Álvarez, Flor ; Almon, Lars ; Hahn, Ann-Sophie ; Hollick, Matthias (2019)
Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept.
Security Standardisation Research Conference 2019 (ACM CCS Workshop). London, UK (11.November 2019)
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Bluetooth Low Energy is the dominant wireless technology empowering the Internet-of-Things. It has recently been amended with Bluetooth Mesh, which promises secure low energy multi-hop wireless connectivity with a software-only upgrade to existing Bluetooth devices. Bluetooth Mesh claims to be suitable for building large-scale multi-hop sensor networks with thousands of devices and up to 127 hops. In particular, it introduces the friendship concept, allowing low power Internet-of-Things devices to save energy by going into sleep mode, while their associated friend node caches their packets. In this paper, we show that the security model underlying the friendship concept introduces a number of simplifying assumptions that can be harnessed against the Bluetooth Mesh network. We demonstrate three fundamental vulnerabilities in the security model that lead to denial-of-service and impersonation attacks. Furthermore, we experimentally proof that our denial-of-service attack significantly affects the battery life of low power Internet-of-Things devices from a normal duration of two years to just few days. In addition, we introduce btlemesh, an open-source tool to analyze Bluetooth Mesh and perform the aforementioned security tests in practice. Finally, we discuss possible countermeasures to mitigate these vulnerabilities.
| Typ des Eintrags: | Konferenzveröffentlichung | ||||
|---|---|---|---|---|---|
| Erschienen: | 2019 | ||||
| Autor(en): | Álvarez, Flor ; Almon, Lars ; Hahn, Ann-Sophie ; Hollick, Matthias | ||||
| Art des Eintrags: | Bibliographie | ||||
| Titel: | Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept | ||||
| Sprache: | Englisch | ||||
| Publikationsjahr: | 2019 | ||||
| Veranstaltungstitel: | Security Standardisation Research Conference 2019 (ACM CCS Workshop) | ||||
| Veranstaltungsort: | London, UK | ||||
| Veranstaltungsdatum: | 11.November 2019 | ||||
| Kurzbeschreibung (Abstract): | Bluetooth Low Energy is the dominant wireless technology empowering the Internet-of-Things. It has recently been amended with Bluetooth Mesh, which promises secure low energy multi-hop wireless connectivity with a software-only upgrade to existing Bluetooth devices. Bluetooth Mesh claims to be suitable for building large-scale multi-hop sensor networks with thousands of devices and up to 127 hops. In particular, it introduces the friendship concept, allowing low power Internet-of-Things devices to save energy by going into sleep mode, while their associated friend node caches their packets. In this paper, we show that the security model underlying the friendship concept introduces a number of simplifying assumptions that can be harnessed against the Bluetooth Mesh network. We demonstrate three fundamental vulnerabilities in the security model that lead to denial-of-service and impersonation attacks. Furthermore, we experimentally proof that our denial-of-service attack significantly affects the battery life of low power Internet-of-Things devices from a normal duration of two years to just few days. In addition, we introduce btlemesh, an open-source tool to analyze Bluetooth Mesh and perform the aforementioned security tests in practice. Finally, we discuss possible countermeasures to mitigate these vulnerabilities. |
||||
| Schlagworte: |
|
||||
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Sichere Mobile Netze DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1053: MAKI – Multi-Mechanismen-Adaption für das künftige Internet |
||||
| Hinterlegungsdatum: | 29 Okt 2019 13:36 | ||||
| Letzte Änderung: | 23 Aug 2021 12:53 | ||||
| PPN: | |||||
| Schlagworte: |
|
||||
| Export: | |||||
| Suche nach Titel in: | TUfind oder in Google | ||||
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum