wireless devices. Securing this technology and its networking capabilities is paramount, as their widespread use by Internet of Things (IoT) applications demands protection from malicious users. While its security features have remarkably improved over the years, the BLE technology is still prone to severe threats, creating a gap between the standard theoretical design and its implementation. Particularly, the BLE Mesh Profile (Bluetooth Mesh), which enables many-to-many communication, prompts an overall analysis of its security, to ensure that its use preserves the integrity and privacy of end users. This work surveys the state-of-the-art of the security of BLE with an emphasis on Bluetooth Mesh, highlighting the threats that can still hinder their usage. We review the latest specifications in terms of link set up and authentication and describe attacks to both point-to-point and multicast networking. Our work also discusses solutions to mitigate and prevent attacks to the current standard, such as Intrusion Detection Systems, thus improving the general level of security of BLE systems.
Securing Bluetooth Low Energy networking: An overview of security procedures and threats / Lacava, Andrea; Zottola, Valerio; Bonaldo, Alessio; Cuomo, Francesca; Basagni, Stefano. - In: COMPUTER NETWORKS. - ISSN 1389-1286. - 211:(2022), p. 108953. [10.1016/j.comnet.2022.108953]
Securing Bluetooth Low Energy networking: An overview of security procedures and threats
Andrea Lacava;Francesca Cuomo;
2022
Abstract
Bluetooth Low Energy (BLE) is rapidly becoming the de-facto standard for short-range wireless communications among resource-constrained wireless devices. Securing this technology and its networking capabilities is paramount, as their widespread use by Internet of Things (IoT) applications demands protection from malicious users. While its security features have remarkably improved over the years, the BLE technology is still prone to severe threats, creating a gap between the standard theoretical design and its implementation. Particularly, the BLE Mesh Profile (Bluetooth Mesh), which enables many-to-many communication, prompts an overall analysis of its security, to ensure that its use preserves the integrity and privacy of end users. This work surveys the state-of-the-art of the security of BLE with an emphasis on Bluetooth Mesh, highlighting the threats that can still hinder their usage. We review the latest specifications in terms of link set up and authentication and describe attacks to both point-to-point and multicast networking. Our work also discusses solutions to mitigate and prevent attacks to the current standard, such as Intrusion Detection Systems, thus improving the general level of security of BLE systems.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.