Bluetooth Low Energy (BLE) is a pervasive wireless technology all around us today. It is included in most commercial consumer electronic devices manufactured in the last years, and billions of BLE-enabled devices are produced every year, mostly wearable or portable ones like smartphones, smartwatches, and smartbands. The success of BLE as a cornerstone in the Internet of Things (IoT) and consumer electronics is both an advantage, enabling short range, low cost, and low power consumption wireless communications, and a disadvantage, from a security and privacy standpoint. BLE exposes packets that enable a potential attacker to detect, enquire and fingerprint actual devices despite manufacturers’ attempts to avoid detection and tracking. Medium Access Control (MAC) address randomization was introduced in the BLE standard to solve some of these issues. In this paper we discuss how to detect and fingerprint BLE devices, basing our analysis and data collection on interactions allowed by the standard. In our study, we propose the Bluetooth Low Energy Nodes Detect, Enquire, (and) Recognition (BLENDER) framework for enumerating and fingerprinting BLE devices for crowd monitoring and recognition purposes, based on four different strategies used to analyze BLE-enabled devices. We will show that it is possible to associate BLE randomized MAC addresses to actual devices. We will then describe a proof of concept for large-scale data collection. In addition, to determine the spots where the stations could be optimally positioned, we created a synthetic dataset based on mobility models and then we emulated the BLENDER approach. The latter allowed training Machine Learning models to predict the expected number of devices appearing at any particular position, day, and hour.

Device discovery and tracing in the Bluetooth Low Energy domain / Locatelli, Pierluigi; Perri, Massimo; JIMENEZ GUTIERREZ, DANIEL MAURICIO; Lacava, Andrea; Cuomo, Francesca. - In: COMPUTER COMMUNICATIONS. - ISSN 0140-3664. - 202:(2023), pp. 42-56. [10.1016/j.comcom.2023.02.008]

Device discovery and tracing in the Bluetooth Low Energy domain

Pierluigi Locatelli;Massimo Perri;Daniel Mauricio Jimenez Gutierrez;Andrea Lacava;Francesca Cuomo
Membro del Collaboration Group
2023

Abstract

Bluetooth Low Energy (BLE) is a pervasive wireless technology all around us today. It is included in most commercial consumer electronic devices manufactured in the last years, and billions of BLE-enabled devices are produced every year, mostly wearable or portable ones like smartphones, smartwatches, and smartbands. The success of BLE as a cornerstone in the Internet of Things (IoT) and consumer electronics is both an advantage, enabling short range, low cost, and low power consumption wireless communications, and a disadvantage, from a security and privacy standpoint. BLE exposes packets that enable a potential attacker to detect, enquire and fingerprint actual devices despite manufacturers’ attempts to avoid detection and tracking. Medium Access Control (MAC) address randomization was introduced in the BLE standard to solve some of these issues. In this paper we discuss how to detect and fingerprint BLE devices, basing our analysis and data collection on interactions allowed by the standard. In our study, we propose the Bluetooth Low Energy Nodes Detect, Enquire, (and) Recognition (BLENDER) framework for enumerating and fingerprinting BLE devices for crowd monitoring and recognition purposes, based on four different strategies used to analyze BLE-enabled devices. We will show that it is possible to associate BLE randomized MAC addresses to actual devices. We will then describe a proof of concept for large-scale data collection. In addition, to determine the spots where the stations could be optimally positioned, we created a synthetic dataset based on mobility models and then we emulated the BLENDER approach. The latter allowed training Machine Learning models to predict the expected number of devices appearing at any particular position, day, and hour.
2023
bluetooth low energy; security; fingerprinting; tracking; internet of things; machine learning
01 Pubblicazione su rivista::01a Articolo in rivista
Device discovery and tracing in the Bluetooth Low Energy domain / Locatelli, Pierluigi; Perri, Massimo; JIMENEZ GUTIERREZ, DANIEL MAURICIO; Lacava, Andrea; Cuomo, Francesca. - In: COMPUTER COMMUNICATIONS. - ISSN 0140-3664. - 202:(2023), pp. 42-56. [10.1016/j.comcom.2023.02.008]
File allegati a questo prodotto
File Dimensione Formato  
Locatelli_Device-discovery_2023.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 2.05 MB
Formato Adobe PDF
2.05 MB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1670724
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? 2
social impact