Álvarez, Flor ; Almon, Lars ; Hahn, Ann-Sophie ; Hollick, Matthias (2019)
Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept.
Security Standardisation Research Conference 2019 (ACM CCS Workshop). London, UK (11.11.2019-11.11.2019)
Conference or Workshop Item, Bibliographie
Abstract
Bluetooth Low Energy is the dominant wireless technology empowering the Internet-of-Things. It has recently been amended with Bluetooth Mesh, which promises secure low energy multi-hop wireless connectivity with a software-only upgrade to existing Bluetooth devices. Bluetooth Mesh claims to be suitable for building large-scale multi-hop sensor networks with thousands of devices and up to 127 hops. In particular, it introduces the friendship concept, allowing low power Internet-of-Things devices to save energy by going into sleep mode, while their associated friend node caches their packets. In this paper, we show that the security model underlying the friendship concept introduces a number of simplifying assumptions that can be harnessed against the Bluetooth Mesh network. We demonstrate three fundamental vulnerabilities in the security model that lead to denial-of-service and impersonation attacks. Furthermore, we experimentally proof that our denial-of-service attack significantly affects the battery life of low power Internet-of-Things devices from a normal duration of two years to just few days. In addition, we introduce btlemesh, an open-source tool to analyze Bluetooth Mesh and perform the aforementioned security tests in practice. Finally, we discuss possible countermeasures to mitigate these vulnerabilities.
Item Type: | Conference or Workshop Item | ||||
---|---|---|---|---|---|
Erschienen: | 2019 | ||||
Creators: | Álvarez, Flor ; Almon, Lars ; Hahn, Ann-Sophie ; Hollick, Matthias | ||||
Type of entry: | Bibliographie | ||||
Title: | Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept | ||||
Language: | English | ||||
Date: | 2019 | ||||
Event Title: | Security Standardisation Research Conference 2019 (ACM CCS Workshop) | ||||
Event Location: | London, UK | ||||
Event Dates: | 11.11.2019-11.11.2019 | ||||
Abstract: | Bluetooth Low Energy is the dominant wireless technology empowering the Internet-of-Things. It has recently been amended with Bluetooth Mesh, which promises secure low energy multi-hop wireless connectivity with a software-only upgrade to existing Bluetooth devices. Bluetooth Mesh claims to be suitable for building large-scale multi-hop sensor networks with thousands of devices and up to 127 hops. In particular, it introduces the friendship concept, allowing low power Internet-of-Things devices to save energy by going into sleep mode, while their associated friend node caches their packets. In this paper, we show that the security model underlying the friendship concept introduces a number of simplifying assumptions that can be harnessed against the Bluetooth Mesh network. We demonstrate three fundamental vulnerabilities in the security model that lead to denial-of-service and impersonation attacks. Furthermore, we experimentally proof that our denial-of-service attack significantly affects the battery life of low power Internet-of-Things devices from a normal duration of two years to just few days. In addition, we introduce btlemesh, an open-source tool to analyze Bluetooth Mesh and perform the aforementioned security tests in practice. Finally, we discuss possible countermeasures to mitigate these vulnerabilities. |
||||
Alternative keywords: |
|
||||
Divisions: | 20 Department of Computer Science 20 Department of Computer Science > Sichere Mobile Netze DFG-Collaborative Research Centres (incl. Transregio) DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1053: MAKI – Multi-Mechanisms Adaptation for the Future Internet |
||||
Date Deposited: | 29 Oct 2019 13:36 | ||||
Last Modified: | 23 Aug 2021 12:53 | ||||
PPN: | |||||
Alternative keywords: |
|
||||
Export: | |||||
Suche nach Titel in: | TUfind oder in Google |
Send an inquiry |
Options (only for editors)
Show editorial Details |