Implementing BLE Security in IoT Applications (.PDF Download)

Oct. 2, 2018
Implementing BLE Security in IoT Applications (.PDF Download)

One of the biggest challenges while designing Internet of Things (IoT) applications is security. IoT devices talk over the air and can potentially expose all control and status information, as well as private user data. Instead of making lives easier, unsecured IoT devices potentially put human life and assets at risk. Imagine someone hacking into a home lighting control system to track when users are home and then breaking into the house. Or imagine someone trying to forge your identity and use to it to open your smart lock.

Three things must be implemented to secure IoT devices:

Mechanism to hide device's identity from unauthorized devices: Identity protection is essential to safeguard users from someone tracking their physical location. Without sufficient protection, IoT devices put users at risk of a privacy breach and possible physical or financial threat. It’s similar to someone following you based on your car's registration number.

Protection against passive eavesdropping: Passive eavesdropping is the process of listening to private communications between two devices. A passive eavesdropper quietly listens to communications and doesn’t alter the data. One such example is shown in Figure 1. Here, Pushek and Sachin are trying to have a private communication and a passive eavesdropper, Ashish, is listening to the communication without their knowledge.

Protection against man-in-the-middle attacks: Man-in-the-middle (MITM) attacks are the most serious among all security threats. In this case, a third device called the MITM attacker not only listens to the private communication between two devices, but can mimic either device and alter the data. Figure 2 shows one such example.

Hiding Device Identity from Unauthorized Devices

Bluetooth Low Energy (BLE) devices use a 48-bit address. If this address can be decoded by another device, that device can track the presence of the device. BLE makes it difficult for an un-trusted device to track by address by frequently changing the address. This is done using an Identity Resolving Key (IRK) that’s available only to trusted devices. An IRK is shared between trusted devices during the pairing process after the link is encrypted. It’s then stored internally as part of the bonding process. Such an address is called a Resolvable Private Address (RPA).


To join the conversation, and become an exclusive member of Electronic Design, create an account today!