research papers on bluetooth security

BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses

New citation alert added.

This alert has been successfully added and will be sent to:

You will be notified whenever a record that you have chosen has been cited.

To manage your alert preferences, click on the button below.

New Citation Alert!

Please log in to your account

Information & Contributors

Bibliometrics & citations.

Index Terms

Security and privacy

Network security

Mobile and wireless security

Security protocols

Systems security

Recommendations

Defenses against multi-sticker physical domain attacks on classifiers.

Recently, physical domain adversarial attacks have drawn significant attention from the machine learning community. One important attack proposed by Eykholt et al. can fool a classifier by placing black and white stickers on an object such as a ...

DDoS attacks and defense mechanisms: classification and state-of-the-art

Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today's Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With ...

Efficient Defenses Against Adversarial Attacks

Following the recent adoption of deep neural networks (DNN) accross a wide range of applications, adversarial attacks against these models have proven to be an indisputable threat. Adversarial samples are crafted with a deliberate intention of ...

Information

Published in.

• General Chairs:

Technical University of Denmark

• Program Chairs:

CISPA Helmholtz Center for Information Security

Khoury College of Computer Sciences

• SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Association for Computing Machinery

New York, NY, United States

Publication History

Permissions, check for updates, author tags.

• forward secrecy
• future secrecy
• Research-article

Funding Sources

• European Union

Acceptance Rates

Upcoming conference, contributors, other metrics, bibliometrics, article metrics.

• 0 Total Citations
• 19,372 Total Downloads
• Downloads (Last 12 months) 19,372
• Downloads (Last 6 weeks) 49

View Options

Login options.

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

View options.

View or Download as a PDF file.

View online with eReader .

Share this Publication link

Copying failed.

Share on social media

Affiliations, export citations.

• Please download or close your previous search result export first before starting a new bulk export. Preview is not available. By clicking download, a status dialog will open to start the export process. The process may take a few minutes but once it finishes a file will be downloadable from your browser. You may continue to browse the DL while the export process is in progress. Download
• Download citation
• Copy citation

We are preparing your search results for download ...

We will inform you here when the file is ready.

Your file of search results citations is now ready.

Your search export query has expired. Please try again.

SoK: A Systematic Literature Review of Bluetooth Security Threats and Mitigation Measures

In Proceedings of the International Symposium on Emerging Information Security and Applications (EISA) - Copenhagen, Denmark (2021)

20 Pages Posted: 17 Nov 2021

Sunny Shrestha

University of Denver

Raghav Thapa

Sanchari das.

Date Written: November 12, 2021

Bluetooth devices have integrated into our everyday lives such that we see an increase in wearable technologies. Users of these devices are often unaware of the security vulnerabilities that come with the use of Bluetooth. To this aid, we provide a comprehensive analysis of the security attacks and ways for users to mitigate these attacks focusing on Bluetooth technologies by reviewing prior literature. Here we analyze N = 48 peer-reviewed academic articles published in ACM and IEEE Digital Libraries. We investigate Bluetooth-specific attacks such as BlueSnarfing, Man-in-the-Middle for wearable technologies, MAC Address Spoofing, BLE-specific attacks, and others. Additionally, we analyze the papers detailing the malware targeting Bluetooth devices and compare our results with previous 15 prior systematization of knowledge (SoK) papers on Bluetooth attacks and mitigation measures. Additionally, in our review, we also provide a detailed analysis of the suggested mitigating measures, which include removing, repairing, or deleting access to devices that are no longer in use, utilizing Personal Identification Number (PIN) for user authentication, and other solutions. Thereafter, we conclude by providing actionable recommendations focused on wearable technology users.

Keywords: Bluetooth, Literature Review, Security Threats, Attack Mitigation, Wearable Devices

Suggested Citation: Suggested Citation

University of Denver ( email )

2201 S. Gaylord St Denver, CO 80208-2685 United States

Sanchari Das (Contact Author)

Do you have a job opening that you would like to promote on ssrn, paper statistics, related ejournals, information systems legislation & regulations ejournal.

Subscribe to this fee journal for more curated articles on this topic

Economic & Social Impacts of Innovation eJournal

Cybersecurity, privacy, & networks ejournal, innovation law & policy ejournal, sociology of innovation ejournal, electrical engineering ejournal.

