Neutralizing BLE Beacon-Based Electronic Attendance System Using Signal Imitation Attack
Many emerging location- or proximity-based applications use Bluetooth low energy (BLE) beacons thanks to the increasing popularity of the technology in mobile systems. An outstanding example is the BLE beacon-based electronic attendance system (BEAS) used in many universities today to increase the e...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2018-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/8555557/ |
| _version_ | 1818914449034051584 |
|---|---|
| author | Moonbeom Kim Jongho Lee Jeongyeup Paek |
| author_facet | Moonbeom Kim Jongho Lee Jeongyeup Paek |
| author_sort | Moonbeom Kim |
| collection | DOAJ |
| description | Many emerging location- or proximity-based applications use Bluetooth low energy (BLE) beacons thanks to the increasing popularity of the technology in mobile systems. An outstanding example is the BLE beacon-based electronic attendance system (BEAS) used in many universities today to increase the efficiency of lectures. Despite its popularity and usefulness, however, BEAS has not been thoroughly analyzed for its potential vulnerabilities. In this paper, we neutralize a university's BEAS by maliciously cheating attendance (i.e., faking attendance while the subject is not physically present at the location) in various scenarios using signal imitation attack, and investigate its possible vulnerabilities. The BEAS exploited in this paper is a commercial system actually used in a well-known university. After the exploitation experiment, we analyze the system's weaknesses and present possible counter-measures. Furthermore, additional attack methods are shown to re-counteract those possible counter-measures and to discuss the fundamental challenges, deficiencies, and suggestions in electronic attendance systems using BLE beacons. |
| first_indexed | 2024-12-19T23:46:33Z |
| format | Article |
| id | doaj.art-4c2428d1d4874c3d90c23f7edde8d9e7 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-19T23:46:33Z |
| publishDate | 2018-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-4c2428d1d4874c3d90c23f7edde8d9e72022-12-21T20:01:18ZengIEEEIEEE Access2169-35362018-01-016779217793010.1109/ACCESS.2018.28844888555557Neutralizing BLE Beacon-Based Electronic Attendance System Using Signal Imitation AttackMoonbeom Kim0https://orcid.org/0000-0003-0252-9808Jongho Lee1Jeongyeup Paek2https://orcid.org/0000-0001-5177-4936School of Computer Science and Engineering, Chung-Ang University, Seoul, South KoreaSchool of Computer Science and Engineering, Chung-Ang University, Seoul, South KoreaSchool of Computer Science and Engineering, Chung-Ang University, Seoul, South KoreaMany emerging location- or proximity-based applications use Bluetooth low energy (BLE) beacons thanks to the increasing popularity of the technology in mobile systems. An outstanding example is the BLE beacon-based electronic attendance system (BEAS) used in many universities today to increase the efficiency of lectures. Despite its popularity and usefulness, however, BEAS has not been thoroughly analyzed for its potential vulnerabilities. In this paper, we neutralize a university's BEAS by maliciously cheating attendance (i.e., faking attendance while the subject is not physically present at the location) in various scenarios using signal imitation attack, and investigate its possible vulnerabilities. The BEAS exploited in this paper is a commercial system actually used in a well-known university. After the exploitation experiment, we analyze the system's weaknesses and present possible counter-measures. Furthermore, additional attack methods are shown to re-counteract those possible counter-measures and to discuss the fundamental challenges, deficiencies, and suggestions in electronic attendance systems using BLE beacons.https://ieeexplore.ieee.org/document/8555557/Proximity-based applicationelectronic attendance systemsBluetooth low energyBLE beaconvulnerability analysis |
| spellingShingle | Moonbeom Kim Jongho Lee Jeongyeup Paek Neutralizing BLE Beacon-Based Electronic Attendance System Using Signal Imitation Attack IEEE Access Proximity-based application electronic attendance systems Bluetooth low energy BLE beacon vulnerability analysis |
| title | Neutralizing BLE Beacon-Based Electronic Attendance System Using Signal Imitation Attack |
| title_full | Neutralizing BLE Beacon-Based Electronic Attendance System Using Signal Imitation Attack |
| title_fullStr | Neutralizing BLE Beacon-Based Electronic Attendance System Using Signal Imitation Attack |
| title_full_unstemmed | Neutralizing BLE Beacon-Based Electronic Attendance System Using Signal Imitation Attack |
| title_short | Neutralizing BLE Beacon-Based Electronic Attendance System Using Signal Imitation Attack |
| title_sort | neutralizing ble beacon based electronic attendance system using signal imitation attack |
| topic | Proximity-based application electronic attendance systems Bluetooth low energy BLE beacon vulnerability analysis |
| url | https://ieeexplore.ieee.org/document/8555557/ |
| work_keys_str_mv | AT moonbeomkim neutralizingblebeaconbasedelectronicattendancesystemusingsignalimitationattack AT jongholee neutralizingblebeaconbasedelectronicattendancesystemusingsignalimitationattack AT jeongyeuppaek neutralizingblebeaconbasedelectronicattendancesystemusingsignalimitationattack |