[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

WearSec: Towards Automated Security Evaluation of Wireless Wearable Devices

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13700))

Included in the following conference series:

  • 782 Accesses

Abstract

Wearable devices are becoming more prevalent in the daily life of society, ranging from smartwatches, and fitness bracelets to accessories and headphones. These devices, both from their hardware manufacturing and wireless firmware development perspectives may possess drawbacks. In recent years security researchers have uncovered a series of vulnerabilities. In this paper we introduce the concept and describe the key ideas towards the development of an automated security evaluation prototype for wireless wearable devices using device fingerprinting, as well as passive and active vulnerability identification. Furthermore we describe the technical approaches, challenges, and implementation choices we faced while developing the first stages of the prototype for this concept and handling full-spectrum Bluetooth analysis with software-defined radio.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 51.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 64.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Bartolucci, M., del Peral-Rosado, J.A., Estatuet-Castillo, R., Garcia-Molina, J.A., Crisci, M., Corazza, G.E.: Synchronisation of low-cost open source sdrs for navigation applications. In: 2016 8th ESA Workshop on Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing (NAVITEC), pp. 1–7. IEEE (2016)

    Google Scholar 

  2. Bertoncini, C., Rudd, K., Nousain, B., Hinders, M.: Wavelet fingerprinting of radio-frequency identification (RFID) tags. IEEE Trans. Industr. Electron. 59(12), 4843–4850 (2011)

    Article  Google Scholar 

  3. Bluetooth SIG Inc: Assigned numbers. https://www.bluetooth.com/specifications/assigned-numbers/. Accessed 26 Aug 2022

  4. Bratus, S., Cornelius, C., Kotz, D., Peebles, D.: Active behavioral fingerprinting of wireless devices. In: Proceedings of the first ACM Conference on Wireless Network Security, pp. 56–61 (2008)

    Google Scholar 

  5. Caca Labs: zzuf - multi-purpose fuzzer. http://caca.zoy.org/wiki/zzuf. Accessed 30 Aug 2022

  6. Celosia, G., Cunche, M.: Fingerprinting bluetooth-low-energy devices based on the generic attribute profile. In: Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things, pp. 24–31 (2019)

    Google Scholar 

  7. Cilliers, L.: Wearable devices in healthcare: privacy and information security issues. Health Inf. Manag. J. 49(2-3), 150–156 (2020). https://doi.org/10.1177/1833358319851684. PMID: 31146589

  8. Classen, J., Heinrich, A., Reith, R., Hollick, M.: Evil never sleeps: when wireless malware stays on after turning off iphones. In: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 146–156. WiSec ’22, Association for Computing Machinery, New York, NY, USA (2022). https://doi.org/10.1145/3507657.3528547

  9. Garbelini, M.E., Chattopadhyay, S., Bedi, V., Sun, S., Kurniawan, E.: Braktooth: causing havoc on bluetooth link manager (2021)

    Google Scholar 

  10. Garbelini, M.E., Wang, C., Chattopadhyay, S., Sumei, S., Kurniawan, E.: \(SweynTooth\): unleashing mayhem over bluetooth low energy. In: 2020 USENIX Annual Technical Conference (USENIX ATC 20), pp. 911–925 (2020)

    Google Scholar 

  11. Garg, P.: Fuzzing: mutation vs. generation. https://resources.infosecinstitute.com/topic/fuzzing-mutation-vs-generation/. Accessed 28 Aug 2022

  12. GitLab: Devsecops with gitlab. https://about.gitlab.com/solutions/dev-sec-ops/. Accessed 30 Aug 2022

  13. GitLab DEVSECOPS blog: What is fuzz testing?. https://about.gitlab.com/topics/devsecops/what-is-fuzz-testing/. Accessed 28 Aug 2022

  14. Givehchian, H., et al.: Evaluating physical-layer ble location tracking attacks on mobile devices. In: IEEE Symposium on Security and Privacy (SP) (2022)

    Google Scholar 

  15. Google: american fuzzy lop. https://github.com/google/AFL Accessed 28 Aug 2022

  16. Great Scott Gadgets: Ubertooth one. https://greatscottgadgets.com/ubertoothone/. Accessed 26 Aug 2022

  17. Hale, M.L., Ellis, D., Gamble, R., Waler, C., Lin, J.: Secu wear: an open source, multi-component hardware/software platform for exploring wearable security. In: 2015 IEEE International Conference on Mobile Services, pp. 97–104. IEEE (2015)

    Google Scholar 

  18. Hale, M.L., Lotfy, K., Gamble, R.F., Walter, C., Lin, J.: Developing a platform to evaluate and assess the security of wearable devices. Digit. Commun. Netw. 5(3), 147–159 (2019)

    Article  Google Scholar 

  19. ImmunitySec: Spike. https://www.kali.org/tools/spike/. Accessed 30 Aug 2022

  20. Ken Research: Worldwide wearable devices cybersecurity market. https://www.kenresearch.com/defense-and-security/security-devices/worldwide-wearable-devices/179018-16.html. Accessed 28 Aug 2022

  21. Klees, G., Ruef, A., Cooper, B., Wei, S., Hicks, M.: Evaluating fuzz testing. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 2123–2138. CCS’18, Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3243734.3243804

