Pei Cao, Chi Zhang, Xiang-Jun Lu, Hai-Ning Lu, Da-Wu Gu
{"title":"低功耗蓝牙重键协议的边信道分析","authors":"Pei Cao, Chi Zhang, Xiang-Jun Lu, Hai-Ning Lu, Da-Wu Gu","doi":"10.1007/s11390-022-1229-3","DOIUrl":null,"url":null,"abstract":"<p>In the era of the Internet of Things, Bluetooth low energy (BLE/BTLE) plays an important role as a well-known wireless communication technology. While the security and privacy of BLE have been analyzed and fixed several times, the threat of side-channel attacks to BLE devices is still not well understood. In this work, we highlight a side-channel threat to the re-keying protocol of BLE. This protocol uses a fixed long term key for generating session keys, and the leakage of the long term key could render the encryption of all the following (and previous) connections useless. Our attack exploits the side-channel leakage of the re-keying protocol when it is implemented on embedded devices. In particular, we present successful correlation electromagnetic analysis and deep learning based profiled analysis that recover long term keys of BLE devices. We evaluate our attack on an ARM Cortex-M4 processor (Nordic Semiconductor nRF52840) running Nimble, a popular open-source BLE stack. Our results demonstrate that the long term key can be recovered within only a small amount of electromagnetic traces. Further, we summarize the features and limitations of our attack, and suggest a range of countermeasures to prevent it.</p>","PeriodicalId":50222,"journal":{"name":"Journal of Computer Science and Technology","volume":"23 1","pages":""},"PeriodicalIF":1.2000,"publicationDate":"2023-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Side-Channel Analysis for the Re-Keying Protocol of Bluetooth Low Energy\",\"authors\":\"Pei Cao, Chi Zhang, Xiang-Jun Lu, Hai-Ning Lu, Da-Wu Gu\",\"doi\":\"10.1007/s11390-022-1229-3\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>In the era of the Internet of Things, Bluetooth low energy (BLE/BTLE) plays an important role as a well-known wireless communication technology. While the security and privacy of BLE have been analyzed and fixed several times, the threat of side-channel attacks to BLE devices is still not well understood. In this work, we highlight a side-channel threat to the re-keying protocol of BLE. This protocol uses a fixed long term key for generating session keys, and the leakage of the long term key could render the encryption of all the following (and previous) connections useless. Our attack exploits the side-channel leakage of the re-keying protocol when it is implemented on embedded devices. In particular, we present successful correlation electromagnetic analysis and deep learning based profiled analysis that recover long term keys of BLE devices. We evaluate our attack on an ARM Cortex-M4 processor (Nordic Semiconductor nRF52840) running Nimble, a popular open-source BLE stack. Our results demonstrate that the long term key can be recovered within only a small amount of electromagnetic traces. Further, we summarize the features and limitations of our attack, and suggest a range of countermeasures to prevent it.</p>\",\"PeriodicalId\":50222,\"journal\":{\"name\":\"Journal of Computer Science and Technology\",\"volume\":\"23 1\",\"pages\":\"\"},\"PeriodicalIF\":1.2000,\"publicationDate\":\"2023-09-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Computer Science and Technology\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s11390-022-1229-3\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Science and Technology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s11390-022-1229-3","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
Side-Channel Analysis for the Re-Keying Protocol of Bluetooth Low Energy
In the era of the Internet of Things, Bluetooth low energy (BLE/BTLE) plays an important role as a well-known wireless communication technology. While the security and privacy of BLE have been analyzed and fixed several times, the threat of side-channel attacks to BLE devices is still not well understood. In this work, we highlight a side-channel threat to the re-keying protocol of BLE. This protocol uses a fixed long term key for generating session keys, and the leakage of the long term key could render the encryption of all the following (and previous) connections useless. Our attack exploits the side-channel leakage of the re-keying protocol when it is implemented on embedded devices. In particular, we present successful correlation electromagnetic analysis and deep learning based profiled analysis that recover long term keys of BLE devices. We evaluate our attack on an ARM Cortex-M4 processor (Nordic Semiconductor nRF52840) running Nimble, a popular open-source BLE stack. Our results demonstrate that the long term key can be recovered within only a small amount of electromagnetic traces. Further, we summarize the features and limitations of our attack, and suggest a range of countermeasures to prevent it.
期刊介绍:
Journal of Computer Science and Technology (JCST), the first English language journal in the computer field published in China, is an international forum for scientists and engineers involved in all aspects of computer science and technology to publish high quality and refereed papers. Papers reporting original research and innovative applications from all parts of the world are welcome. Papers for publication in the journal are selected through rigorous peer review, to ensure originality, timeliness, relevance, and readability. While the journal emphasizes the publication of previously unpublished materials, selected conference papers with exceptional merit that require wider exposure are, at the discretion of the editors, also published, provided they meet the journal''s peer review standards. The journal also seeks clearly written survey and review articles from experts in the field, to promote insightful understanding of the state-of-the-art and technology trends.
Topics covered by Journal of Computer Science and Technology include but are not limited to:
-Computer Architecture and Systems
-Artificial Intelligence and Pattern Recognition
-Computer Networks and Distributed Computing
-Computer Graphics and Multimedia
-Software Systems
-Data Management and Data Mining
-Theory and Algorithms
-Emerging Areas
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
