Bluetooth Low Energy - privacy enhancement for advertisement
Abstract
The aim of this project is to design, simulate, and implement a privacy enhancement protocol over BLE advertising channels. The design of the privacy enhancement is generic and modular. Due to the risk of privacy disclosure and device tracking by adversary, the main focus will be put on designing and implementing message confidentiality, replay prevention, and anti-tracking of device over BLE advertising channels. Bluetooth core specification 4.1 is used as baseline for design and implementation. In order to provide resistance against replay attacks and device tracking, this project has taken counter approach. It proposes a 3-way handshake protocol for nonce Rs deployment. There are two nonces Ra and Rs involved in the 3-way handshake protocol. The advertiser generates a nonce Ra as challenge sent to the scanner, which assures of freshness of the advertising session. Then the scanner generates a nonce Rs for advertising confidentiality and replay prevention. After the nonce Rs is deployed successfully from the scanner to the advertiser, the local counters Receiving (RX) and Transmitting (TX) on both sides are initialized to be Rs which protects all the following advertisement in the advertising session.To accommodate to open BLE advertising channels a handling mechanism of counter out-of-synchronization is given in system design. Moreover, to avoid unnecessary power consumption in the BLE devices then mitigation for Denial-of-service (DoS) is also proposed. In addition, advertising confidentiality, replay prevention, and antitracking of device have been simulated in Scyther and also been integrated into the code. The functional tests have been done in a realistic testing environment. The results show that the added functionalities work as designed.