2024 Q2 | Science of Security Virtual Organization

2024 Q2

Advancing Security and Privacy of Bluetooth IoT

Research Team Status

Names of researchers and position
- Mohit Jangid (PhD Student)
- Christopher Ellis (PhD Student)
Any new collaborations with other universities/researchers?
- Yue Zhang (Assistant professor at Drexel University, PI's former postdoc)

Project Goals

What is the current project goal?
- Inspired by our earlier discovery from the BAT attack, we developed a more general attack we call IDBleed. The current goal is to understand the essence of IDBleed, identify its variants in wireless networks, and write a paper to describe this attack.
- We also would like to start to formalize the essence of allowlist-side channel attack, and develop primitive building blocks to allow the formal verification.
How does the current goal factor into the long-term goal of the project?
- Current goals are important milestone steps for our long term project goal.

Accomplishments

Address whether project milestones were met. If milestones were not met, explain why, and what are the next steps.
- We have finished a draft paper titled "Deanonymizing Device Identities via Side-channel Attacks In Exclusive-use IoTs: A Reality Today, A Challenge Tomorrow". We would like to upload a copy for internal review.
- We have also started to create the formulation of contextual privacy, the notation of unlinkability, observation equivalence with process algebra, in the hope to eventually formally verify whether a given protocol is vulnerable to allowlist side channel or not.
What is the contribution to foundational cybersecurity research? Was there something discovered or confirmed?
- Novel Vulnerability: We are the first to demonstrate the vulnerability in a ubiquitous wireless communication scenario we call exclusive-use, in which traffic pattern differences at certain stages reveal their trusted relationship. We focus on IoT devices and show that this fundamental and overlooked flaw can be exploited by attackers through either passive observation of wireless traffic or actively relaying (or replaying) packets.
- Concrete Attacks: We confirm through protocol and real-world packet analysis that widely used wireless technologies, BLE and Wi-Fi, are vulnerable to tracking attacks by exploiting exclusive-use characteristics to deanonymize devices, which we introduce as IDBLEED. Further, these attacks are feasible at low-cost as they exploit protocol traffic pattern vulnerabilities and do not require advanced device compromise or malware
Impact of research
- Internal to the university (coursework/curriculum)
  - None to report
- External to the university (transition to industry/government (local/federal); patents, start-ups, software, etc.)
  - None to report
- Any acknowledgements, awards, or references in media?
  - None to report

Publications and presentations

Paper Manuscript for review: Christopher Ellis, Yue Zhang, Mohit Jangid, Zhiqiang Lin. "Deanonymizing Device Identities via Side-channel Attacks In Exclusive-use IoTs: A Reality Today, A Challenge Tomorrow"

Lead PI:

Zhiqiang Lin

Report Materials

Files

Report File(s)

Manuscript describing the new attack we formulated. Please keep it for internal reviewing (1012.92 KB)