BLEKeeper: Response Time Behavior Based Man-In-The-Middle Attack Detection

Muhammed Ali Yurdagul, Husrev Taha Sencar

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Citations (Scopus)

Abstract

Bluetooth Low Energy (BLE) has become one of the most popular wireless communication protocols and is used in billions of smart devices. Despite several security features, the hardware and software limitations of these devices makes them vulnerable to man-in-The-middle (MITM) attacks. Due to the use of these devices in increasingly diverse and safety-critical applications, the capability to detect MITM attacks has become more critical. To address this challenge, we propose the use of the response time behavior of a BLE device observed in relation to select read and write operations and introduce an active MITM attack detection system that identifies changes in response time. Our measurements on several BLE devices show that their response time behavior exhibits very high regularity, making it a very reliable attack indicator that cannot be concealed by an attacker. Test results show that our system can very accurately and quickly detect MITM attacks while requiring a simple learning approach.

Original languageEnglish
Title of host publicationProceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages214-220
Number of pages7
ISBN (Electronic)9781728189345
DOIs
Publication statusPublished - May 2021
Event2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021 - Virtual, Online
Duration: 27 May 2021 → …

Publication series

NameProceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021

Conference

Conference2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021
CityVirtual, Online
Period27/05/21 → …

Keywords

  • BLE
  • Man in the Middle Attacks

Fingerprint

Dive into the research topics of 'BLEKeeper: Response Time Behavior Based Man-In-The-Middle Attack Detection'. Together they form a unique fingerprint.

Cite this