Bluetooth Security Attacks

Comparative Analysis, Attacks, and Countermeasures

• © 2013
• Keijo Haataja 0 ,
• Konstantin Hyppönen 1 ,
• Sanna Pasanen 2 ,
• Pekka Toivanen 3

School of Computing, University of Eastern Finland, Kuopio, Finland

You can also search for this author in PubMed   Google Scholar

• Authors among the first to research Bluetooth vulnerabilities in an academic setting
• Clearly explains vulnerabilities and countermeasures
• Suitable for practitioners and researchers engaged with the security of networked and mobile devices
• Includes supplementary material: sn.pub/extras

Part of the book series: SpringerBriefs in Computer Science (BRIEFSCOMPUTER)

13k Accesses

17 Citations

This is a preview of subscription content, log in via an institution to check access.

Access this book

Subscribe and save.

• Get 10 units per month
• Download Article/Chapter or eBook
• 1 Unit = 1 Article or 1 Chapter
• Cancel anytime
• Available as EPUB and PDF
• Read on any device
• Instant download
• Own it forever
• Compact, lightweight edition
• Dispatched in 3 to 5 business days
• Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Other ways to access

Licence this eBook for your library

Institutional subscriptions

About this book

Bluetooth technology has enjoyed tremendous success, and it's now employed in billions of devices for short-range wireless data and real-time audio or video transfer. In this book the authors provide an overview of Bluetooth security. They examine network vulnerabilities and provide a literature-review comparative analysis of recent security attacks. They analyze and explain related countermeasures, including one based on secure simple pairing, and they also propose a novel attack that works against all existing Bluetooth versions. They conclude with a discussion on future research directions.

The book is appropriate for practitioners and researchers in information security, in particular those engaged in the design of networked and mobile devices.

Similar content being viewed by others

Cryptographic Analysis of the Bluetooth Secure Connection Protocol Suite

Breaking the Bluetooth Pairing – The Fixed Coordinate Invalid Curve Attack

BLE injection-free attack: a novel attack on bluetooth low energy devices

• Advanced Encryption Standard (AES)
• Man-in-the-middle attack
• Out-of-band channel
• Secure and fast encryption routine (SAFER+)
• Secure simple pairing
• Wireless security

Table of contents (8 chapters)

Front matter, introduction.

Keijo Haataja, Konstantin Hyppönen, Sanna Pasanen, Pekka Toivanen

Overview of Bluetooth Security

Reasons for bluetooth network vulnerabilities, comparative analysis of bluetooth security attacks, mitm attacks on bluetooth, countermeasures, new practical attack, conclusion and future work, back matter, authors and affiliations, about the authors.

Dr. Keijo Haataja received his Ph.Lic. in 2007 and his Ph.D. in 2009 in Computer Science from the University of Eastern Finland (UEF), where he has been a senior assistant professor of wireless communications and data security since 2002. He is a member of the Bluetooth Security Expert Group (SEG), which works to identify threats to Bluetooth wireless security and to develop related specification enhancements, white papers, test cases, and test tools. He has also been a technical consultant to Unicta Oy since 2008. His main research interests include wireless communications, wireless security, mobile systems, sensor networks, data communications, computational intelligence, and intelligent autonomous robots.

Dr. Konstantin Hyppönen received his Ph.D. in Computer Science in 2009 from the University of Kuopio. He has lectured on data security and software engineering. He works in the Finnish Social Insurance Institution (Kela), and participates in a number of national and European projects focusing on semantic operability and the security of eHealth services.

Ms. Sanna Pasanen received her M.Sc. in 2009 in Computer Science from UEF and her B.Eng. in 2013 in ICT/Telecommunications from the Helsinki Metropolia University of Applied Sciences. She works in the telecommunications and data networks team in IBM. Her main research interests include cloud services, unified communications, VoIP, and wireless networks.

Prof. Pekka Toivanen received his M.Sc. (Tech.) degree at Helsinki University of Technology in 1989 and D.Sc. (Tech.) degree in 1996 at Lappeenranta University of Technology. He has been a full professor in computational intelligence at UEF since 2007. He has published more than 100 reviewed research articles in international conferences and journals, and has served on many conference committees and editorial boards. His areas of interest are computational intelligence, image processing, machine vision, and the compression ofspectral images.

Bibliographic Information

Book Title : Bluetooth Security Attacks

Book Subtitle : Comparative Analysis, Attacks, and Countermeasures

Authors : Keijo Haataja, Konstantin Hyppönen, Sanna Pasanen, Pekka Toivanen

Series Title : SpringerBriefs in Computer Science

DOI : https://doi.org/10.1007/978-3-642-40646-1

Publisher : Springer Berlin, Heidelberg

eBook Packages : Computer Science , Computer Science (R0)

Copyright Information : The Author(s) 2013

Softcover ISBN : 978-3-642-40645-4 Published: 12 November 2013

eBook ISBN : 978-3-642-40646-1 Published: 28 October 2013

Series ISSN : 2191-5768

Series E-ISSN : 2191-5776

Edition Number : 1

Number of Pages : VII, 93

Number of Illustrations : 31 b/w illustrations

Topics : Data Structures and Information Theory , Systems and Data Security , Computer Communication Networks , Security Science and Technology

• Publish with us

Policies and ethics

• Find a journal
• Track your research

IEEE Account

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

• Publications
• Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

• Advanced Search
• Journal List
• Sensors (Basel)

Secure Bluetooth Communication in Smart Healthcare Systems: A Novel Community Dataset and Intrusion Detection System †

Mohammed zubair.

