Security Fuzz Testing Framework for Bluetooth Low Energy Protocols

Keywords: Security Fuzz Testing, Bluetooth Low Energy, Internet of Things

Sheng-Xiang Lin¹ , Hsin-Hung Cho² , Chi-Yuan Chen^3*, Yu-Chieh Li⁴

^1,2,3Department of Computer Science and Information Engineering, National Ilan University
⁴Onward Security, ¹This email address is being protected from spambots. You need JavaScript enabled to view it., ²This email address is being protected from spambots. You need JavaScript enabled to view it., ³This email address is being protected from spambots. You need JavaScript enabled to view it., ⁴This email address is being protected from spambots. You need JavaScript enabled to view it.

Abstract

Due to the power saving feature of Bluetooth Low Energy (BLE), many mobile devices and wearable devices support BLE communication technology. In recent years, the popularity of IoT related applications, more and more personal data transferred through the BLE protocol. However, there are various attack techniques for Bluetooth technologies. How to test the security of BLE devices has become an urgent challenge to overcome. In this paper, we utilized the black box test method, Fuzz Testing, which is common in software testing. This paper presents a Security Fuzz Testing Framework for BLE Protocols and uses open source hardware/software resources to implement the testing platform. We also analyze the difficulties and solutions encountered in the testing of BLE protocols.

References

1. “Bluetooth Core Version 4.0 specification,” 2010.
   
2. H. Robin, “Bluetooth Low Energy: The Developer's Handbook,” Prentice Hall, 2012.
   
3. L. Matteo, R. Setola, and J. Lopez, “Cybersecurity of wearable devices: an experimental analysis and a vulnerability assessment method,” Annual Computer Software and Applications Conference (COMPSAC), 2017. Google Scholar
   
4. Sławomir Jasek, “Gattacking Bluetooth smart devices”, BlackHat USA, 2016. Google Scholar
   
5. https://github.com/noble/bleno
   
6. M. Ryan, “Bluetooth: With Low Energy Comes Low Security”, Proc. 7th USENIX Conf. Offensive Technologies, USENIX Association, 2013. Google Scholar
   
7. https://github.com/greatscottgadgets/ubertooth
   
8. https://github.com/JiaoXianjun/BTLE
   
9. Tommi Mäkilä, Jukka Taimisto and Miia Vuontisjärvi, “Fuzzing Bluetooth Crash-testing bluetooth-enabled devices”, Codenomicon whitepaper, 2011. Google Scholar
   
10. Apala Ray, Vipin Raj, Manuel Oriol, Aurelien Monot and and Sebastian Obermeier, “Bluetooth Low Energy Devices Security Testing Framework,” IEEE 11th International Conference on Software Testing, Verification and Validation, 2018. Google Scholar

For more information about this article, please contact us here