On the Impact of Man-in-the-middle Attack on Bluetooth

Description

The popularity of Bluetooth Low Energy (BLE) is continuously rising, and thus the number of use cases for this near field communication technique increases as well. Therefore, the need to secure these devices is apparent. However, the tool support for analysing protocols on the application layer are limited. These protocols are often proprietary, and thus manual work is needed to configure a fuzzer. Additionally, the emulation and instrumentation of these device is often impossible, due to closed source implementations and exotic architectures. This makes the analysis of the protocol via a grey or withe-box fuzzer a tedious task. Thus, few research has been done on the automated analysis of application layer Bluetooth.

In this thesis we implement a framework which facilitates the analysis of an encrypted and authenticated BLE connection from a Man-in-the-Middle position.For analysis our framework can be expanded with custom analysis scripts. We evaluate our framework with the Black-Box fuzzer PULSAR, a fuzzer which is able to automatically derive the structure of a protocol. The explanation of this implementation is accompanied by the discussion of pitfalls and difficulties of the BLE network analysis.

Although we had problems fuzzing native BLE protocols, we were able to re-produce the results of the PULSAR paper. Thus, proving the capability of our framework to find security vulnerabilities in network protocol implementations.