Friendship security analysis in bluetooth low energy networks

Bluetooth Low Energy (BLE) is one of the most promising low-power, short-range wireless technologies, providing a standardized technology for creating mesh networks and enabling devices to communicate with each other with limited impact on the battery. BLE Mesh networks support a variety of features, including broadcast, unicast, and multicast messaging, allowing devices to communicate in a distributed and scalable manner. These networks enable a wide range of applications, from smart homes to industrial automation and asset tracking. In recent years, the BLE standard has introduced a new feature called ”Friendship” that allows nodes with limited battery power to pair with other Bluetooth devices that are responsible for caching their messages while they sleep. In this way, the BLE Friendship allows devices to share data without the need for a continuous connection, preserving the energy-saving capabilities of the network. However, recent literature has shown that this feature can be easily exploited by malicious agents in the network to either deny friendship or establish a permanent link between the attacker and the low-power node. In this paper, we review the current status of the security of the BLE Friendship, discussing what are the most dangerous threats, and analyzing their impact on the battery of low-power nodes. Therefore, we implement one of these threats, namely, the Clear Attack, over a smart sensor scenario to show its potential in affecting the battery life of the devices. Finally, we propose and implement a set of countermeasures and mitigations that can be integrated into the BLE standard to reduce the impact of such an attack and we prove their effectiveness in preserving the energy of low-power devices.