1 Kindi Center for Computing Research, Qatar University, Doha P.O. Box 2713, Qatar

2 Department of Computer Science, Qatar University, Doha P.O. Box 2713, Qatar

Ali Ghubaish

3 Department of Computer Science and Engineering, Washington University in St. Louis, St. Louis, MO 63130, USA

Devrim Unal

Abdulla al-ali, thomas reimann.

4 Copenhagen Emergency Medical Service, 3400 Hillerød, Denmark

5 Department of Emergency Management, Jacksonville State University, Alabama, AL 36265, USA

Guillaume Alinier

6 Hamad Medical Corporation Ambulance Service, Doha P.O. Box 3050, Qatar

7 School of Health and Social Work, University of Hertfordshire, Hatfield AL10 9AB, UK

8 Weil Cornell Medicine, Doha P.O. Box 24144, Qatar

9 Faculty of Health and Life Sciences, Northumbria University, Newcastle upon Tyne NE1 8ST, UK

Mohammad Hammoudeh

10 Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran 31261, Saudi Arabia

Junaid Qadir

Associated data.

The BlueTack dataset is available at: IEEE Dataport under the title BlueTack , doi: https://dx.doi.org/10.21227/skhs-0b39 .

Smart health presents an ever-expanding attack surface due to the continuous adoption of a broad variety of Internet of Medical Things (IoMT) devices and applications. IoMT is a common approach to smart city solutions that deliver long-term benefits to critical infrastructures, such as smart healthcare. Many of the IoMT devices in smart cities use Bluetooth technology for short-range communication due to its flexibility, low resource consumption, and flexibility. As smart healthcare applications rely on distributed control optimization, artificial intelligence (AI) and deep learning (DL) offer effective approaches to mitigate cyber-attacks. This paper presents a decentralized, predictive, DL-based process to autonomously detect and block malicious traffic and provide an end-to-end defense against network attacks in IoMT devices. Furthermore, we provide the BlueTack dataset for Bluetooth-based attacks against IoMT networks. To the best of our knowledge, this is the first intrusion detection dataset for Bluetooth classic and Bluetooth low energy (BLE). Using the BlueTack dataset, we devised a multi-layer intrusion detection method that uses deep-learning techniques. We propose a decentralized architecture for deploying this intrusion detection system on the edge nodes of a smart healthcare system that may be deployed in a smart city. The presented multi-layer intrusion detection models achieve performances in the range of 97–99.5% based on the F1 scores.

1. Introduction

Cities are being transformed into smart cities via Internet-of-Things (IoT) technology. Smart cities use technologies for sensing, networking, and computation to enhance the quality of life and well-being of inhabitants. Such smart cities also require new service-centric computing paradigms for next-generation networks (5G, 6G, and beyond) [ 1 ]. While there are numerous networking technologies available for long-range communications, the most widely used technology for close-proximity communications is Bluetooth. Bluetooth is well suited for operations on resource-constrained mobile devices due to its low power consumption, low cost, and support for multimedia, such as data and audio streaming. Bluetooth is also widely used in smart healthcare systems to enable untethered wireless communications between smart healthcare devices. Recently, Bluetooth was prominent in its adoption for contact-tracing applications in the fight against the COVID-19 global pandemic [ 2 ].

By the year 2030 [ 3 ], the number of IoT devices is expected to surge by 124 billion. Moreover, the healthcare economy statistics predict that the market for IoT devices will grow from USD 20 billion in 2015 to USD 70 billion in 2025. It was also reported that 30.3 % of the IoT devices in use are in the health sector [ 4 ]. The massive deployment of IoT devices in heterogeneous networks with multiple technologies and protocols (such as Wi-Fi, long-term evolution (LTE), Bluetooth, and ZigBee) makes the task of securing such networks very complex. Research from the Information Systems Audit and Control Association (ISACA) [ 5 ] on smart cities identified the security of IoT devices as important, as numerous smart city critical infrastructure (CI) concepts (e.g., intelligent transport, healthcare system, and energy distribution) rely on the robustness and security of smart technologies and IoT devices [ 6 ].

