skip to main content

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Rethinking ranging of unmodified BLE peripherals in smart city infrastructure
Mobility tracking of IoT devices in smart city infrastructures such as smart buildings, hospitals, shopping centers, warehouses, smart streets, and outdoor spaces has many applications. Since Bluetooth Low Energy (BLE) is available in almost every IoT device in the market nowadays, a key to localizing and tracking IoT devices is to develop an accurate ranging technique for BLE-enabled IoT devices. This is, however, a challenging feat as billions of these devices are already in use, and for pragmatic reasons, we cannot propose to modify the IoT device (a BLE peripheral) itself. Furthermore, unlike WiFi ranging - where the channel state information (CSI) is readily available and the bandwidth can be increased by stitching 2.4GHz and 5GHz bands together to achieve a high-precision ranging, an unmodified BLE peripheral provides us with only the RSSI information over a very limited bandwidth. Accurately ranging a BLE device is therefore far more challenging than other wireless standards. In this paper, we exploit characteristics of BLE protocol (e.g. frequency hopping and empty control packet transmissions) and propose a technique to directly estimate the range of a BLE peripheral from a BLE access point by multipath profiling. We discuss the theoretical foundation and conduct experiments to show that the technique achieves a 2.44m absolute range estimation error on average.  more » « less
Award ID(s):
1704469
PAR ID:
10094602
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
MMSys '18 Proceedings of the 9th ACM Multimedia Systems Conference
Page Range / eLocation ID:
339 to 350
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ( , Network)

    Indoor location services often use Bluetooth low energy (BLE) devices for their low energy consumption and easy implementation. Applications like device monitoring, ranging, and asset tracking utilize the received signal strength (RSS) of the BLE signal to estimate the proximity of a device from the receiver. However, in multipath environments, RSS-based solutions may not provide an accurate estimation. In such environments, receivers with antenna arrays are used to calculate the difference in time of flight (ToF) and therefore calculate the direction of arrival (DoA) of the Bluetooth signal. Other techniques like triangulation have also been used, such as having multiple transmitters or receivers as a network of sensors. To find a lost item, devices like Tile© use an onboard beeper to notify users of their presence. In this paper, we present a system that uses a single-measurement device and describe the method of measurement to estimate the location of a BLE device using RSS. A BLE device is configured as an Eddystone beacon for periodic transmission of advertising packets with RSS information. We developed a smartphone application to read RSS information from the beacon, designed an algorithm to estimate the DoA, and used the phone’s internal sensors to evaluate the DoA with respect to true north. The proposed measurement method allows for asset tracking by iterative measurements that provide the direction of the beacon and take the user closer at every step. The receiver application is easily deployable on a smartphone, and the algorithm provides direction of the beacon within a 30° range, as suggested by the provided results.

     
    more » « less
  2. ; ; ( , ACM SIGSAC Conference on Computer and Communications Security)
    null (Ed.)
    Today, Bluetooth 4.0, also known as Bluetooth Low Energy (BLE), has been widely used in many IoT devices (e.g., smart locks, smart sensors, and wearables). However, BLE devices could contain a number of vulnerabilities at the BLE link layer during broadcasting, pairing, and message transmission. To detect these vulnerabilities directly from the bare-metal firmware, we present FirmXRay, the first static binary analysis tool with a set of enabling techniques including a novel base address identification algorithm for robust firmware disassembling, precise data structure recognition, and configuration value resolution. As a proof-of-concept, we focus on the BLE firmware from two leading SoC vendors (i.e., Nordic and Texas Instruments), and implement a prototype of FirmXRay atop Ghidra. We have evaluated FirmXRay with 793 unique firmware (corresponding to 538 unique devices) collected using a mobile app based approach, and our experiment results show that 98.1% of the devices have configured random static MAC addresses, 71.5% Just Works pairing, and 98.5% insecure key exchanges. With these vulnerabilities, we demonstrate identity tracking, spoofing, and eavesdropping attacks on real-world BLE devices. 
    more » « less
  3. ; ; ; ; ; ; ( , Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies)

    The proliferation of low-end low-power internet-of-things (IoT) devices in smart environments necessitates secure identification and authentication of these devices via low-overhead fingerprinting methods. Previous work typically utilizes characteristics of the device's wireless modulation (WiFi, BLE, etc.) in the spectrum, or more recently, electromagnetic emanations from the device's DRAM to perform fingerprinting. The problem is that many devices, especially low-end IoT/embedded systems, may not have transmitter modules, DRAM, or other complex components, therefore making fingerprinting infeasible or challenging. To address this concern, we utilize electromagnetic emanations derived from the processor's clock to fingerprint. We present Digitus, an emanations-based fingerprinting system that can authenticate IoT devices at range. The advantage of Digitus is that we can authenticate low-power IoT devices using features intrinsic to their normal operation without the need for additional transmitters and/or other complex components such as DRAM. Our experiments demonstrate that we achieve ≥ 95% accuracy on average, applicability in a wide range of IoT scenarios (range ≥ 5m, non-line-of-sight, etc.), as well as support for IoT applications such as finding hidden devices. Digitus represents a low-overhead solution for the authentication of low-end IoT devices.

     
    more » « less
  4. ; ; ; ( , Investigation of Vulnerabilities on Smart Grid End Devices)
    The Internet of Things (IoT) are paradigm shift transforming embedded objects into a smart connected device, ready to sense, analyze and communicate information with other devices. Nowadays, IoT devices are widely used in smart home systems and smart grid systems at a high level of integration and automation. However, the increasing tendency of the smart device also leads to a problem of security. The recent exploitations of the connected smart devices’ vulnerabilities reinforce the importance of security implementation and integration at the system level. In this work, we propose some use cases to show the vulnerability of the smart bulb to different attacks. 
    more » « less
  5. ; ; ; ; ; ; ; ; ( , IEEE)
    With the availability of Internet of Things (IoT) devices offering varied services, smart home environments have seen widespread adoption in the last two decades. Protecting privacy in these environments becomes an important problem because IoT devices may collect information about the home’s occupants without their knowledge or consent. Furthermore, a large number of devices in the home, each collecting small amounts of data, may, in aggregate, reveal non-obvious attributes about the home occupants. A first step towards addressing privacy is discovering what devices are present in the home. In this paper, we formally define device discovery in smart homes and identify the features that constitute discovery in that environment. Then, we propose an evaluative rubric that rates smart home technology initiatives on their device discovery capabilities and use it to evaluate four commonly deployed technologies. We find none cover all device discovery aspects. We conclude by proposing a combined technology solution that provides comprehensive device discovery tailored to smart homes. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email