Digital signing for short-message broadcasted traffic in BLE marketing channel
Jarogniew Rykowski , Mateusz Nomańczuk
AbstractAs long as Bluetooth Low Energy (BLE) was mainly applied for broadcasting marketing information, the problem of trust of this transmission was treated as marginal. However, once the marketing channel was applied for such application as geolocation by means of BLE beacons, and e-payments, the problem of proper identification and authentication of the broadcasting device, as well as time\&place of interaction, become very sharp. This problem cannot be solved by means of traditional mechanisms such as symmetric and asymmetric cryptography, due to several reasons. First, symmetric cryptography needs a redistribution of an encryption key, common for all the network nodes or at least known for the network central authentication point, and kept secret for the lifetime of the nodes. It is very problematic how to keep such multi-copied and long-lasting information secret. Second, the messages broadcasted in BLE marketing channel are restricted by length and format, making it practically impossible to use longer encryption keys widely assumed as safe. Third, BLE devices are usually very restricted according to memory amount and processing power, thus classical implementation of PKI encryption algorithms is very problematic. Fourth, there is no way to apply usual two-directional interaction to exchange some data to be encrypted, e.g., to proof directly the fact of interaction between two devices. And last but not least, time representation in small autonomous devices is quite weak, thus the hardware must be extended by some additional verification mechanisms and specialized hardware modules. In the paper we present a practical approach to an efficient representation of a testbed for trusted geolocation beacons broadcasting in the BLE marketing channel. The encryption is based on external co-processor and elliptic curves algorithms, which made it possible to apply shorten keys and use minimum resources of the beacon (memory, processor, energy). To prevent the attacks of ``recording'' type in man-in-the-middle mode (reusing the broadcasted information obtained in one place in the other place/time), the broadcasted messages include time stamps generated by attached RTC units. The idea may be applied for the other types of IoT and sensor networks to improve trust and verification of broadcasted messages.
|Publication size in sheets||0.5|
|Book||Ganzha Maria, Maciaszek Leszek, Paprzycki Marcin (eds.): Position Papers of the 2016 Federated Conference on Computer Science and Information Systems, Annals of Computer Science and Information Systems, vol. 9, 2016, PTI, IEEE, ISBN 978-83-60810-93-4, [978-83-60810-94-1], 334 p., DOI:10.15439/978-83-60810-93-4|
|Keywords in English||bluetooth, bluetooth low energy, beacons, cryptography|
* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.