As the number of Internet of Medical Things (IoMT) devices increases, the network becomes congested, which leads to bandwidth and latency bottlenecks [ 7 ]. For instance, an IoMT device sends data to a medical professional for regular analysis. This transmission of data to the cloud can potentially cause latency and bandwidth congestion in the communication path [ 8 ], which could endanger the life of the patient. To address this challenge, the edge cloud concept has emerged for the IoMT paradigm. An edge cloud improves efficiency and provides more reliability for the smart healthcare system. The quick response time and reduced energy consumption will result in longer battery life for medical devices and reduce the usage of network bandwidth [ 9 , 10 ].

The exponential growth of IoT devices and the massive interconnectivity between such devices greatly opens up the potential attack surface for smart healthcare services that may be exploited by malicious actors. IoT devices are vulnerable to various medium- and high-severity attacks [ 11 ]. Various vulnerabilities allow the intruders to perform a wide range of attacks, such as denial of service (DoS), distributed DoS (DDoS), man-in-the-middle (MITM), data leakage, and spoofing. These attacks result in the unavailability of system resources and can lead to physical harm to the individuals when the patient is ambulance-bound or hospital-bound. According to a report from the Global Connected Industries Cybersecurity, 82 % of healthcare facilities experience cyber-attacks, amongst which, 30 % target IoT devices [ 11 ]. The potential weakness in the network, IoT device, and protocol allows the attackers to access the network completely in an unauthorized way (e.g., Mirai attack) [ 12 ]. Apart from these cyber-attacks, insecure operating systems, and application vulnerabilities are other major threats to the healthcare system. Investigations show that 83 % of IoT devices run on outdated operating systems, and around 51 % of the cyber threats in the health sector concern imaging devices, which lead to the disruption of communication between patients and medical professionals. Moreover, 98 % of IoT device traffic is in plain text that can be intercepted by adversaries.

Traditional security mechanisms cannot be enforced in the IoT network because the network protocol stack itself may have numerous vulnerabilities. Zero-day attacks are very difficult to be detected by traditional security mechanisms due to computational expenses, which do not go well with the resource-constrained nature of typical IoT devices [ 13 ]. Conventional perimeter security controls only defend against external attacks, but they fail to detect internal attacks within the network. An intelligent and faster detection mechanism is required to guarantee the security of the IoT network for countering new threats before the network is compromised.

In this paper, our focus is on the security of Bluetooth communication in smart healthcare systems. After reviewing the significant security problems, we focus on the detection of wireless attacks against IoMT. Wireless attacks are performed when the data are at rest or in transmission from one device to another device in a wireless medium over different channels using various protocols, namely Bluetooth low energy (BLE), Bluetooth basic rate/ enhanced data rate (BR/EDR), Wi-Fi, long-range (LoRA), etc. The openness of the wireless network poses threats to the entire network and can end up compromising the entire system. The attacker may perform various attacks, such as peer-to-peer, denial-of-service, eavesdropping, man-in-the-middle (MITM), and authentication attacks to take over the IoMT device or complete network. The main contributions of this study are as follows:

• We curated a novel first-of-its-kind BlueTack dataset for Bluetooth-based IoT attacks. The BlueTack dataset consists of popular attacks against Bluetooth BR/EDR or Bluetooth classic protocols, namely: Bluesmack, DoS, DDoS, and similar attacks, such as DDoS and MITM attacks on the BLE protocol. To the best of our knowledge, this is the first intrusion detection dataset for the Bluetooth classic protocol and BLE. The BlueTack dataset will be made publicly accessible as described in the Dataset Availability Statement.
• A secure and scalable framework for the deployment of an intrusion detection system(s) (IDS) on the edge nodes of IoT-based healthcare systems in smart cities. The framework guarantees quicker identification of malicious activities to ensure the safety of critically ill patients transported by ambulances.
• A multi-layer intrusion detection model using deep learning (DL) to protect the edge nodes of the smart healthcare IoMT system. Since IoMT is composed of several resource-constrained devices, deploying the DL model on the IoMT device itself for advanced functionality is impractical. Hence, The IDS is divided into two layers: Layer _ 1 (where preprocessing is performed on IoMT devices or the edge node) and Layer _ 2 (a standalone GPU capability device in which the DL model is deployed). The proposed DL-based IDS achieves 99 % accuracy while being deployed in a real-time scenario.

The flow of this paper is structured as follows: Section 2 provides an overview of related work, followed by Section 3 , which illustrates the proposed model, architecture, and dataset in detail. We show the results of the performance evaluation of the proposed model in Section 4 . Finally, the work is concluded with future directions in Section 5 .

