An Improved Authentication Scheme for BLE Devices with no I/O Capabilities

TL;DR

This paper introduces a lightweight digital certificate-based authentication method for BLE devices with no I/O capabilities, enhancing security of the Just Works pairing by integrating PKI to prevent man-in-the-middle attacks.

Contribution

It proposes a novel, resource-efficient digital certificate scheme for BLE devices that improves security without significantly increasing energy or memory use.

Findings

Reduces memory usage by about 90% with the new certificate design.

Demonstrates energy consumption remains low with the proposed authentication.

Successfully verified the protocol's security properties using formal methods.

Abstract

Bluetooth Low Energy (BLE) devices have become very popular because of their Low energy consumption and hence a prolonged battery life. They are being used in smart wearable devices, smart home automation system, beacons and many more areas. BLE uses pairing mechanisms to achieve a level of peer entity authentication as well as encryption. Although, there are a set of pairing mechanisms available but BLE devices having no keyboard or display mechanism (and hence using the Just Works pairing) are still vulnerable. In this paper, we propose and implement, a light-weight digital certificate based authentication mechanism for the BLE devices making use of Just Works model. The proposed model is an add-on to the already existing pairing mechanism and therefore can be easily incorporated in the existing BLE stack. To counter the existing Man-in-The-Middle attack scenario in Just Works pairing (device spoofing), our proposed model allows the client and peripheral to make use of the popular Public Key Infrastructure (PKI) to establish peer entity authentication and a secure cryptographic tunnel for communication. We have also developed a lightweight BLE profiled digital certificate containing the bare minimum fields required for resource constrained devices, which significantly reduces the memory (about 90\% reduction) and energy consumption. We have experimentally evaluated the energy consumption of the device using the proposed pairing mechanism to demonstrate that the model can be easily deployed with less changes to the power requirements of the chips. The model has been formally verified using automatic verification tool for protocol testing.