Analyzing the secure simple pairing in Bluetooth v4.0

This paper analyzes the security of Bluetooth v4.0’s Secure Simple Pairing (SSP) protocol, for both the Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (LE) operational modes. Bluetooth v4.0 is the latest version of a wireless communication standard for low-speed and low-range data transfer among devices in a human’s PAN. It allows increased network mobility among devices such as headsets, PDAs, wireless keyboards and mice. A pairing process is initiated when two devices desire to communicate, and this pairing needs to correctly authenticate devices so that a secret link key is established for secure communication. What is interesting is that device authentication relies on humans to communicate verification information between devices via a human-aided out-of-band channel. Bluetooth v4.0’s SSP protocol is designed to offer security against passive eavesdropping and man-inthe- middle (MitM) attacks. We conduct the first known detailed analysis of SSP for all its MitM-secure models. We highlight some issues related to exchange of public keys and use of the passkey in its models and discuss how to treat them properly

Bluetooth command and control channel

Bluetooth is popular technology for short-range communications and is incorporated in mobile devices such as smartphones, tablet computers and laptops. Vulnerabilities associated with Bluetooth technology led to improved security measures surrounding Bluetooth connections. Besides the improvement in security features, Bluetooth technology is still plagued by vulnerability exploits. This paper explores the development of a physical Bluetooth C&C channel, moving beyond previous research that mostly relied on simulations. In order to develop a physical channel, certain requirements must be fulfilled and specific aspects regarding Bluetooth technology must be taken into consideration. To measure performance, the newly designed Bluetooth C&C channel is executed in a controlled environment using the Android operating system as a development platform. The results show that a physical Bluetooth C&C channel is indeed possible and the paper concludes by identifying potential strengths and weaknesses of the new channel.http://www.elsevier.com/locate/cosehb2016Computer Scienc

A Coordination Model and Framework for Developing Distributed Mobile Applications

How to coordinate multiple devices to work together as a single application is one of the most important challenges for building a distributed mobile application. Mobile devices play important roles in daily life and resolving this challenge is vital. Many coordination models have already been developed to support the implementation of parallel applications, and LIME (Linda In a Mobile Environment) is the most popular member. This thesis evaluates and analyzes the advantages and disadvantages of the LIME, and its predecessor Linda coordination model. This thesis proposes a new coordination model that focuses on overcoming the drawbacks of LIME and Linda. The new coordination model leverages the features of consistent hashing in order to obtain better coordination performance. Additionally, this new coordination model utilizes the idea of replica mechanism to guarantee data integrity. A cross-platform coordination framework, based on the new coordination model, is presented by this thesis in order to facilitate and simplify the development of distributed mobile applications. This framework aims to be robust and high-performance, supporting not only powerful devices such as smartphones but also constrained devices, which includes IoT sensors. The framework utilizes many advanced concepts and technologies such as CoAP protocol, P2P networking, Wi-Fi Direct, and Bluetooth Low Energy to achieve the goals of high-performance and fault-tolerance. Six experiments have been done to test the coordination model and framework from di erent aspects including bandwidth, throughput, packages per second, hit rate, and data distribution. Results of the experiments demonstrate that the proposed coordination model and framework meet the requirements of high-performance and fault-tolerance