2. Related Work

Before we introduce the methodology, we discuss the background and related work available in the literature.

2.1. Security of IoMT

IoMT devices perform diverse tasks in smart healthcare systems, such as recording electrical impulses through electrocardiograms (ECGs) or monitoring blood glucose or blood pressure. For ambulance-bound patients, IoMT devices monitor the patient’s activity, save critical information about the patient’s physiological signals, and trigger alerts to the medical staff inside the ambulance or a remote monitoring device through the cloud. As the complete information of the patient flows in and out through the IoMT gateway [ 14 ], securing the IoMT attack surface assumes critical importance. An attacker may target the IoMT gateway to manipulate information before sending it to the doctor or to launch denial of service attacks to make the information unavailable. Such malevolent activities can put the patient’s life at risk. Rasool et al. [ 15 ] reviewed various security issues of IoMT devices. The authors describe the vulnerabilities that exist in these devices, which can be exploited by attackers easily. In our article, we consider internal and external threats that are targeted against IoMT infrastructure. Since these devices are severely resource-constrained, it is easy to render these devices unavailable by draining their battery with devastating implications [ 16 ]. Thus, our focus in this paper is on attacks that may drain the batteries of these devices or that make the devices unavailable due to multiple ping requests.

2.2. Communication in Smart Healthcare System

The typical architecture of a smart healthcare system is shown in Figure 1 . A typical smart healthcare system comprises three domains: IoT domain, cloud domain, and user domain, which generate data, store data, and make diagnoses, respectively. The IoT domain consists of wireless medical devices, actuators, sensors, gateways, and other devices. Here, the focus is on acquiring patients’ data from IoMT devices and transmitting it to the cloud for storage and subsequent access. The cloud domain is stratified by the edge and core cloud. The edge cloud is placed on the premises of the medical facility to ensure continuous connectivity and low latency, in addition to quicker diagnosis of acute cases. The core cloud provides massive storage and comprehensive analysis of data, and it helps in the diagnosis of current symptoms based on previous related records.

The use of Bluetooth and related protocols (BLE: Bluetooth low energy; BR/EDR: Bluetooth basic rate/enhanced data rate) in a typical smart healthcare system for communication between electronic patient care record device (EPCRD) and other entities over the edge and the cloud.

During IoMT communication, the vital information of a patient is maintained by an electronic patient care record device (EPCRD), which is commonly known as a Toughpad. It has the capability of integrating different communication protocols and it acts as a gateway for Bluetooth, Wi-Fi, and long-term evolution (LTE) communication. Furthermore, the EPCRD acts as an edge device that allows and enables the technologies for computation at the edge of the healthcare network. It accomplishes the tasks of caching, processing storage, computation offloading, request distribution, and delivery of the services from the cloud end to the user end. In our proposed approach, we leverage edge cloud technology and deploy the IDS on the edge nodes of the healthcare system. The user domain delivers the processed data from other domains to the authorized clinical staff. Integration and streaming of vast volumes of data from different sources are visualized in various forms, such as graphics, images, tabular, and other representations.

Medical devices (such as defibrillators and insulin pumps) that are continuously linked with the patient for medical treatment are referred to as active medical device(s) (AMD). On the other hand, medical devices (such as home monitoring devices and medical beds) whose focus is on periodic monitoring of the patient physical condition and report generation are called passive medical device(s) (PMD). Wireless communication technologies are adopted for communication in IoT devices such as near-field communication (NFC), RFID, Wi-Fi, Bluetooth, LTE, and LoRA. Various IoMT devices use different wireless technologies. Most of the AMD and PMD utilize Bluetooth classic, V4.X, and V5. Bluetooth technology provides a generic profile for medical IoT devices to use the 2.4 GHz frequency band, as recommended by the international telecommunication unit (ITU) [ 17 ]. Some of the basic differences between BR/EDR and the BLE are showcased in Table 1 .

Technical details of Bluetooth technology.

Bluetooth-enabled devices have two modes of operation. In the single mode, a BLE device cannot interface with a device that is operating on BR/EDR, and vice versa. Whereas in dual-mode, both BR/EDR and BLE devices can communicate with each other. However, the major concern is about security and privacy in all Bluetooth versions. In this paper, we focus on the detection of attacks against the BR/EDR and BLE, since the medical sensor and data collection devices in the considered testbed utilize this version of Bluetooth.

