Logo PTI
Polish Information Processing Society
Logo FedCSIS

Annals of Computer Science and Information Systems, Volume 9

Position Papers of the 2016 Federated Conference on Computer Science and Information Systems

Digital signing for short-message broadcasted traffic in BLE marketing channel

,

DOI: http://dx.doi.org/10.15439/2016F580

Citation: Position Papers of the 2016 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 9, pages 167173 ()

Full text

Abstract. As long as Bluetooth Low Energy (BLE) was mainly applied for broadcasting marketing information, the problem of trust of this transmission was treated as marginal. However, once the marketing channel was applied for such application as geolocation by means of BLE beacons, and e-payments, the problem of proper identification and authentication of the broadcasting device, as well as time\&place of interaction, become very sharp. This problem cannot be solved by means of traditional mechanisms such as symmetric and asymmetric cryptography, due to several reasons. First, symmetric cryptography needs a redistribution of an encryption key, common for all the network nodes or at least known for the network central authentication point, and kept secret for the lifetime of the nodes. It is very problematic how to keep such multi-copied and long-lasting information secret. Second, the messages broadcasted in BLE marketing channel are restricted by length and format, making it practically impossible to use longer encryption keys widely assumed as safe. Third, BLE devices are usually very restricted according to memory amount and processing power, thus classical implementation of PKI encryption algorithms is very problematic. Fourth, there is no way to apply usual two-directional interaction to exchange some data to be encrypted, e.g., to proof directly the fact of interaction between two devices. And last but not least, time representation in small autonomous devices is quite weak, thus the hardware must be extended by some additional verification mechanisms and specialized hardware modules. In the paper we present a practical approach to an efficient representation of a testbed for trusted geolocation beacons broadcasting in the BLE marketing channel. The encryption is based on external co-processor and elliptic curves algorithms, which made it possible to apply shorten keys and use minimum resources of the beacon (memory, processor, energy). To prevent the attacks of ``recording'' type in man-in-the-middle mode (reusing the broadcasted information obtained in one place in the other place/time), the broadcasted messages include time stamps generated by attached RTC units. The idea may be applied for the other types of IoT and sensor networks to improve trust and verification of broadcasted messages.

References

  1. What is Bluetooth technology?, http://www.bluetooth.com/Pages/what-is-bluetooth-technology.aspx, 2016
  2. Bluetooth Low Energy Technology, https://www.bluetooth.com/what-is-bluetooth-technology/bluetooth-technology-basics/low-energy, 2015
  3. Beacon Tech Overview, Estimote documentation, http://developer.estimote.com online: 21.10.2015
  4. Bluetooth® Low Energy Beacons, Texas Instruments materials, http://www.ti.com/lit/an/swra475/swra475.pdf, 2015
  5. P. Boddupalli, F. Al-Bin-Ali, N. Davies, A. Friday, O. Storz and M. Wu, Payment support in ubiquitous computing environments, in: Mobile Computing Systems and Applications, proceedings of Fifth IEEE Workshop on. IEEE, 2003
  6. Roberts, P. F. Internet of Things Demands New Social Contract To Protect Privacy. https://securityledger.com/2013/09/internet-of-things-will-force-choice-between-privacy-control/, 2013
  7. Atmel AVR 8-bit and 32-bit Microcontrollers, Atmel documentation, http://www.atmel.com/products/microcontrollers/avr/, 2016
  8. iOS: iBeacon technology overview, Apple documentation, https://support.apple.com/pl-pl/HT202880, 2015
  9. AltBeacon − The Open and Interoperable Proximity Beacon Specification, http://altbeacon.org, 2015
  10. Mark up the world using beacons, Google documentation, https://developers.google.com/beacons/, 2016
  11. Elliptical Curve Cryptography (ECC) Definition, TechTarget reports, http://searchsecurity.techtarget.com/definition/elliptical-curve-cryptography, 2015
  12. RSA cryptosystem, from Wikipedia, https://en.wikipedia.org/wiki/RSA_(cryptosystem), 2016
  13. G. S. Quirino, A. R. L. Ribeiro and E. D. Moreno, Asymmetric Encryption in Wireless Sensor Networks, http://www.intechopen.com/books/wireless-sensor-networks-technology-and-protocols/asymmetric-encryption-in-wireless-sensor-networks - comparison of PKI algorithms and timings, 2016
  14. Adams, C., & Lloyd, S. Understanding PKI: concepts, standards, and deployment considerations. Addison-Wesley Professional, ISBN 978-0-672-32391-1, 11–15, 2003
  15. L. B. Oliveira, D. Aranha, E. Morais, F. Daguano, J. Lopez, and R. Dahab, Identity-Based Encryption for Sensor Networks https://eprint.iacr.org/2007/020.pdf, 2016
  16. Willey W.D., Device Authentication in a PKI, US Patent 8,661,256, 2014
  17. Troxler R.E., Methods, Systems and Computer Program Products for Locating and Tracking Objects, US Patent Application US 2015/0088452, 2015
  18. Balfanz D., Lopes C., Smetters D., Stewart P., Wong H.C., Systems and Methods for Authenticating Communication in a Network Medium, US Patent US 8,156,337, 2012
  19. Rykowski, J., and M. Nomańczuk, Geolocalization beacons – a new way of position determination inside buildings, in: Drives and Control, vol. 12 (200) , Druk-Art. Press, 2015 (in Polish).
  20. Tiny Encryption Algorithm (TEA), from Wikipedia, https://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm, 2016
  21. SparkFun CryptoShield, https://www.sparkfun.com/products/13183, 2016
  22. HM-10 Bluetooth module datasheet, https://www.seeedstudio.com/wiki/images/c/cd/Bluetooth4_en.pdf, 2016
  23. H. Chourabi, T. Nam, S. Walker, J. R. Gil-Garcia, S. Mellouli, K. Nahon, T. A. Pardo, H. J. Scholl (2012), Understanding Smart Cities: An Integrative Framework, proc. of 45th Hawaii International Conference on System Sciences, DOI 10.1109/HICSS.2012.615, 2014
  24. Atzori, L., Iera, A., & Morabito, G. The Internet of Things: A survey. Computer Networks 54 (15), 2787-2805, 2010
  25. Towards the Internet of Services, CORDIS Software & Service Architectures and Infrastructures, http://cordis.europa.eu/fp7/ict/ssai/home_en.html, 2015