Analysis of Bluetooth threats and v4.0 security features

Sandhya, S; Devi, K. A. Sumithra

doi:10.1109/iccca.2012.6179149

Cited by 22 publications

(14 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In [34], techniques were presented for eavesdropping on devices using Bluetooth. An extended review of Bluetooth threats and possible attacks was performed by Minar et al , Sandya et al and Dunnin [10,22,35], and recently, Cope et al [9] investigated the currently available tools to exploit vulnerabilities in Bluetooth. In conclusion, many Bluetooth versions that are in use today, have a wide variety of security vulnerabilities.…”

Section: Short Range Communication Protocolsmentioning

confidence: 99%

Deployment optimization of IoT devices through attack graph analysis

Agmon

Shabtai

Puzis

2019

Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

The Internet of things (IoT) has become an integral part of our life at both work and home. However, these IoT devices are prone to vulnerability exploits due to their low cost, low resources, the diversity of vendors, and proprietary firmware. Moreover, short range communication protocols (e.g., Bluetooth or ZigBee) open additional opportunities for the lateral movement of an attacker within an organization. Thus, the type and location of IoT devices may significantly change the level of network security of the organizational network. In this paper, we quantify the level of network security based on an augmented attack graph analysis that accounts for the physical location of IoT devices and their communication capabilities. We use the depth-first branch and bound (DFBnB) heuristic search algorithm to solve two optimization problems: Full Deployment with Minimal Risk (FDMR) and Maximal Utility without Risk Deterioration (MURD). An admissible heuristic is proposed to accelerate the search. The proposed method is evaluated using a real network with simulated deployment of IoT devices. The results demonstrate (1) the contribution of the augmented attack graphs to quantifying the impact of IoT devices deployed within the organization on security, and (2) the effectiveness of the optimized IoT deployment. CCS CONCEPTS• Security and privacy → Distributed systems security; Mobile and wireless security.

show abstract

Section: Short Range Communication Protocolsmentioning

confidence: 99%

Deployment optimization of IoT devices through attack graph analysis

Agmon

Shabtai

Puzis

2019

Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

show abstract

“…Bluetooth specification defines several security mechanisms for authentication and link layer security, but it is often seen that developers ignore these security measures to trade for design simplicity and to obtain fast market access. There is some well-documented case of attacks on BLE devices that comprise of intervening BLE connections, stealing private information [7]- [9] and jamming [10]. These active attacks, although detrimental, can be easily detected by intrusion detection systems [11], [12].…”

Section: Introductionmentioning

confidence: 99%

A Robust Algorithm for Sniffing BLE Long-Lived Connections in Real-Time

Sarkar

Liu

Jovanov

2019

2019 IEEE Global Communications Conference (GLOBECOM)

View full text Add to dashboard Cite

Bluetooth Low Energy (BLE) has become an intrinsic wireless technology for the Internet of Things (IoT). With the proliferation of BLE-embedded IoT devices, it is important to study the security and privacy implications of BLE. The forefront attack to BLE devices is the wireless sniffing attack, which would lead to more detrimental threats like jamming, encryption cracking or system penetration. Existing sniffing attacks are based on the correct detection of BLE connection initiation state, but they become ineffective for BLE long-lived connections. In this paper, we focus on the adversary setting with a lowcost single radio and develop a suite of real-time algorithms to determine the key parameters necessary to follow and sniff a BLE connection in the connected state. We implement our algorithms in the open source platform -Ubertooth One and evaluate its performance in terms of sniffing overhead and accuracy. By comparing with state-of-the-art schemes, experimental results show that our sniffer achieves much higher sniffing accuracy (over 80%) and better stability to BLE operational dynamics.

show abstract

“…There are four modes of protection (Security mode 1, Security mode 2, Security mode 3 and Security mode 4). Mode 1 does not require authentication and encryption, mode 2 applies authentication and encryption exclusively for individual services such as data transfer, mode 3 forces authentication, and encryption before the connection with the device is established, and mode 4 uses a simple method of pairing with the aim of establishing security on the service level [22].…”

Section: Security Aspect Of the Bluetooth Technologymentioning

confidence: 99%

Classification of Security Risks in the IoT Environment

Cvitić¹,

Vujić²,

Husnjak³

2016

DAAAM Proceedings

View full text Add to dashboard Cite

The concept of Internet of Things (IoT) is based on a layered architecture. Each of the layers includes the application of a range of diverse technologies for the data transmission, processing and storage. This paper will explore the vulnerabilities and threats in IoT environment and protection methods that can be implemented within such an environment due to the hardware limitations of the existing equipment and technology used for data transfer. Based on the results of the research, classification of security risks of the architectures' particular layer, as well as security risks depending on the type of use of IoT concept will be proposed. The classification of risk will provide the opportunity to direct further research on the most vulnerable layers of the architecture and implementation of appropriate methods of protection, depending on the application of this concept. This research was conducted in order to provide accurate information for visually impaired people.

show abstract

Analysis of Bluetooth threats and v4.0 security features

Cited by 22 publications

References 13 publications

Deployment optimization of IoT devices through attack graph analysis

Deployment optimization of IoT devices through attack graph analysis

A Robust Algorithm for Sniffing BLE Long-Lived Connections in Real-Time

Classification of Security Risks in the IoT Environment

Contact Info

Product

Resources

About