2.3. Vulnerabilities in the Bluetooth Protocols

The major vulnerability factor in Bluetooth devices is the version that is used for communication. Table A1 in the Appendix A describes the vulnerabilities and security flaws of Bluetooth devices for different versions [ 18 ]. Few of the known vulnerabilities have been identified by researchers, such as MITM, Bluesmack, battery drain attacks, and backdoor attacks [ 19 ]. Recently, researchers identified the “SweynTooth” vulnerability affecting implantable medical devices (e.g., insulin pumps, pacemakers, and blood glucose monitors) and hospital equipment (e.g., patient monitors and ultrasound machines) that work on BLE [ 20 ]. The Bluetooth protocol has problems due to the encryption key length and improper storage of the link keys can be potentially manipulated by the adversary [ 12 ].

2.4. Intrusion Detection Systems

Some prior research studies on intrusion detection system(s) (IDS) dedicated to the cyber-physical system [ 21 ] or smart environments using the Wi-Fi protocol against DoS attack [ 21 ] have adopted various AI techniques, such as ML and DL. One such approach, Ref. [ 22 ], proposed a hybrid model that is based on the principal component analysis (PCA) and information gain (IG) incorporating the support vector machine (SVM), multi-layer perceptron (MLP), and instance-based learning models to identify the intrusions in the network. The model is trained and tested using the NSL-KDD, Kyoto 2006+, and ISCX 2012 datasets, and the optimal features are selected using an ensemble classifier. However, the performance of the model is evaluated with some publicly available datasets, which are not real-time datasets. Sawarna et al. [ 23 ] proposed an efficient IDS based on the deep neural network (DNN) using the principle component analysis–grey wolf optimization (PCA-GWO); it eliminates adversarial activities by providing faster alerts. This research was conducted to address the problem of data dimensionality for publicly available huge datasets. They tested the NSL-KDD dataset on various ML and DNN models to detect anomalies, among which the best accuracy was attained by the DNN. Baburaj et al. [ 24 ] proposed a cloud-based healthcare system using an SVM model to predict the health condition of a patient. The confidential data were accessed only by a legitimate user. This approach focused on data mining techniques using ML models, but not identify the anomalies in the system.

Likewise, a supervised approach for detecting intrusions in IoT devices in a smart home was proposed by Eanthi et al. [ 25 ]. In this approach, a lightweight standalone three-layer IDS framework is built using a decision tree (DT) classifier with promising results. Nevertheless, the evaluation of the proposed model is based on a simulation performed on the open-source Weka tool and the effectiveness of the IDS is not tested against real-time traffic and attacks.

2.5. IDS for Bluetooth Enabled Systems

Very few researchers have focused on the security perspective of Bluetooth technology, especially intrusion detection. Various attacks against Bluetooth devices are discussed below to emphasize the need for effective intrusion detection for Bluetooth-enabled medical IoT devices. Bluetooth technology provides a generic profile for the IoMT devices and it uses the 2.4 GHz frequency. It is identified as an attractive protocol for the healthcare system due to its robustness, lesser power consumption, low cost, suitability for short-distance communication, and support for data and audio streaming. Moreover, it helps in the IoT domain for machine-to-machine (M2M) communication [ 26 ]. Compromising the IoMT devices could lead to sensitive patient information being revealed through the interception and decoding of the data and audio/video streaming packets. An IDS detects malicious activities or policy violations that bypass the security mechanism on a network and is the process of monitoring and detecting unauthorized events intruding on the network. An intruder is one who escalates the privileges of the users to gain access to data or services or to control the entire network. Bluetooth-enabled systems require a different approach and standard IDS developed for other protocols are not effective due to the difference in traffic patterns and the highly constrained nature of Bluetooth devices [ 27 ].

Haataja et al. [ 28 ] proposed a Bluetooth intrusion detection and prevention system based on a set of rules by investigating Bluetooth security to discover malicious communication on the Bluetooth network. Krzysztoń et al. [ 29 ] proposed a detection system to identify the malicious behavior of Bluetooth traffic in a Bluetooth mesh network. Multiple watchdog nodes are used for cooperative decisions in different areas of the mesh network. Malicious activities are detected based on the received signal strength indicator (RSSI). However, this model encountered the problem of modeling the transmission range and RSSI parameters with obstacles, such as furniture and walls. This detection mechanism was not deployed to a variety of attacks and was evaluated in a simulated environment.

Similarly, Satam et al. [ 30 ] built a Bluetooth IDS (BIDS), where the normal behavior of the Bluetooth traffic was defined based on the n-gram approach, and malicious traffic was classified using traditional ML algorithms. This method attained the highest precision of about 99.6 % and recall of 99.6 % against DoS attacks. Yet, the effectiveness of the IDS was not tested against different datasets and other attacks. An anomaly-based intrusion detection system was proposed by Psatam et al. [ 31 ] to detect multiple attacks on the Bluetooth protocol using ML models by following the zero-trust principle. Nevertheless, the model was not tested using different attacks and datasets. Newaz et al. [ 32 ] focused on the detection of the BLE for multiple attacks using ML models to identify the abnormal behavior of the BLE traffic from the normal traffic pattern. The evaluation of the model was done on their own real-time traffic for an ideal dataset but was not tested on other datasets.

