2,881 Hits in 9.1 sec

Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks

Yue Zhang, Jian Weng, Rajib Dey, Yier Jin, Zhiqiang Lin, Xinwen Fu
2020 USENIX Security Symposium  
to the Proceedings of the 29th USENIX Security Symposium is sponsored by USENIX.  ...  This research was supported in part by US Natural Science Foundation (NSF) Awards 1931871 and 1915780, Semiconductor Research Corporation (2018-TS-2860), National Natural Science Foundation of China (Grant  ...  Defeating other attacks such as co-located attacks requires extra remedies [11, 12, 26] .  ... 
dblp:conf/uss/00250DJLF20 fatcat:upyr4g2y5fgclllp4eymjztwjm

A Study of the Feasibility of Co-located App Attacks against BLE and a Large-Scale Analysis of the Current Application-Layer Security Landscape [article]

Pallavi Sivakumaran, Jorge Blasco
2019 arXiv   pre-print
Increasingly, these use cases require the storage of sensitive user data or critical device controls on the BLE device, as well as the access of this data by an augmentative mobile application.  ...  In this paper we show how unauthorized co-located Android applications can access pairing-protected BLE data, without the user's knowledge.  ...  At any rate, this is the only mechanism available at present for protecting data against access by co-located applications.  ... 
arXiv:1808.03778v3 fatcat:im6dreqotba37b5xxc5n5hyew4

On the (In)security of Bluetooth Low Energy One-Way Secure Connections Only Mode [article]

Yue Zhang, Jian Weng, Rajib Dey, Yier Jin, Zhiqiang Lin, Xinwen Fu
2019 arXiv   pre-print
To defeat security threats such as man-in-the-middle (MITM) attacks, Bluetooth Low Energy (BLE) 4.2 and 5.x introduce the Secure Connections Only mode, under which a BLE device accepts only secure paring  ...  These design flaws can be exploited by attackers to perform downgrading attacks, forcing the BLE pairing protocols to run in the insecure mode without the users' awareness.  ...  Our solution of enforcing secure pairing at both the mobile and device can address these issues while defeating other attacks such as co-located attacks requires extra remedies and is addressed in [14  ... 
arXiv:1908.10497v2 fatcat:adr5vrnouzdfhnkueogjydzs2e

Security and Privacy Threats for Bluetooth Low Energy in IoT and Wearable Devices: A Comprehensive Survey

Arup Barua, Md Abdullah Al Alamin, Md. Shohrab Hossain, Ekram Hossain
2022 IEEE Open Journal of the Communications Society  
We also provide case studies regarding how different vulnerabilities can be exploited in real BLE devices.  ...  Some segregated works on BLE were performed focusing on various vulnerabilities, such as the insecure implementation of encryption, device authentication, user privacy, etc.  ...  The attackers can exploit these vulnerabilities and steal data from BLE devices. 1) CO-LOCATED MOBILE APPLICATION ATTACK This threat is not caused by the vulnerability of the BLE protocol itself, rather  ... 
doi:10.1109/ojcoms.2022.3149732 fatcat:6cwlchy7avhx7ojjslyoyvsifm

You're where? prove it!

Jacob T. Biehl, Adam J. Lee, Gerry Filby, Matthew Cooper
2015 Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing - UbiComp '15  
Location-enabled applications now permeate the mobile computing landscape.  ...  While not essential to each of these applications, many will require that the location of the device be true and verifiable.  ...  Preventing Replay Attacks Replay attacks against LocAssure are made possible due to the relative stability of the BLE infrastructure visible at a given location over time.  ... 
doi:10.1145/2750858.2804284 dblp:conf/huc/BiehlLFC15 fatcat:j6p4k6xd65f5bfh4t7tc5jhtsa

Security enhanced Emergency Situation Detection System for Ambient Assisted Living

Placide Shabisha, Chamara Sandeepa, Charuka Moremada, Nadeeka Dissanayaka, Tharindu Gamage, An Braeken, Kris Steenhaut, Madhusanka Liyanage
2021 IEEE Open Journal of the Computer Society  
Bluetooth Low Energy (BLE) communication technology is used to connect sensor nodes (wearable devices) and mobile relays.  ...  solutions for IoT healthcare applications.  ...  It also offers protection against several types of security threats, i.e., node capturing attack, impersonation attack, man-in-the-middle attack, replay attack, and online/offline dictionary attack.  ... 
doi:10.1109/ojcs.2021.3095341 fatcat:s65jb42q6ffizo22fxqt534jea

A Survey on Context-based Co-presence Detection Techniques [article]

Mauro Conti, Chhagan Lal
2019 arXiv   pre-print
Finally, we summarize the significant challenges and suggest possible innovative and efficient future solutions for securely detecting co-presence between devices in the presence of adversaries.  ...  In particular, the survey includes a discussion on the possible adversary and communication models along with the existing security attacks on ZICDA systems, and it reviews the state-of-the-art proximity  ...  Thus, these attacks limit the usability of co-presence techniques in various application domains. To provide security against all types of attacks in ZICDA systems is a challenging task.  ... 
arXiv:1808.03320v2 fatcat:4fgrtt5n7veahmfxswidkav2se

A Survey of Automatic Contact Tracing Approaches [article]

