Journal of Korea Multimedia Society (한국멀티미디어학회논문지)

Korea Multimedia Society (한국멀티미디어학회)
권호 표지
DOI QR코드

DOI QR Code

Countermeasure against MITM attack Integrity Violation in a BLE Network

BLE 네트워크에서 무결성 침해 중간자 공격에 대한 대응기법

  • Han, Hyegyeon (Dept. of IT Convergence Engineering, Graduate School, Gachon University) ;
  • Lee, Byung Mun (Dept. of IT Computer Engineering, College of IT Convergence, Gachon University)
  • Received : 2021.12.06
  • Accepted : 2022.01.18
  • Published : 2022.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

BLE protocol prevents MITM attacks with user interaction through some input/output devices such as keyboard or display. Therefore, If it use a device which has no input/output facility, it can be vulnerable to MITM attack. If messages to be sent to a control device is forged by MITM attack, the device can be abnormally operated by malicious attack from attacker. Therefore, we describes a scenario which has the vulnerabilities of the BLE network in this paper and propose countermeasure method against MITM attacks integrity violations. Its mechanism provides data confidentiality and integrity with MD5 and security key distribution of Diffie Helman's method. In order to verify the effectiveness of the countermeasure method proposed in this paper, we have conducted the experiments. ​As experiments, the message was sent 200 times and all of them successfully detected whether there was MITM attack or not. In addition, it took at most about 4.2ms delay time with proposed countermeasure method between devices even attacking was going on. It is expected that more secure data transmission can be achieved between IoT devices on a BLE network through the method proposed.

Keywords

Acknowledgement

This work was supported by the Gachon University research fund of 2021(GCU-202103890001)