From the above literature and Table 2 , it is observed that the existing IDS approaches that are dedicated to healthcare IoT systems are at the initial stage of development. Few of the proposed IDS have validated their models on the data of the network simulation (dataset) or on a small number of IoT devices, but they have not been tested on multiple datasets. Moreover, these proposed IDS models detect malicious activities on the network by identifying the traffic patterns as normal or abnormal. It is also important to identify the various types of attacks on the network. In the below subsection, we describe the healthcare system in use by this paper and the Bluetooth technology (BR/EDR and BLE) deployed.

Various BIDS approaches in comparison to our proposed models. Our Bluetooth intrusion detection covers both Bluetooth classic and Bluetooth low-energy protocols.

3. Methodology

To understand the application of the proposed architecture, we consider a scenario of an IoMT system (i.e., smart healthcare system) that comprises multiple IoMT devices as shown in Figure 2 . Vital information from the IoMT devices is transferred to edge devices and the cloud and is further sent to the medical staff.

Architecture of the proposed security framework. The proposed system involves an edge cloud for reducing request/response delays. The IDS is multi-level and suits the resource restrictions of IoMT devices.

3.1. Scalable Architecture

By considering the significant security mechanisms, we designed a scalable architecture to deliver appropriate patient details to the medical experts from patient care efficiently and without manipulation, i.e., tampering. Our ultimate goal is to provide a security mechanism to detect malicious activities against Bluetooth communication on the edge node. The proposed architecture has enforced security policies, and detection mechanisms at the edge cloud and edge nodes to ensure fast response and secure emergency services. Edge computing helps to process the data efficiently with a quicker response time and assists with the deployment of the IDS. Figure 2 represents the proposed architecture of smart healthcare for detecting malicious behaviors of ambulance-bound, Bluetooth-enabled IoT medical devices in the smart healthcare system.

As the complete information of the patient flows in and out through the medical IoT gateway, it allows for a potential attacking surface to compromise the complete system by (1) targeting the medical IoT gateway to manipulate information before sending it to the medical professional or by (2) launching DoS/DDoS or MITM attacks to make the information manipulated or unavailable. Such malevolent activities can potentially put the patient’s life at risk. To avoid such abrupt manipulation of the information, we enforced a multi-layer intrusion detection model on the edge nodes of the healthcare system. The detection system comprises two layers, namely, Layer _ 1 and Layer _ 2 . Layer _ 1 is responsible for gathering patient information through a gateway and performing the preprocessing, feature engineering, and feature selection techniques using various ML algorithms. Layer _ 2 will detect the abnormal activities of the Bluetooth traffic on the edge node using a DNN classifier. Next, we describe in detail the features of each layer:

3.1.1. Layer _ 1

Layer _ 1 receives data from various medical IoT devices. The data from IoT devices is received at medical IoT gateways to analyze and store on the edge node. The fetched information is deeply analyzed and processed before it is transmitted to the medical professional for diagnosis. On this layer, preprocessing, feature engineering, and feature selection techniques using various ML algorithms are performed. Data preprocessing helps to provide the privacy of the medical information from the IoT devices because the information received from IoT devices is in plain text that can be intercepted by adversaries to perform medium- and high-severity attacks [ 34 ]. Data preprocessing is performed to transform actual data into data compatible with ML/DL models. For this process, we used numericalization (where a string is converted into integer (stoi), and then encoded into tokenized sentences before feeding to any model) and normalization. Data preprocessing helps the model to be trained and tested quickly. It also increases the accuracy of classification. We provide a detailed explanation of these stages below.

Eliminating/Dropping features : While capturing the traffic, we eliminated some information, such as source and destination information, due to two major issues, firstly, in some scenarios, it is difficult for the sniffer to collect this information [ 33 ], while in other cases, the adversary may spoof its address giving wrong information. In both cases, the classifier attempted to misclassify the traffic by replacing the missing values with some random numbers, giving higher false positives and true negatives. Likewise, we eliminated some other unimportant and irrelevant features.

Feature selection : In this process, significant features were selected from the dataset by applying various feature selection techniques [ 35 , 36 ]. Feature selection increases the model performance, decreases computational cost, and also increases storage efficiency. Additionally, using appropriate features reduce the problem of overfitting.

