Bluetooth Low Energy (BLE) is a pervasive wireless technology all around us today. It is included in most commercial consumer electronic devices manufactured in last years, and billions of BLE-enabled devices are produced every year, including wearable or portable ones like smartphones, smart-watches and smartbands. The success of BLE as a cornerstone in IoT and consumer electronics is both an advantage, giving wireless communication potential in the short range at low cost and consumption, and a disadvantage, from a security and privacy standpoint. BLE exposes packets that enable a potential attacker to detect, enquire and fingerprint actual devices despite manufacturers attempts to avoid detection and tracking. MAC address randomization was introduced in the BLE standard to solve some of these issues. In this paper we discuss how to detect and fingerprint BLE devices, basing our analysis and data collection on GAP (Generic Access Profile) and GATT (Generic Attribute Profile) protocols and data that can be recovered from devices by interactions allowed by the standard. In our study we focus on the possibility of enumerating and creating fingerprints of discovered devices, for crowd monitoring and recognition purposes, associating BLE randomized MAC addresses to actual devices using computed fingerprints when GATT is exploitable. We describe how large scale data collection can be obtained using automatic scanning devices with long range communication hardware, to uplink collected data in cloud-based applications and to a data store.

BLENDER - Bluetooth low energy discovery and fingerprinting in IoT / Perri, Massimo; Cuomo, Francesca; Locatelli, Pierluigi. - (2022), pp. 182-189. (Intervento presentato al convegno 20th Mediterranean Communication and Computer Networking Conference, MedComNet 2022 tenutosi a Paphos; Cyprus) [10.1109/MedComNet55087.2022.9810437].

BLENDER - Bluetooth low energy discovery and fingerprinting in IoT

Perri, Massimo;Cuomo, Francesca;Locatelli, Pierluigi
2022

Abstract

Bluetooth Low Energy (BLE) is a pervasive wireless technology all around us today. It is included in most commercial consumer electronic devices manufactured in last years, and billions of BLE-enabled devices are produced every year, including wearable or portable ones like smartphones, smart-watches and smartbands. The success of BLE as a cornerstone in IoT and consumer electronics is both an advantage, giving wireless communication potential in the short range at low cost and consumption, and a disadvantage, from a security and privacy standpoint. BLE exposes packets that enable a potential attacker to detect, enquire and fingerprint actual devices despite manufacturers attempts to avoid detection and tracking. MAC address randomization was introduced in the BLE standard to solve some of these issues. In this paper we discuss how to detect and fingerprint BLE devices, basing our analysis and data collection on GAP (Generic Access Profile) and GATT (Generic Attribute Profile) protocols and data that can be recovered from devices by interactions allowed by the standard. In our study we focus on the possibility of enumerating and creating fingerprints of discovered devices, for crowd monitoring and recognition purposes, associating BLE randomized MAC addresses to actual devices using computed fingerprints when GATT is exploitable. We describe how large scale data collection can be obtained using automatic scanning devices with long range communication hardware, to uplink collected data in cloud-based applications and to a data store.
2022
20th Mediterranean Communication and Computer Networking Conference, MedComNet 2022
bluetooth low energy; BLE; IoT; LoRaWAN; security; privacy
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
BLENDER - Bluetooth low energy discovery and fingerprinting in IoT / Perri, Massimo; Cuomo, Francesca; Locatelli, Pierluigi. - (2022), pp. 182-189. (Intervento presentato al convegno 20th Mediterranean Communication and Computer Networking Conference, MedComNet 2022 tenutosi a Paphos; Cyprus) [10.1109/MedComNet55087.2022.9810437].
File allegati a questo prodotto
File Dimensione Formato  
Perri_BLENDER_2022.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.23 MB
Formato Adobe PDF
1.23 MB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1650363
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 2
social impact