Abstract
Bluetooth Low Energy (BLE) has emerged as one of the most promising technologies to enable the Internet-of-Things (IoT) paradigm. In BLE-based IoT applications, e.g., wearables-oriented service applications, the Bluetooth MAC addresses of devices will be swapped for device pairings. The random address technique is adopted to prevent malicious users from tracking the victim’s devices with stationary Bluetooth MAC addresses and accordingly the device privacy can be preserved. However, there exists a tradeoff between privacy and security in the random address technique. That is, when device pairing is launched and one device cannot actually identify another one with addresses, it provides an opportunity for malicious users to break the system security via impersonation attacks. Hence, using random addresses may lead to higher security risks. In this study, we point out the potential risk of using random address technique and then present critical security requirements for BLE-based IoT applications. To fulfill the claimed requirements, we present a privacy-aware mechanism, which is based on elliptic curve cryptography, for secure communication and access-control among BLE-based IoT objects. Moreover, to ensure the security of smartphone application associated with BLE-based IoT objects, we construct a Smart Contract-based Investigation Report Management framework (SCIRM) which enables smartphone application users to obtain security inspection reports of BLE-based applications of interest with smart contracts.
Highlights
With the advancement of wireless communications and pervasive computing technologies on smartphones, people can control nearby Internet-of-Things (IoT) devices, e.g., wearable devices or fixed specific-purpose sensors, via their smartphones
Bluetooth Low Energy (BLE)-based applications associated privacy and security, we demonstrate a privacy-aware access control scheme for IoTand with IoT devices
Since in our scheme applications can constrain an authorized person to use security, we demonstrate a privacy-aware access control scheme for BLE-based IoT devices
Summary
With the advancement of wireless communications and pervasive computing technologies on smartphones, people can control nearby Internet-of-Things (IoT) devices, e.g., wearable devices or fixed specific-purpose sensors, via their smartphones. After verifying the user by the provided email and password, the server sends a secret key KS and a Bluetooth address AS associated with the motorcycle S to the application. Backend server of the company generates pseudo-addresses for user smartphones. When theforS user wants to use his/her addresses, theand backend server ofaddress the company generates pseudo-addresses smartphones. The motorcycle application message, the motorcycle can detect the presence of the user’s smartphone and try to connect to the smartphone retrieves the challenge and generates a response based on the secret key of the specific. If the response matches the challenge, the motorcycle executes the pseudo-addresses of motorcycle owners, Bluetooth secret keys previously received command. People can obtain the pseudo-addresses of motorcycle owners, Bluetooth MAC addresses of. Would not be a good solution to identifying devices using random addresses
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