  22. Köse, M., Taşcioğlu, S., Telatar, Z.: RF fingerprinting of IoT devices based on transient energy spectrum. IEEE Access 7, 18715–18726 (2019). https://doi.org/10.1109/ACCESS.2019.2896696

    Article  Google Scholar 

  23. Laricchia, F.: Number of connected wearable devices worldwide from 2016 to 2022. https://www.statista.com/statistics/487291/global-connected-wearable-devices/. Accessed 28 Aug 2022

  24. Li, B., Cetin, E.: Waveform domain deep learning approach for RF fingerprinting. In: 2021 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1–5. IEEE (2021)

    Google Scholar 

  25. Liang, J., Wang, M., Chen, Y., Jiang, Y., Zhang, R.: Fuzz testing in practice: obstacles and solutions. In: 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 562–566 (2018). https://doi.org/10.1109/SANER.2018.8330260

  26. Liu, D., Wang, M., Wang, H.: RF fingerprint recognition based on spectrum waterfall diagram. In: 2021 18th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP), pp. 613–616. IEEE (2021)

    Google Scholar 

  27. Lockout: Bbuzz: a bit-aware network protocol fuzzing and reverse engineering framework. https://github.com/lockout/Bbuzz. Accessed 28 Aug 2022

  28. Mahmoud, H.A., Arslan, H.: Error vector magnitude to snr conversion for nondata-aided receivers. IEEE Trans. Wireless Commun. 8(5), 2694–2704 (2009)

    Article  Google Scholar 

  29. Miller, C., Peterson, Z.N.: Analysis of mutation and generation-based fuzzing. DefCon vol. 15 (2007). https://defcon.org/images/defcon-15/dc15-presentations/Miller/Whitepaper/dc-15-miller-WP.pdf

  30. Nesenbergs, K., Paikens, P., Blumbergs, B., Rusins, A., Dobelis, E.: Apparatus and method for wireless security analysis of wearable devices (2022). lV Patent application No. EPLV202200000033380

    Google Scholar 

  31. Neumann, C., Heen, O., Onno, S.: An empirical study of passive 802.11 device fingerprinting. In: 2012 32nd International Conference on Distributed Computing Systems Workshops, pp. 593–602. IEEE (2012)

    Google Scholar 

  32. Offensive Security: Exploit-DB. https://www.exploit-db.com/ Accessed 26 Aug 2022

  33. OWASP: Fuzzing. https://owasp.org/www-community/Fuzzing Accessed 30 Aug 2022

  34. Peach: Peach fuzzer community edition. https://peachtech.gitlab.io/peach-fuzzer-community/ Accessed 30 Aug 2022

  35. Pereyda, J.: boofuzz: network protocol fuzzing for humans. https://github.com/jtpereyda/boofuzz. Accessed 30 Aug 2022

  36. Ruge, J., Classen, J., Gringoli, F., Hollick, M.: Frankenstein: advanced wireless fuzzing to exploit new bluetooth escalation targets. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 19–36. USENIX Association (2020). https://www.usenix.org/conference/usenixsecurity20/presentation/ruge

  37. Sköld, M., Yang, J., Sunnerud, H., Karlsson, M., Oda, S., Andrekson, P.A.: Constellation diagram analysis of DPSK signal regeneration in a saturated parametric amplifier. Opt. Express 16(9), 5974–5982 (2008)

    Article  Google Scholar 

  38. Soltanieh, N., Norouzi, Y., Yang, Y., Karmakar, N.C.: A review of radio frequency fingerprinting techniques. IEEE J. Radio Freq. Identif. 4(3), 222–233 (2020)

    Article  Google Scholar 

  39. Synopsys: Defensics fuzz testing. https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html

  40. Xu, Q., Zheng, R., Saad, W., Han, Z.: Device fingerprinting in wireless networks: challenges and opportunities. IEEE Commun. Surveys Tutorials 18(1), 94–104 (2015)

    Article  Google Scholar 

Download references

Acknowledgements

This research is funded by the Latvian Council of Science, project “Automated wireless security analysis for wearable devices", project No. LZP-2020/1-0395.

Author information

Authors and Affiliations

  1. Institute of Mathematics and Computer Science, University of Latvia, Raina blvd. 29, Riga, Latvia

    Bernhards Blumbergs, Ēriks Dobelis & Pēteris Paikens

  2. Institute of Electronics and Computer Science, 14 Dzerbenes St., Riga, Latvia

    Krišjānis Nesenbergs, Kirils Solovjovs & Artis Rušiņš

Authors
  1. Bernhards Blumbergs
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ēriks Dobelis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pēteris Paikens
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Krišjānis Nesenbergs
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kirils Solovjovs
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Artis Rušiņš
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pēteris Paikens .

Editor information

Editors and Affiliations

  1. Reykjavik University, Reykjavik, Iceland

    Hans P. Reiser

  2. Reykjavik University, Reykjavik, Iceland

    Marcel Kyas

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Blumbergs, B., Dobelis, Ē., Paikens, P., Nesenbergs, K., Solovjovs, K., Rušiņš, A. (2022). WearSec: Towards Automated Security Evaluation of Wireless Wearable Devices. In: Reiser, H.P., Kyas, M. (eds) Secure IT Systems. NordSec 2022. Lecture Notes in Computer Science, vol 13700. Springer, Cham. https://doi.org/10.1007/978-3-031-22295-5_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22295-5_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22294-8

  • Online ISBN: 978-3-031-22295-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation