TU Darmstadt / ULB / TUbiblio

Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept

Álvarez, Flor ; Almon, Lars ; Hahn, Ann-Sophie ; Hollick, Matthias (2019)
Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept.
Security Standardisation Research Conference 2019 (ACM CCS Workshop). London, UK (11.11.2019-11.11.2019)
Conference or Workshop Item, Bibliographie

Abstract

Bluetooth Low Energy is the dominant wireless technology empowering the Internet-of-Things. It has recently been amended with Bluetooth Mesh, which promises secure low energy multi-hop wireless connectivity with a software-only upgrade to existing Bluetooth devices. Bluetooth Mesh claims to be suitable for building large-scale multi-hop sensor networks with thousands of devices and up to 127 hops. In particular, it introduces the friendship concept, allowing low power Internet-of-Things devices to save energy by going into sleep mode, while their associated friend node caches their packets. In this paper, we show that the security model underlying the friendship concept introduces a number of simplifying assumptions that can be harnessed against the Bluetooth Mesh network. We demonstrate three fundamental vulnerabilities in the security model that lead to denial-of-service and impersonation attacks. Furthermore, we experimentally proof that our denial-of-service attack significantly affects the battery life of low power Internet-of-Things devices from a normal duration of two years to just few days. In addition, we introduce btlemesh, an open-source tool to analyze Bluetooth Mesh and perform the aforementioned security tests in practice. Finally, we discuss possible countermeasures to mitigate these vulnerabilities.

Item Type: Conference or Workshop Item
Erschienen: 2019
Creators: Álvarez, Flor ; Almon, Lars ; Hahn, Ann-Sophie ; Hollick, Matthias
Type of entry: Bibliographie
Title: Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept
Language: English
Date: 2019
Event Title: Security Standardisation Research Conference 2019 (ACM CCS Workshop)
Event Location: London, UK
Event Dates: 11.11.2019-11.11.2019
Abstract:

Bluetooth Low Energy is the dominant wireless technology empowering the Internet-of-Things. It has recently been amended with Bluetooth Mesh, which promises secure low energy multi-hop wireless connectivity with a software-only upgrade to existing Bluetooth devices. Bluetooth Mesh claims to be suitable for building large-scale multi-hop sensor networks with thousands of devices and up to 127 hops. In particular, it introduces the friendship concept, allowing low power Internet-of-Things devices to save energy by going into sleep mode, while their associated friend node caches their packets. In this paper, we show that the security model underlying the friendship concept introduces a number of simplifying assumptions that can be harnessed against the Bluetooth Mesh network. We demonstrate three fundamental vulnerabilities in the security model that lead to denial-of-service and impersonation attacks. Furthermore, we experimentally proof that our denial-of-service attack significantly affects the battery life of low power Internet-of-Things devices from a normal duration of two years to just few days. In addition, we introduce btlemesh, an open-source tool to analyze Bluetooth Mesh and perform the aforementioned security tests in practice. Finally, we discuss possible countermeasures to mitigate these vulnerabilities.

Alternative keywords:
Alternative keywordsLanguage
Bluetooth Mesh, Internet-of-Things, Denial-of-serviceEnglish
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Sichere Mobile Netze
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1053: MAKI – Multi-Mechanisms Adaptation for the Future Internet
Date Deposited: 29 Oct 2019 13:36
Last Modified: 23 Aug 2021 12:53
PPN:
Alternative keywords:
Alternative keywordsLanguage
Bluetooth Mesh, Internet-of-Things, Denial-of-serviceEnglish
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details