Enhancing security in Bluetooth

Bluetooth Low Energy v4.0 and 4.1 used LE legacy pairing, which is similar to BR/EDR secure simple pairing and does not provide passive eavesdropping protection. The issue was later resolved in Bluetooth v4.2 and 5, which use the Diffie-Hellman Elliptic Curve algorithm for key exchange prior to pairing. The whole link is then encrypted for any further communication, avoiding any passive eavesdropping. 

Bluetooth does provide a good security mechanism for paired devices, but it is still unclear how to restrict sniffers from investigating the services and characteristics of any Bluetooth Low Energy device. If you download the Nordic Connect Android/iOS application, you will be able to scan Bluetooth devices and read their characteristics. Much research can be performed to secure Bluetooth by not letting anyone sniff and investigate services/characteristics of Bluetooth devices.

Bluetooth Low Energy does not consider many-to-many relationships. The new versions are good at encrypting one-to-one links, where one central is paired with one peripheral, but the technology does not provide any mechanism to successfully pair multiple centrals with multiple peripherals. As of now, developers need to implement their own security wrapper to accommodate this scenario. 

Refer to Chapter 1, BLE and the Internet of Things, for complete details on security mechanisms for Bluetooth Low Energy.

Mesh networks are vulnerable to many security threats, and Bluetooth mesh is no different. Mesh network attacks can be broadly classified into two categories:

  • Insider attacks
  • Outsider attacks

Complete details of these attacks are given in Chapter 6, Bluetooth Mesh Technology. In a nutshell, insider attacks are when an intruder is a part of a mesh network, and outsider attacks are when an intruder has remote access to the network but is not physically present inside. Traditionally, firewalls can be used as a prime source of security from outsider attacks in wireless mesh networks, and this is only possible when you are using this network in a private environment. Since Bluetooth promises its role in IoT, mesh networking needs to come with proper security.

For most meshes, insider attacks are even more threatening, as any intruder can act as a normal node of a mesh. Intrusion detection and prevention systems are required to fight against insider attacks, and only then will it be possible to put Bluetooth mesh technology on the map of the industrial world. These topics open many doors for future research in the field of Bluetooth.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.141.31.240