Методика аналізу безпеки BLE пристроїв на прикладі фітнес-трекера

Актуальність роботи. З кожним роком на ринку з’являється все більше пристроїв що використовують технологію Bluetooth Low Energy. Ці пристрої все більше стають пов’язаними із нашим повсякденним життям. На базі BLE працюють пристрої екосистеми розумного дому, різноманітні носимі пристрої типу навушників чи фітнес трекерів. BLE навіть використовується в керуванні мобільним електротранспортом (електро самокати та електро скейтборди). Саме тому, перевірка та можливість вдосконалення безпеки пристроїв що нас оточують є, по суті, підвищенням рівня своєї захищеності. Адже завжди існує загроза витоку даних, або ж їх підміна. А якщо зловмисник перехопить контроль над транспортом, то це вже становитиме ще й небезпеку для нашого життя. Об’єктом дослідження є пристрої Bluetooth Low Energy. Предметом дослідження є безпека пристроїв Bluetooth Low Energy. Метою роботи є розробка методики аналізу безпеки пристроїв Bluetooth Low Energy, на основі проведеного дослідження фітнес трекера та опрацьованих теоретичних матеріалів щодо безпеки BLE. Завдання роботи: 1. Дослідити принципи роботи технології Bluetooth Low Energy. 2. Ознайомитися з існуючими дослідженнями, методами дослідження та рекомендаціями щодо безпеки BLE. 3. Здійснити аналіз безпеки пристрою BLE - фітнес трекера. 4. На основі проаналізованого теоретичного матеріалу та проведеного дослідження розробити та запропонувати методику аналізу безпеки пристроїв BLE. Методи дослідження - ознайомлення та опрацювання літератури, що представлено монографічними та журнальними матеріалами, електронними ресурсами, які стосуються досліджуваної теми, аналіз існуючих шляхів вирішення проблеми, проведення власного дослідження. Наукова новизна полягає в тому, що розроблена методика є повним рішенням, в якому викладено основні аспекти перевірки безпеки пристроїв Bluetooth Low Energy, описані важливість кожного з аспектів та методи перевірки. Результати роботи викладені у третьому розділі, що демонструють практичну роботу нової методики. Практична значущість результатів. Результати даної роботи можуть бути використані при розробці або ж вдосконаленні пристроїв BLE.The object of study is Bluetooth Low Energy devices. The subject of the study is the security of Bluetooth Low Energy devices. The purpose of this work is to develop a methodology for analyzing the security of Bluetooth devices Low Energy, based on a study of fitness trackers and processed theoretical material on BLE security

InternalBlue - Bluetooth Binary Patching and Experimentation Framework

Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In particular, system aspects and close to hardware protocol layers are mostly uncovered. We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread in off-the-shelf devices. Thus, we offer deep insights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms. Reverse engineered functions can then be altered with our InternalBlue Python framework---outperforming evaluation kits, which are limited to documented and vendor-defined functions. The modified Bluetooth stack remains fully functional and high-performance. Hence, it provides a portable low-cost research platform. InternalBlue is a versatile framework and we demonstrate its abilities by implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we discover a novel critical security issue affecting a large selection of Broadcom chipsets that allows executing code within the attacked Bluetooth firmware. We further show how to use our framework to fix bugs in chipsets out of vendor support and how to add new security features to Bluetooth firmware

MagicPairing: Apple's Take on Securing Bluetooth Peripherals

Device pairing in large Internet of Things (IoT) deployments is a challenge for device manufacturers and users. Bluetooth offers a comparably smooth trust on first use pairing experience. Bluetooth, though, is well-known for security flaws in the pairing process. In this paper, we analyze how Apple improves the security of Bluetooth pairing while still maintaining its usability and specification compliance. The proprietary protocol that resides on top of Bluetooth is called MagicPairing. It enables the user to pair a device once with Apple's ecosystem and then seamlessly use it with all their other Apple devices. We analyze both, the security properties provided by this protocol, as well as its implementations. In general, MagicPairing could be adapted by other IoT vendors to improve Bluetooth security. Even though the overall protocol is well-designed, we identified multiple vulnerabilities within Apple's implementations with over-the-air and in-process fuzzing