References

  1. H.S. Wi and B.M. Lee, "Customized Realtime Control of Sleep Induction Sound Based on Brain Wave Data," Journal of Korea Multimedia Society, Vol. 23, No. 2, pp. 204-215, 2020. https://doi.org/10.9717/KMMS.2020.23.2.204
  2. K.H. Hong. B.M Lee, and Y.J. Park, "Realtime Individual Identification Based on EOG Algorithm for Customized Sleep Care Service," Journal of Convergence for Information Technology, Vol. 9, No. 12, pp. 8-16G, 2019. https://doi.org/10.22156/CS4SMB.2019.9.12.008
  3. H. Han and B.M. Lee, "Customized Eyelid Warming Control Technique Using EEG Data in a Warming Mask for Sleep Induction," Journal of Korea Multimedia Society, Vol. 24, No. 8, pp. 1149-116, 2021. https://doi.org/10.9717/KMMS.2021.24.8.1149
  4. Bluetooth Pairing Part 4: Bluetooth Low Energy Secure Connections - Numeric Comparison(2017), https://www.bluetooth.com/blog/bluetooth-pairing-part-4 (accessed December 4, 2021).
  5. Bluctooth SIG, Bluetooth 4.2 Core Specification(2014), https://www.bluctooth.com/specifications/specs/core-specification-4-2 (accessed December 4, 2021).
  6. Y. Cho, "Diagnosis or Communication Security Vulnerability of Network Printer Using Wireshark," Journal of Digital Contents Society), Vol. 21, No. 3, pp. 601-607, 2020. https://doi.org/10.9728/dcs.2020.21.3.601
  7. H. Mohapatra, S. Rath, S. Panda, and R. Kumar, "Handling of Man-In-The-Middle Attack in WSN Through Intrusion Detection System," international Journal of Emerging Trends in Engineering Research Vol. 8, No. 5, pp. 1503-1410, 2020. https://doi.org/10.30534/ijeter/2020/05852020
  8. H. Jeon and S. Lee, "Analysis and Implementation of Digital Signature Algorithm for the Defense of MITM Attacks in loT Healthcare Devices," Journal of Korean institute of information Technology, Vol. 19, No. 9, pp. 57-68, 2021.
  9. J.J. Hoon, "Study' on the Security Threats Factors of A Bluetooth Low Energy," Convergence Security Journal, Vol. 17, No. 4, pp. 3-9, 2017.
  10. Bluetooth Pairing Part 1 - Pairing Feature Exchange(2016), https://www.bluetooth.com/blog/bluetooth-pairing-part-1-pairing-feature-exchange (accessed December 4, 2021).
  11. R. Jang, J. Lee, S. Jung, and W. Soh, "Data Transmission Method Using Broadcasting in Bluetooth Low Energy Environment," Journal of Digital Contents Society, Vol, 19, No. 5, pp. 963-969, 2018. https://doi.org/10.9728/dcs.2018.19.5.963
  12. S.I. Kim, S. Ji, and J. Lee, "Low Energy Bluetooth (BLE) Beacon Security Vulnerability Study," Review of Korea institute of Information Security and Cryptology, Vol. 26, No. 3, pp. 50-57, 2016.
  13. J. Tosi, F. Taffoni, M. Santacatterina, R. Sannino, and D. Formica, "Performance Evaluation of Bluetooth Low Energy: A Systematic Review," Sensors, Vol. 17, No. 12, pp. 2898-2932. 2017. https://doi.org/10.3390/s17122898
  14. M. Nikodem and M. Bawiec, "Experimental Evaluation of Advertisement-Based Bluetooth Low Energy Communication," Sensors, Vol, 20, No. 1, pp. 107-123, 2020. https://doi.org/10.3390/s20010107
  15. M. Kim, "An Analysis on the Number of Advertisements for Device Discovery in the Bluetooth Low Energy Network," Journal of the Institute of Electronics and Information Engineers, Vol. 53, No. 8, pp. 3-12, 2016. https://doi.org/10.5573/IEIE.2016.53.8.03
  16. J. Wang, F. Hu, Y. Zhou, Y. Liu, H. Zhang, and Z. Liu, "BlueDoor: Breaking the Secure Information Flow via BLE Vulnerability" Proceedings of the 18th international Conference on Mobile Systems, Applications, and Services, and Services, pp. 286-298, 2020.
  17. S.S. Hassan, S.D. Bibon, M.S. Hossain, and M. Atiquzzaman, "Security threats in Bluetooth Technology," Computers & Security, Vol. 74, No. 1, pp. 308-322, 2018. https://doi.org/10.1016/j.cose.2017.03.008
  18. Y. Zhang, J. Weng, Z. Ling, B. Pearson and X. Fu, "BLESS: A BLE Application Security Scanning Framework," Institute of Electrical and Electronics Engineers International Conference on Computer Communications 2020 - Institute of Electrical and Electronics Engineers Conference on Computer Communications, pp. 636-645, 2020.
  19. S. Pallavi and V.A. Narayanan, "An Overview of Practical Attacks on BLE Based lOT Devices and Their Security," 2019 5th international Conference on Aduanced Computing & Communication Systems, pp. 694-698, 2019.
  20. J. Lee, W. Choi, and D. Lee, "MITM Attack on Bluetooth Pairing in Passkey Entry Mode and Its Countermeasure," Korean Information Processing Society Transactions on Computer and Communication Systems, Vol. 5, No. 12, pp. 481-490, 2016.
  21. M. A. Yurdagul and H. T. Sencar, "BLEKeeper: Response Time Behavior Based Man-In-The-Middle Attack Detection," 2021 IEEE Security and Privacy Workshops, pp. 214-220, 2021.
  22. RCayre mirage(2020), https://github.com/RCayre/mirage (accessed January 7, 2022).
  23. DigitalSecurity btlejuice(2020), https://github.com/DigitaISecurity/btlejuice (accessed January 7, 2022).
  24. J. Park and S. Kim, "Secure Certificaleless Authenticated Key Agreement Protocol Against MITM Attack," The Journal of Korean Institute of Communications and Information Sciences, Vol. 43, No. 2, pp. 281-283, 2018. https://doi.org/10.7840/kics.2018.43.2.281
  25. P. Maniriho, E. Niyigaba, Z. Bizimana, V. Twilingiyimana, L. J. Mahoro, and T. Ahmad, "Anomaly-based Intrusion Detection Approach for loT Networks Using Machine Learning," 2020 International Conference on Computer Engineering, Network, and intelligent Multimedia, pp. 303-308, 2020.