Alexis Duque gravatar image

Posted 2017-08-28 13:25:06 +0100

blogs->all

Make your Bluetooth Low Energy IoT device more secure with Visible Light Communication

    No tags

About IoT security

Since the Internet of Things is still in the emerging phase, ensuring security and privacy is an important issue that must be addressed and resolved now.

The number of IoT and connected objects grows exponentially, so their security exploits will have more and more repercussions, making them very attractive for the hackers. Recent news and the growing IoT track at security conferences such as Blackhat, or Defcon perfectly illustrates this phenomenon.

About Bluetooth

In regards to Bluetooth, the SIG greatly enhanced the BLE security releasing at the end of 2014 the Bluetooth Core Specification 4.2. This update introduces LE Secure Connections pairing model with the numeric comparison method and the Elliptical Curve Hellman-Diffie (ECDH) algorithm for the key exchange.
LE Secure Connections fixes BLE 4.0–1 exploits unveiled in 2012 by Mike Ryan at TOORCON (video, crackle project).

Like LE Legacy pairing, LE Secure Connection defines several modes and levels of security (see section 5.2.4 Association Models of the Bluetooth Core Specification 4.2). Nonetheless, the available modes depend on the “IO Capabilities” — keyboard, display, button — that the pairing devices have.

IO1 IO2

The highest level of security, Numeric Comparison requires that both BLE devices have a keyboard and a display to confirm and compare a number displayed on both the peripheral and smartphone. An alternative and more convenient approach is using NFC. By placing a smartphone close to the BLE (and NFC) peripheral, NFC will automatically initiate the BLE pairing and keys exchange mechanisms to establish an authenticated and encrypted communication channel.

However, the highly limited bill of material (BOM) cost or the PCB size prevents placing a screen, an interactive input, or an NFC antenna on such devices.
As a consequence, they provide a weak level of security whereas the attacks targeting such smart objects are rising.

To overcome this issue, we propose a technological solution based on Visible Light Communication (VLC) solution to assist the pairing and the secure connection setup between a BLE 4.2 peripheral and a smartphone.
This solution targets low-cost and size-constrained IoT devices that need to setup the Secure Connection with Numeric Comparison to provide a high level of security even on BLE devices that have neither input and display nor NFC.

Few words about Kiwink and VLC

Kiwink

Rtone has recently developed Kiwink®, a short range bi-directional Visible Light Communication system between an unmodified smartphone and a basic and cheap LED.
Kiwink® uses the camera and the flashlight of an Android or iOS smartphone and does not need hardware modification in the IoT peripheral since it works with any micro-controller.

In fact, bringing Kiwink and Visible Light Communication to your nRF52 BLE device just need a firmware update!

The communication range of such technology is tens of centimeters while the throughput is about 1kbps from the peripheral LED to the smartphone and 50bps from the smartphone to the peripheral LED.

Kiwink® is a trademark and its technology patented.

Improving BLE security with Kiwink and VLC

To solve the problem described above, we propose to take advantage of this VLC-based technology and ubiquitous LEDs, to provide a safe side channel to acknowledge or display a confirmation code and establish a BLE Secure Connection. We can also envisage to transmit a larger key if another Secure Connection mechanism is used.

This out of band key exchange is thus safer than NFC against passive eavesdropper since the light signal is highly directive and easy to obfuscate.

In practice, the connection establishment should work as follow:

  1. The smartphone starts sending a BLE Secure Connection request to the peripheral
  2. The smartphone and the peripheral proceeds to the Secure Connection Establishment with Numeric Comparison according to the BLE 4.2 standard
  3. While the smartphone confirmation number appears on the smartphone screen, the peripheral LED starts lightning and transmits its number.
  4. By placing its smartphone above its screen, the application decodes the signal and displays the peripheral number on the smartphone screen.
  5. The user confirms that both codes are equal.
  6. The smartphone sends the acknowledgment to the peripheral using the flashlight.
  7. The peripheral decodes the acknowledgment signal and the secure connection establishment can proceed according to the BLE 4.2 standard.

image description

Conclusion

We have shown that Kiwink and VLC offer the possibility to setup a Secure Connection with Numeric Comparison or Out-Off-Band authentication on low-cost and size-constrained IoT devices that have neither input and display nor NFC.

