Address Privacy of Bluetooth Low Energy
Bluetooth low energy (LE) devices have been widely used in the Internet of Things (IoT) and wireless personal area networks (WPAN). However, attackers may compromise user privacy by tracking the addresses of the LE device. The resolvable private address (RPA) mechanism provides address privacy prote...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-11-01
|
| Series: | Mathematics |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2227-7390/10/22/4346 |
| _version_ | 1827644214167470080 |
|---|---|
| author | Dazhi Sun Yangguang Tian |
| author_facet | Dazhi Sun Yangguang Tian |
| author_sort | Dazhi Sun |
| collection | DOAJ |
| description | Bluetooth low energy (LE) devices have been widely used in the Internet of Things (IoT) and wireless personal area networks (WPAN). However, attackers may compromise user privacy by tracking the addresses of the LE device. The resolvable private address (RPA) mechanism provides address privacy protection for the LE device. Similar to Zhang and Lin’s work in CCS 2022, we investigate the privacy of the RPA mechanism in this paper. Our contributions are threefold. First, we discover that the RPA mechanism has a privacy weakness. The attacker can track the targeted device by exploiting the runs of the RPA mechanism when he intercepts the targeted device’s obsolete RPA value. Second, we propose an improved RPA mechanism to overcome the privacy weakness in the RPA mechanism. The improved RPA mechanism leads to a small amount of extra overheads without requiring modification to the basic cryptographic tools used in the standard specification. Third, we formalize a privacy model to capture the address privacy of the RPA mechanisms. Our improved RPA mechanism provides enhanced privacy guarantees to Bluetooth LE devices in wireless personal applications. |
| first_indexed | 2024-03-09T18:10:46Z |
| format | Article |
| id | doaj.art-5050955c433746fe85f44bd3d9df6e78 |
| institution | Directory Open Access Journal |
| issn | 2227-7390 |
| language | English |
| last_indexed | 2024-03-09T18:10:46Z |
| publishDate | 2022-11-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Mathematics |
| spelling | doaj.art-5050955c433746fe85f44bd3d9df6e782023-11-24T09:10:07ZengMDPI AGMathematics2227-73902022-11-011022434610.3390/math10224346Address Privacy of Bluetooth Low EnergyDazhi Sun0Yangguang Tian1Tianjin Key Laboratory of Advanced Networking (TANK), College of Intelligence and Computing, Tianjin University, Tianjin 300350, ChinaDepartment of Computer Science, University of Surrey, Surrey GU2 7XH, UKBluetooth low energy (LE) devices have been widely used in the Internet of Things (IoT) and wireless personal area networks (WPAN). However, attackers may compromise user privacy by tracking the addresses of the LE device. The resolvable private address (RPA) mechanism provides address privacy protection for the LE device. Similar to Zhang and Lin’s work in CCS 2022, we investigate the privacy of the RPA mechanism in this paper. Our contributions are threefold. First, we discover that the RPA mechanism has a privacy weakness. The attacker can track the targeted device by exploiting the runs of the RPA mechanism when he intercepts the targeted device’s obsolete RPA value. Second, we propose an improved RPA mechanism to overcome the privacy weakness in the RPA mechanism. The improved RPA mechanism leads to a small amount of extra overheads without requiring modification to the basic cryptographic tools used in the standard specification. Third, we formalize a privacy model to capture the address privacy of the RPA mechanisms. Our improved RPA mechanism provides enhanced privacy guarantees to Bluetooth LE devices in wireless personal applications.https://www.mdpi.com/2227-7390/10/22/4346Bluetooth standardlow energyresolvable private address mechanismtraceabilityprivacycryptography |
| spellingShingle | Dazhi Sun Yangguang Tian Address Privacy of Bluetooth Low Energy Mathematics Bluetooth standard low energy resolvable private address mechanism traceability privacy cryptography |
| title | Address Privacy of Bluetooth Low Energy |
| title_full | Address Privacy of Bluetooth Low Energy |
| title_fullStr | Address Privacy of Bluetooth Low Energy |
| title_full_unstemmed | Address Privacy of Bluetooth Low Energy |
| title_short | Address Privacy of Bluetooth Low Energy |
| title_sort | address privacy of bluetooth low energy |
| topic | Bluetooth standard low energy resolvable private address mechanism traceability privacy cryptography |
| url | https://www.mdpi.com/2227-7390/10/22/4346 |
| work_keys_str_mv | AT dazhisun addressprivacyofbluetoothlowenergy AT yangguangtian addressprivacyofbluetoothlowenergy |