Leonie Reichert, Samuel Brack, Björn Scheuermann
2020 IACR Cryptology ePrint Archive  
Bluetooth Low Energy (BLE) as base technology has the most promising properties, so this survey focuses on automated contact tracing techniques using BLE.  ...  Attacks against BLE Here, problems with and attacks against BLE are discussed in more detail. 6.1.1 Jamming.  ...  Bluetooth and BLE are not the only technologies available for determining co-location.  ... 
dblp:journals/iacr/ReichertBS20a fatcat:bliznngiczfsdpcbhrptglaf2e

A context-aware system to secure enterprise content: Incorporating reliability specifiers

Oyindamola Oluwatimi, Maria Luisa Damiani, Elisa Bertino
2018 Computers & security  
In CASSEC 2.0, we evaluate our confidence constructs by implementing two new authentication mechanisms.  ...  Biometric authentication relies on the accelerometer and fingerprint sensors to measure behavioral and physiological user features to prevent unauthorized users from using an authorized user's device.  ...  authentication protocol that is resistant against relay attacks.  ... 
doi:10.1016/j.cose.2018.04.001 fatcat:nw3u3vh5affodia4sfwfgbybtu

SpreadMeNot: A Provably Secure and Privacy-Preserving Contact Tracing Protocol [article]

Pietro Tedeschi, Spiridon Bakiras, Roberto Di Pietro
2021 arXiv   pre-print
Our second contribution is the design and implementation of SpreadMeNot, a novel contact tracing protocol that can defend against most passive and active attacks, thus providing strong (provable) security  ...  and privacy guarantees that are necessary for such a sensitive application.  ...  ACKNOWLEDGEMENTS This publication was partially supported by awards NPRP11S-0109-180242 from the QNRF-Qatar National Research Fund, a member of The Qatar Foundation.  ... 
arXiv:2011.07306v2 fatcat:a52yn45kf5cwhcjalnvk7irh4y

A State-of-the-Art Review on the Security of Mainstream IoT Wireless PAN Protocol Stacks

Georgios Kambourakis, Constantinos Kolias, Dimitrios Geneiatakis, Georgios Karopoulos, Georgios Michail Makrakis, Ioannis Kounelis
2020 Symmetry  
numerous applications, ranging from healthcare, smart homes, and cities, to intelligent transportation systems and industrial automation.  ...  At the same time, security and privacy concerns regarding IoT technologies are also attracting significant attention given the risks that are inherently associated with the respective devices and their  ...  Therefore, a malicious application can access the existing BLE data of other applications located in the same device without initiating pairing or reuse the connection of the legitimate mobile application  ... 
doi:10.3390/sym12040579 fatcat:3ajcbbciondlrjnv73fwzph5pu

The Road Towards Private Proximity Services

Michael Haus, Aaron Yi Ding, Jorg Ott
2019 2019 IEEE 20th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM)  
To improve user's privacy from a system point of view, we analyzed different security mechanisms in the domain of device-to-device (D2D) communication such as access control, location privacy.  ...  Device-to-Device communication [1] Ultrasound communication [6] Distance-bounding communication Group detection and communication [6] Private indoor service discovery [3] Relay attacks, Log analysis, Homomorphic  ...  The location or sensor data used by LBS and PBS is sensitive and must be protected against privacy attacks. For example, adversaries can reconstruct movements across space and time.  ... 
doi:10.1109/wowmom.2019.8793013 dblp:conf/wowmom/HausDO19 fatcat:orb4val6srfprg6tiuhunzmkta


Joshua Adkins, Prabal Dutta
2016 Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM - SenSys '16  
Further contributions describe the design decisions behind creating a low-power BLE device.  ...  Monoxalyze enables mobile cessation verification by working with a user's smartphone to establish a ring of spatio-temporal transitive trust between the Monoxalyze device, the user, and the smartphone,  ...  We then apply a calibration to the raw CO measurements and analyze the data against the ground truth provided by the Smokerlyzer.  ... 
doi:10.1145/2994551.2994571 dblp:conf/sensys/AdkinsD16 fatcat:olqdgwwy2bdivam7httcsnm5nq

Non-Pharmaceutical Interventions against COVID-19 Pandemic: Review of Contact Tracing and Social Distancing Technologies, Protocols, Apps, Security and Open Research Directions

Uzoma Rita Alo, Friday Onwe Nkwo, Henry Friday Nweke, Ifeanyi Isaiah Achi, Henry Anayo Okemiri
2021 Sensors  
The paper critically and comprehensively reviews contact tracing technologies, protocols, and mobile applications (apps) that were recently developed and deployed against the coronavirus disease.  ...  We also x-rayed the strengths and weaknesses of the various technologies concerning their application in contact tracing and social distancing.  ...  This implies that BLE is not restricted by location, hence can be applied in mobile scenarios.  ... 
doi:10.3390/s22010280 pmid:35009822 pmcid:PMC8749862 fatcat:y2g2oi4z2zavdc6hzju4hczb64

Mind the GAP: Security Privacy Risks of Contact Tracing Apps [article]

Lars Baumgärtner
2020 arXiv   pre-print
For both types of attack, we have built tools that can easily be used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers).  ...  have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by  ...  broadcast by the users' mobile devices at each location.  ... 
arXiv:2006.05914v2 fatcat:qkpprqdl2nbirlfnv5eszpksmm
« Previous Showing results 1 — 15 out of 2,881 results