Multifactor authentication using smartphone as token

Biometrics are a field of study with relevant developments in the last decade. Specifically, electrocardiogram (ECG) based biometrics are now deemed a reliable source of identification. One of the major advances in this technology was the improvements in off-the-person authentication, by requiring nothing more than dry electrodes or conductive fabrics to acquire an ECG signal in a non-intrusive way through the user’s hands. However, identification still has a relatively poor performance when using large user databases. In this dissertation we suggest using ECG authentication associated with a smartphone security token in order to improve performance and decrease the time required for the recognition. We develop this technique in a user authentication scenario for a Windows login. We developed our solution using both normal Bluetooth (BT) and Bluetooth Low Energy (BLE) technologies to preserve phone battery; also, we develop apps for Windows Phone and Android, due to limitations detected. Additionally, we took advantage of the Intel Edison’s mobility features to create a more versatile environment. Results proved our solution to be possible. We executed a series of tests, through which we observed an improvement in authentication times when compared to a simple ECG identification scenario. Also, ECG performance in terms of false-negatives and false-positives is also increased.A biometria é uma área de estudo que observou desenvolvimentos relevantes na última década. Em específico, a biometria baseada no eletrocardiograma (ECG) é atualmente considerada uma fonte de identificação confiável. Um dos maiores avanços nesta tecnologia consiste na evolução da autenticação off-the-person, que permite realizar a aquisição de sinal de forma não intrusiva usando as mãos do utilizador. Contudo, a identificação através deste método ainda apresenta uma performance relativamente baixa quando usada uma base de dados de dimensão acima das dezenas. Nesta dissertação sugerimos usar a autenticação ECG associada a um telemóvel a funcionar como security token com o objectivo de melhorar a performance e diminuir o tempo necessário para o reconhecimento. Para isso, desenvolvemos a nossa solução usando a tecnologia Bluetooth (BL) clássico, mas também Bluetooth Low Energy (BLE) para preservar a bateria do telemóvel; além disto, desenvolvemos as aplicações em Windows Phone e também Android, dadas as limitações que encontrámos. Para criar um ambiente mais versátil e móvel, usámos a recente plataforma Intel Edison. Os resultados obtidos provam que a nossa solução é viável. Executámos uma série de testes, nos quais observámos uma melhoria nos tempos associados à autenticação quando comparados com o cenário clássico de identificação por ECG. Adicionalmente, a performance do ECG no que diz respeito ao número de falsos-negativos e falsos-positivos apresentou também melhoria

Mobile Authentication with NFC enabled Smartphones

Smartphones are becoming increasingly more deployed and as such new possibilities for utilizing the smartphones many capabilities for public and private use are arising. This project will investigate the possibility of using smartphones as a platform for authentication and access control, using near field communication (NFC). To achieve the necessary security for authentication and access control purposes, cryptographic concepts such as public keys, challenge-response and digital signatures are used. To focus the investigation a case study is performed based on the authentication and access control needs of an educational institutions student ID. To gain a more practical understanding of the challenges mobile authentication encounters, a prototype has successfully been developed on the basis of the investigation. The case study performed in this project argues that NFC as a standalone technology is not yet mature to support the advanced communication required by this case. However, combining NFC with other communication technologies such as Bluetooth has proven to be effective. As a result, a general evaluation has been performed on several aspects of the prototype, such as cost-effectiveness, usability, performance and security to evaluate the viability of mobile authentication

Security Analysis of Internet of Things Devices: Hands-on lab

International audienc

Towards a systematic security evaluation of the automotive Bluetooth interface

In-cabin connectivity and its enabling technologies have increased dramatically in recent years. Security was not considered an essential property, a mind-set that has shifted significantly due to the appearance of demonstrated vulnerabilities in these connected vehicles. Connectivity allows the possibility that an external attacker may compromise the security - and therefore the safety - of the vehicle. Many exploits have already been demonstrated in literature. One of the most pervasive connective technologies is Bluetooth, a short-range wireless communication technology. Security issues with this technology are well-documented, albeit in other domains. A threat intelligence study was carried out to substantiate this motivation and finds that while the general trend is towards increasing (relative) security in automotive Bluetooth implementations, there is still significant technological lag when compared to more traditional computing systems. The main contribution of this thesis is a framework for the systematic security evaluation of the automotive Bluetooth interface from a black-box perspective (as technical specifications were loose or absent). Tests were performed through both the vehicle’s native connection and through Bluetoothenabled aftermarket devices attached to the vehicle. This framework is supported through the use of attack trees and principles as outlined in the Penetration Testing Execution Standard. Furthermore, a proof-of-concept tool was developed to implement this framework in a semi-automated manner, to carry out testing on real-world vehicles. The tool also allows for severity classification of the results acquired, as outlined in the SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems. Results of the severity classification are validated through domain expert review. Finally, how formal methods could be integrated into the framework and tool to improve confidence and rigour, and to demonstrate how future iterations of design could be improved is also explored. In conclusion, there is a need for systematic security testing, based on the findings of the threat intelligence study. The systematic evaluation and the developed tool successfully found weaknesses in both the automotive Bluetooth interface and in the vehicle itself through Bluetooth-enabled aftermarket devices. Furthermore, the results of applying this framework provide a focus for counter-measure development and could be used as evidence in a security assurance case. The systematic evaluation framework also allows for formal methods to be introduced for added rigour and confidence. Demonstrations of how this might be performed (with case studies) were presented. Future recommendations include using this framework with more test vehicles and expanding on the existing attack trees that form the heart of the evaluation. Further work on the tool chain would also be desirable. This would enable further accuracy of any testing or modelling required, and would also take automation of the entire process further