IoT & Privacy - Comment assurer la confidentialité sur les réseaux sans fil ? L'exemple du BLE

Le Bluetooth Low Energy (BLE) est une variante Low Energy de la technologie Bluetooth qui a été introduite par la version 4.0 du standard Bluetooth en 2010. Comme son nom l’indique, le BLE se distingue de la version classique du Bluetooth par une consommation plu faible en énergie. En effet, le BLE implémente un mode de transmission à plus faible débit qui permet de diminuer la consommation énergétique. De par sa faible consommation, cette technologie est intégrée dans des systèmes contraints par les ressources énergétiques. Durant l’année 2017, plus de 2 milliards d’appareils équipés de la technologie BLE ont été distribués. La technologie BLE se retrouve dans un grand nombre d’objets connectés qui couvrent la plupart des domaines de l’IoT. En particulier, elle équipe de nombreux objets qui nous accompagnent dans notre vie quotidienne : les smartphones, tablettes et ordinateurs, des accessoires tels que les écouteurs connectés, bracelets et smartwatches, ou encore la domotique (ampoules, interrupteurs, etc). Grâce au Bluetooth Low Energy, deux appareils BLE, un maître et un esclave, peuvent établir une connexion pour échanger des données. Lorsqu’il n’est pas connecté, un esclave se trouve en mode advertising et va annoncer sa présence en émettant périodiquement des messages appelés advertisement packets. Il devient ainsi détectable et identifiable par tout appareil maître qui se trouve à portée. Dans le cadre de la Chaire SPIE – INSA Lyon, nous travaillons à la détection et à la capture du trafic sans fil pour analyser les menaces de fuites d’informations sur la vie privée de l’utilisateur. Ce cahier illustre ces propriétés au travers du BLE, et les différents mécanismes préventifs exposés peuvent, pour certains,se transposer dans différents protocoles IoT

Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile

International audienceBluetooth Low Energy (BLE) is a short range wireless technology included in many consumer devices such as smartphones, earphones and wristbands. As part of the Attribute (ATT) protocol, discover-able BLE devices expose a data structure called Generic Attribute (GATT) profile that describes supported features using concepts of services and characteristics. This profile can be accessed by any device in range and can expose users to privacy issues. In this paper, we discuss how the GATT profile can be used to create a fingerprint that can be exploited to circumvent anti-tracking features of the BLE standard (i.e. MAC address randomization). Leveraging a dataset of more than 13000 profiles, we analyze the potential of this fingerprint and show that it can be used to uniquely identify a number of devices. We also shed light on several issues where GATT profiles can be mined to infer sensitive information that can impact privacy of users. Finally, we suggest solutions to mitigate those issues

PUPy: A Generalized, Optimistic Context Detection Framework

In modern life, the usage of smart devices like smartphones and laptops that allow for access to information, communication with friends and colleagues and other indispensable services has become ubiquitous. People have gradually taken to performing more and more of their daily tasks on and through these devices. Therefore, all modern smart devices employ some form of authentication to ensure that access to this confidential data by the wrong person is avoided. This authentication method is usually some form of explicit authentication, which can be detrimental to the user's experience, often leading to users forgoing authentication entirely. Implicit authentication aims to limit the amount of explicit authentications that are necessary for the user, using passive approaches to authenticate the user instead. Context detection frameworks aim to reduce explicit authentications by disabling explicit authentication entirely when appropriate. Since these two approaches are not mutually exclusive, there exist frameworks that will use the context around them to make decisions when authenticating on which approach to use. This combination of context detection with implicit authentication is the approach taken in this work, though we focus mainly on the context detection part of this hybrid approach. We aim to build upon existing works through wider applicability, better accuracy through numerous data sources, and most importantly, an optimistic approach to context detection. We build a framework based on the assumption that the absence of data can, in some cases, be taken as a sign the context is safe. This optimistic approach provides a less secure method of determining the context of the device, but simultaneously provides a significantly improved user experience. In this thesis, we outline a theoretical context detection framework that is based on a novel set of values. These values are called privacy, unfamiliarity and proximity, each describing a different aspect of the current context. Privacy tracks the privacy of the current context, while unfamiliarity tracks how many unfamiliar people are around. Finally, proximity estimates the distance between the device and the user. These values are calculated using a method we devise that better adapts to different contexts. We provide an Android implementation of the framework, including an API that allows other developers to contribute modules to the system. These modules can provide additional input data for PUPy, or build functionality that uses the calculated values. Finally, we evaluate the theoretical framework, using two datasets - Cambridge/Haggle and the MDC dataset. We conduct visual and statistical analysis of how the system functions using data from the datasets. Through this analysis, we find that PUPy compares favourably to existing works, permitting a 77% reduction on average in the number of explicit authentications