Wireless Medical Sensor Networks: Design Requirements and Enabling Technologies

This article analyzes wireless communication protocols that could be used in healthcare environments (e.g., hospitals and small clinics) to transfer real-time medical information obtained from noninvasive sensors. For this purpose the features of the three currently most widely used protocols—namely, Bluetooth® (IEEE 802.15.1), ZigBee (IEEE 802.15.4), and Wi-Fi (IEEE 802.11)—are evaluated and compared. The important features under consideration include data bandwidth, frequency band, maximum transmission distance, encryption and authentication methods, power consumption, and current applications. In addition, an overview of network requirements with respect to medical sensor features, patient safety and patient data privacy, quality of service, and interoperability between other sensors is briefly presented. Sensor power consumption is also discussed because it is considered one of the main obstacles for wider adoption of wireless networks in medical applications. The outcome of this assessment will be a useful tool in the hands of biomedical engineering researchers. It will provide parameters to select the most effective combination of protocols to implement a specific wireless network of noninvasive medical sensors to monitor patients remotely in the hospital or at home

Software for Wearable Devices: Challenges and Opportunities

Wearable devices are a new form of mobile computer system that provides exclusive and user-personalized services. Wearable devices bring new issues and challenges to computer science and technology. This paper summarizes the development process and the categories of wearable devices. In addition, we present new key issues arising in aspects of wearable devices, including operating systems, database management system, network communication protocol, application development platform, privacy and security, energy consumption, human-computer interaction, software engineering, and big data.Comment: 6 pages, 1 figure, for Compsac 201

Internet of Things-aided Smart Grid: Technologies, Architectures, Applications, Prototypes, and Future Research Directions

Traditional power grids are being transformed into Smart Grids (SGs) to address the issues in existing power system due to uni-directional information flow, energy wastage, growing energy demand, reliability and security. SGs offer bi-directional energy flow between service providers and consumers, involving power generation, transmission, distribution and utilization systems. SGs employ various devices for the monitoring, analysis and control of the grid, deployed at power plants, distribution centers and in consumers' premises in a very large number. Hence, an SG requires connectivity, automation and the tracking of such devices. This is achieved with the help of Internet of Things (IoT). IoT helps SG systems to support various network functions throughout the generation, transmission, distribution and consumption of energy by incorporating IoT devices (such as sensors, actuators and smart meters), as well as by providing the connectivity, automation and tracking for such devices. In this paper, we provide a comprehensive survey on IoT-aided SG systems, which includes the existing architectures, applications and prototypes of IoT-aided SG systems. This survey also highlights the open issues, challenges and future research directions for IoT-aided SG systems

Wireless body sensor networks for health-monitoring applications

This is an author-created, un-copyedited version of an article accepted for publication in Physiological Measurement. The publisher is not responsible for any errors or omissions in this version of the manuscript or any version derived from it. The Version of Record is available online at http://dx.doi.org/10.1088/0967-3334/29/11/R01

Developing a Mini Smart House model

The work is devoted to designing a smart home educational model. The authors analyzed the literature in the field of the Internet of Things and identified the basic requirements for the training model. It contains the following levels: command, communication, management. The authors identify the main subsystems of the training model: communication, signaling, control of lighting, temperature, filling of the garbage container, monitoring of sensor data. The proposed smart home educational model takes into account the economic indicators of resource utilization, which gives the opportunity to save on payment for their consumption. The hardware components for the implementation of the Mini Smart House were selected in the article. It uses a variety of technologies to conveniently manage it and use renewable energy to power it. The model was produced in-dependently by students involved in the STEM project. Research includes sketching, making construction parts, sensor assembly and Arduino boards, programming in the Arduino IDE environment, testing the functioning of the system. Research includes sketching, making some parts, assembly sensor and Arduino boards, programming in the Arduino IDE environment, testing the functioning of the system. Approbation Mini Smart House researches were conducted within activity the STEM-center of Physics and Mathematics Faculty of Ternopil Volodymyr Hnatiuk National Pedagogical University, in particular during the educational process and during numerous trainings and seminars for pupils and teachers of computer science