题名

低功耗藍芽協定安全模糊測試框架

并列篇名

Security Fuzz Testing Framework for Bluetooth Low Energy Protocols

作者

林聖翔(Sheng-Xiang Lin);卓信宏(Hsin-Hung Cho);陳麒元(Chi-Yuan Chen);李育杰(Yu-Chieh Li)

关键词

低功耗藍芽 ; 模糊測試 ; 物聯網 ; Bluetooth Low Energy ; Fuzz Testing ; Internet of Things

期刊名称

資訊安全通訊

卷期/出版年月

25卷1期(2019 / 02 / 01)

页次

28 - 38

内容语文

繁體中文
中文摘要

低功耗藍芽(Bluetooth Low Energy,BLE)由於其省電的特性,許多行動裝置及穿戴裝置皆支援低功耗藍芽通訊技術,加上近年物聯網相關應用的普及,越來越多個人資料透過低功耗藍芽通訊協定來進行傳輸,然而針對各種藍芽技術的攻擊手法層出不窮,如何檢測低功耗藍芽裝置的安全性成為急需克服的挑戰。本研究採用軟體測試中常見的黑箱測試方法-模糊測試(Fuzz Testing),提出一低功耗藍芽協定安全模糊測試框架,並且採用開源的軟硬體資源實作測試平台,進一步分析進行低功耗藍芽協定測試所遭遇的困難與解決方案。
英文摘要

Due to the power saving feature of Bluetooth Low Energy (BLE), many mobile devices and wearable devices support BLE communication technology. In recent years, the popularity of IoT related applications, more and more personal data transferred through the BLE protocol. However, there are various attack techniques for Bluetooth technologies. How to test the security of BLE devices has become an urgent challenge to overcome. In this paper, we utilized the black box test method, Fuzz Testing, which is common in software testing. This paper presents a Security Fuzz Testing Framework for BLE Protocols and uses open source hardware/software resources to implement the testing platform. We also analyze the difficulties and solutions encountered in the testing of BLE protocols.
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. (2010).“Bluetooth Core Version 4.0 specification,” 2010..
  2. https://github.com/greatscottgadgets/ubertooth
  3. https://github.com/JiaoXianjun/BTLE
  4. https://github.com/noble/bleno
  5. Jasek, Sławomir(2016).Gattacking Bluetooth smart devices.BlackHat USA.
  6. Mäkilä, Tommi,Taimisto, Jukka,Vuontisjärvi, Miia(2011).Tommi Mäkilä, Jukka Taimisto and Miia Vuontisjärvi, “Fuzzing Bluetooth Crash-testing bluetooth-enabled devices”, Codenomicon whitepaper, 2011..
  7. Matteo, L.,Setola, R.,Lopez, J.(2017).Cybersecurity of wearable devices: an experimental analysis and a vulnerability assessment method.Annual Computer Software and Applications Conference (COMPSAC)
  8. Ray, Apala,Raj, Vipin,Oriol, Manuel,Monot, Aurelien,Obermeier, Sebastian(2018).Bluetooth Low Energy Devices Security Testing Framework.IEEE 11th International Conference on Software Testing, Verification and Validation
  9. Robin, H.(2012).Bluetooth Low Energy: The Developer's Handbook.Prentice Hall.
  10. Ryan, M.(2013).Bluetooth: With Low Energy Comes Low Security.Proc. 7th USENIX Conf. Offensive Technologies
print cancel