Keywords: Security Fuzz Testing, Bluetooth Low Energy, Internet of Things
Sheng-Xiang Lin1 , Hsin-Hung Cho2 , Chi-Yuan Chen3*, Yu-Chieh Li4
1,2,3Department of Computer Science and Information Engineering, National Ilan University
Due to the power saving feature of Bluetooth Low Energy (BLE), many mobile devices and wearable devices support BLE communication technology. In recent years, the popularity of IoT related applications, more and more personal data transferred through the BLE protocol. However, there are various attack techniques for Bluetooth technologies. How to test the security of BLE devices has become an urgent challenge to overcome. In this paper, we utilized the black box test method, Fuzz Testing, which is common in software testing. This paper presents a Security Fuzz Testing Framework for BLE Protocols and uses open source hardware/software resources to implement the testing platform. We also analyze the difficulties and solutions encountered in the testing of BLE protocols.
- “Bluetooth Core Version 4.0 specification,” 2010.
- H. Robin, “Bluetooth Low Energy: The Developer's Handbook,” Prentice Hall, 2012.
- L. Matteo, R. Setola, and J. Lopez, “Cybersecurity of wearable devices: an experimental analysis and a vulnerability assessment method,” Annual Computer Software and Applications Conference (COMPSAC), 2017. Google Scholar
- Sławomir Jasek, “Gattacking Bluetooth smart devices”, BlackHat USA, 2016. Google Scholar
- M. Ryan, “Bluetooth: With Low Energy Comes Low Security”, Proc. 7th USENIX Conf. Offensive Technologies, USENIX Association, 2013. Google Scholar
- Tommi Mäkilä, Jukka Taimisto and Miia Vuontisjärvi, “Fuzzing Bluetooth Crash-testing bluetooth-enabled devices”, Codenomicon whitepaper, 2011. Google Scholar
- Apala Ray, Vipin Raj, Manuel Oriol, Aurelien Monot and and Sebastian Obermeier, “Bluetooth Low Energy Devices Security Testing Framework,” IEEE 11th International Conference on Software Testing, Verification and Validation, 2018. Google Scholar
For more information about this article, please contact us here