Our solution brings a high level of security on BLE devices that would have been completely unsafe otherwise. The costs of this major improvement are negligible since Kiwink only relies on a cheap LED and a piece of software.

Besides, many application fields and use cases of VLC exists like access control, device-to-device communication, or accurate indoor localization using ceiling LEDs (Kiwink website gives further information about VLC).

Finally, feel free to give your feedback about that. We are are waiting for your comments and suggestions!

3 comments

kordi gravatar image

Posted Sept. 1, 2017, 8:33 p.m.

Hello dear community nRF!!! Ragnar Lothbrok!!!)) (I just nearly launched an example of the nrf with the transfer of images from camera and happy) And how can I feel this technology (Kiwink). Is there any SDK for Android, iOS, web, microcontrollers? well, it is still not li-Fi is the mean speed?

Alexis Duque gravatar image

Posted Sept. 6, 2017, 9:53 a.m.

Hello kordi. There are no available open-source SDKs available at this time. If you are interested to try out Kiwink, you can contact us for a demo/devkit based on a nRFThingy.

Sure, it's not li-fi. Li-fi, is a part of VLC dedicated to high speed and internet access, while Kiwink technology is a part of VLC dedicated to low speed (more precisely, it is called Optical Camera Communication (OCC)). 1kbps is the mean speed (LED->Smartphone) between 5cm-10cm distance (https://kiwink.io/#how).

Posted Nov. 22, 2017, 12:12 p.m.

The real market revolution occurred when we got the opportunity to easily use mobile advertising! This article will help you to re-evaluate the use of beacons and an advertising platform in building an advertising campaign and attracting a potential client's attention much more quickly and efficiently. Method 1: Use coupons! This is a real opportunity to give your customer a discount and, moreover, to send it on client's mobile phone immediately, what will give your business the edge over your competitors. Use coupons and take the advantage of connecting the push-notifications to your service as well. In the future, it will create your own customer database with individual discounts! Coupons are a very flexible tool for not only broadcasting pictures: using our platform, you can broadcast videos, links, sheets, buttons, etc. It is a real infographic! Mobile advertising example - https://fdh.cloud deals coupon Method 2: Push-notifications: If you've already heard about the advertising platform with using the beacons, for sure, you know that each phone has its own personal UID, and we know how to use it! Once a customer visits your coupon and reviewing it, he is invited to subscribe to the service and remain a subscriber for a long time to get advantageous offers! If the user agrees, its UID will be stored in the FDH.cloud database and since this moment you can send it unique offers even though he is not in the beacon area! It's a real miracle! Send free web-push messages and promote your business! Method 3: Clone your URLs Each beacon allows you to broadcast any desired target content. Our platform extends its capabilities: with us, you can broadcast around a huge number of different offers and coupons! Create unique advertising campaigns, combine several different ads in one beacon - all of these is now available! Is your friend a business owner as well, but did not hear about our service yet? It takes a minute only to upload your friend's advertisement into your personal cabinet and voila! Now you are able to resell its advertising and that's the time to talk about income. Broadcast any of your desired content to the mobile screen - boost your sales! Method 4: Sell your advertising! Why limit yourself? Are you the owner of a small cafe or kiosk in a very busy place? Or, perhaps, you have a friend working near the subway entrance in the pavilion with periodicals? Feel like a marketer! Thousands of views are available with the Proximity marketing feature. Every day the technology simplifies and become more available and prevalent. Now you can use the platform for a large number of messages. So, if you have the advertising place with your beacon near the metro you always can offer it to someone. Thus, you will be able to get not just a return on your investments into our platform and even earn on it! Sticker on the entrance door. Be different, attract new customers using mobile advertising platform Do not limit yourself standard marketing methods! Mobile advertising and the fdh.cloud platform discovers the opportunities of the future now!

Sign in to comment.

Related posts by tag

No results