Abstract
Bluetooth Low Energy (BLE) devices have become very popular because of their Low energy consumption and prolonged battery life. They are being used in smart wearable devices, home automation systems, beacons, and many more areas. BLE uses pairing mechanisms to achieve a level of peer entity authentication as well as encryption. Although there are a set of pairing mechanisms available, BLE devices with no keyboard or display mechanism (and hence using the Just Works pairing) are still vulnerable. In this paper, we propose and implement a light-weight digital certificate-based authentication mechanism for the BLE devices using the Just Works model. The proposed model is an add-on to the existing pairing mechanism and can be easily incorporated into the existing BLE stack. To counter the Man-in-The-Middle attack scenario in Just Works pairing (device spoofing), our proposed model allows the client and peripheral to use the popular Public Key Infrastructure (PKI) to establish peer entity authentication and a secure cryptographic tunnel for communication. We have also developed a light-weight BLE profiled digital certificate containing the bare minimum fields required for resource-constrained devices, which significantly reduces the memory (about 90% reduction) and energy consumption. We have experimentally evaluated the device’s energy consumption and execution time using the proposed pairing mechanism to demonstrate that the model can be easily deployed with fewer changes to the power requirements of the chips. The model has been formally verified using an automatic verification tool for protocol testing.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.