security fuzz testing
Keywords: Security Fuzz Testing, Bluetooth Low Energy, Internet of Things

Sheng-Xiang Lin1 , Hsin-Hung Cho2 , Chi-Yuan Chen3*, Yu-Chieh Li4

1,2,3Department of Computer Science and Information Engineering, National Ilan University
4Onward Security, 1This email address is being protected from spambots. You need JavaScript enabled to view it., 2This email address is being protected from spambots. You need JavaScript enabled to view it., 3This email address is being protected from spambots. You need JavaScript enabled to view it., 4This email address is being protected from spambots. You need JavaScript enabled to view it.



Abstract

Due to the power saving feature of Bluetooth Low Energy (BLE), many mobile devices and wearable devices support BLE communication technology. In recent years, the popularity of IoT related applications, more and more personal data transferred through the BLE protocol. However, there are various attack techniques for Bluetooth technologies. How to test the security of BLE devices has become an urgent challenge to overcome. In this paper, we utilized the black box test method, Fuzz Testing, which is common in software testing. This paper presents a Security Fuzz Testing Framework for BLE Protocols and uses open source hardware/software resources to implement the testing platform. We also analyze the difficulties and solutions encountered in the testing of BLE protocols.


References

  1. “Bluetooth Core Version 4.0 specification,” 2010.
  2. H. Robin, “Bluetooth Low Energy: The Developer's Handbook,” Prentice Hall, 2012.
  3. L. Matteo, R. Setola, and J. Lopez, “Cybersecurity of wearable devices: an experimental analysis and a vulnerability assessment method,” Annual Computer Software and Applications Conference (COMPSAC), 2017. Google Scholar
  4. Sławomir Jasek, “Gattacking Bluetooth smart devices”, BlackHat USA, 2016. Google Scholar
  5. https://github.com/noble/bleno
  6. M. Ryan, “Bluetooth: With Low Energy Comes Low Security”, Proc. 7th USENIX Conf. Offensive Technologies, USENIX Association, 2013. Google Scholar
  7. https://github.com/greatscottgadgets/ubertooth
  8. https://github.com/JiaoXianjun/BTLE
  9. Tommi Mäkilä, Jukka Taimisto and Miia Vuontisjärvi, “Fuzzing Bluetooth Crash-testing bluetooth-enabled devices”, Codenomicon whitepaper, 2011. Google Scholar
  10. Apala Ray, Vipin Raj, Manuel Oriol, Aurelien Monot and and Sebastian Obermeier, “Bluetooth Low Energy Devices Security Testing Framework,” IEEE 11th International Conference on Software Testing, Verification and Validation, 2018. Google Scholar

For more information about this article, please contact us here