Research Team Status
- Names of researchers and position
- Mohit Jangid (PhD student)
- Christopher Ellis (PhD student)
Any new collaborations with other universities/researchers?
N/A
Project Goals
What is the current project goal?
Our current goal is to understand the privacy leaks when Bluetooth IoT devices (such as smartwatch, Fitbit) are exclusively used. Our earlier efforts (BAT attacks [CCS'22]) reveal that there could be side channel leaks of the device identities even though there are MAC address randomization. Currently, we seek to generalize this observation and develop an attack concept we call IDBleed. Meanwhile, we are also developing formal methods to model the discovery of IDBleed.How does the current goal factor into the long-term goal of the project?
The current goal is an important step towards our long-term goal, namely formally modeling the security and privacy of Bluetooth IoT and beyond.
Accomplishments
Address whether project milestones were met. If milestones were not met, explain why, and what are the next steps.
We have been making solid progress of designing the formal model to discover the IDBleed attack we discovered. What behind the schedule is the student recruitment. The PI will try the best to recruit graduate research assistants (GRA) to join the team in Autumn 2024.
What is the contribution to foundational cybersecurity research? Was there something discovered or confirmed?
We discoverer a novel tracking attack we name it IDBleed, and show Bluetooth Low Energy, RFID, and Wi-Fi protocols that support confidentiality, integrity, and authentication are vulnerable to deanonymization due to a fundamental flaw in exclusive use wireless communication that ultimately enables device tracking. This attack has been confirmed by Bluetooth SIG, and Wi-Fi alliance. We are working on writing the paper.
- Impact of research
- Internal to the university (coursework/curriculum)
- Some of PI's prior research on Bluetooth has been integrated into cybersecurity curriculum, e.g., PI gave Bluetooth security and privacy talks to OSU student at https://web.cse.ohio-state.edu/~lin.3021/file/Hacking-Bluetooth-for-Fun-and-Profit.pptx
- External to the university (transition to industry/government (local/federal); patents, start-ups, software, etc.)
- N/A
- Any acknowledgements, awards, or references in media?
- N/A
- Internal to the university (coursework/curriculum)
Publications and presentations
- Add publication reference in the publications section below. An authors copy or final should be added in the report file(s) section. This is for NSA's review only.
- Optionally, upload technical presentation slides that may go into greater detail. For NSA's review only.