The decreasing cost of web-enabled smart devices utilizing embedded processors, sensors, and wireless communication hardware have created an optimal ecosystem for the Internet of Things (IoT). IEEE802.15.4, IEEE802.11ah, WirelessHART, ZigBee Smart Energy, Bluetooth (BT), and Bluetooth Low Energy (BLE) are amongst the most commonly used wireless standards for IoT systems. Each of these standards has tradeoffs concerning power consumption, range of communication, network formation, security, reliability, and ease of implementation. The most widely used standards for IoT are Bluetooth, BLE, and Zigbee. This paper discusses the vulnerabilities in the implementation of the PHY and link layers of BLE. The link layer defines the scheme for establishing a link between two devices. Scanning devices are able to establish communication with other devices that are sending advertising packets. These advertising packets are sent out in a deterministic fashion. The advertising channels for BLE, specified by the PHY layer, are Channels 37, 38, and 39, at center frequencies 2.402, 2.426, and 2.480 GHz, respectively. This scheme for establishing a connection seems to introduce an unintentional gap in the security of the protocol. Creating and transmitting tones with center frequencies corresponding to those of the advertising channels, a victim BLE device will be unable to establish a connection with another BLE device. Jamming a mesh network of BLE devices relies on this same concept. The proposed jamming system is an inexpensive one which utilizes the following hardware. Three individual synthesizers, a microcontroller (MCU), Wilkinson power combiner, power amplifier, and antenna, integrated on a single PCB, are used to transmit a 3-tone signal. Due to the unprecedented nature of the COVID-19 pandemic, necessary adjustments were made to the jammer system design. In the first modified jamming scheme, a single synthesizer evaluation board, power amplifier, and antenna, are used to transmit jamming tones in the form of a frequency hop. Limitations of the frequency hop approach necessitated a second modified scheme. In this second scheme a synthesizer and two Software Defined Radios (SDR), connected to a personal computer, continuously generate three individual jamming tones. The proposed jammer and the modified ones all classify as constant jammers as the transmission of jamming signals is continuous. Both modified jamming schemes are tested. The results of jamming using the second modified scheme validate the objective of simultaneous jamming of the advertising channels of BLE devices. The success of the modified scheme enables the original goal of creating a relatively inexpensive custom PCB for BLE advertising channel jamming. By exploiting the weakness of the BLE protocol, the hope is to have the governing body for Bluetooth, Bluetooth Special Interest Group (SIG), improve security for the future releases of BLE.
Identifer | oai:union.ndltd.org:CALPOLY/oai:digitalcommons.calpoly.edu:theses-3672 |
Date | 01 June 2020 |
Creators | Shintani, Aiku |
Publisher | DigitalCommons@CalPoly |
Source Sets | California Polytechnic State University |
Detected Language | English |
Type | text |
Format | application/pdf |
Source | Master's Theses |
Page generated in 0.0021 seconds