There are various ML approaches for selecting features, such as filter-based methods, wrapper methods, embedded, and statistical methods. In the univariate selection technique, a statistical test is applied to each feature to select the features, which have a strong bond with the output variables. We used Chi square (chi-2) , in Equation ( 1 ), which gives the level of independence between the features x _ t and the label y _ t ; it differentiates the chi-distribution, with the degree of freedom as 1.

where F indicates the frequency of the features and their labels in a dataset; P = frequency of the features emerges without a label; Q = frequency of label emerges without features; Z = frequency of neither features nor label emerges in the given dataset; and M = no. of training samples x t = x 1 , x 2 , … x i and prediction sequence y t = y 1 , y 2 , … y i .

Recursive feature elimination (RFE) is an effective method to find an optimal set of features for both regression and classification tasks. Initially, it creates a model dependent on all the features and estimates the importance of each feature of a given dataset. It priorities the features based on the rank order and eliminates those features that are of the least importance based on the evaluation metrics (in our case, we selected accuracy as a metric to find the optimal features) of the proposed model (DNN), which is depicted in Figure 3 .

Accuracy of the model based on several features. Based on the varying accuracy of the number of features, we chose nine features from the dataset to train and test the model.

We also utilized logistic regression (LR) and random forest (RF) [ 37 ] to determine which features contributed to the output variable [ 38 ]. Table 3 and Table 4 show (“True” value), which indicates that the feature contributed to the output variable, based on each univariate selection algorithm. The final score is given based on the cumulative of the four algorithms used. In the BR/EDR and BLE dataset, they contain four and five non-numerical values, respectively. The non-numerical values are converted to numeric values before they are fed to the model using one-hot encoders, a process called numericalization. Finally, we only selected the features that were important for identifying abnormal activities.

Univariate selection score of the BR/EDR selected feature.

Univariate selection score of BLE selected features.

Normalization : This is a feature engineering technique used to have the data in one range for faster processing and classifier accuracy. There are various normalization techniques available, among which Z-score normalization is highly used due to its simplicity and performance accuracy [ 33 ].

3.1.2. Layer _ 2

Initially, the medical data from IoT devices is collected and pre-processed on the first layer, and the collected events from Layer _ 1 events are sent for detection and identification to the second layer (the edge node). If any manipulation or deviation in the Bluetooth traffic is identified, an alert is triggered. On this layer, the events of the IoT medical device are actively captured and recorded on the events collector and are placed on the EPCRD device. This traffic is fed in the format of a feature vector, which is represented in Equation ( 2 ).

This feature vector is fed to Layer _ 2 to identify the malicious activities on this device based on the DL technique, which is deployed on the second layer of the edge node. The reason for placing two layers of intrusion detection is to protect the IoT system from device-based attacks and to have full coverage of the IoT healthcare network. The classifier model gives 99 % accuracy, which has been placed on Layer _ 2 . As the preprocessing and intrusion detection phases are separated on different devices, the resulting system constitutes a multi-layer IDS. At last, the IDS model triggers an alert for the administrator to take the required course of action against the intrusion.

3.2. Dataset Description

We developed a Bluetooth (BR/EDR and BLE) dataset using realistic traffic generated using the smart healthcare testbed [ 39 ] as described above in Figure 2 , with the following specifications: GPU 128-core Maxwell, CPU Quad-core ARM A57 @1.43 GHz, and memory of 4 GB 64-bit LPDDR4 25.6 GB/s; this device is commonly known as NVIDIA Jetson Nano. The dataset comprises abstract meta-information from the network traffic flow link layer (data link) of the Bluetooth-enabled IoMT network. The generated data do not cover the exact patient vital information but we considered the payload size of the vital during data generation and transmission.

While generating the data, we used three IoMT devices that were easily available in the market (SpO2, heart rate, and ECG), which operated wirelessly. During the data generation process, we considered Bluetooth version.4 and above. We observed some delays in data transmission for DoS attacks. However, in a DDoS attack, the IoMT device stops sending the data transmissions, and the device malfunctions. The generated data are stored in the local drive of the edge node.

We collected 5 GB of BR/EDR and BLE data over about 76 h during normal traffic patterns and while performing the attacks. Therefore, the data collected included benign and malicious traffic. The performed attacks were DDoS, Bluesmack, MITM, and DoS on the L2CAP (link layer control adaption protocol) layer of the Bluetooth protocol stack. The L2CAP protocol was located in the data link layer of the stack, and it provided connectionless and connection-oriented data services to the top layer protocols. It allowed the upper-level protocols and applications to send and receive the data frames.

After analyzing the captured traffic in the preprocessing data, we used a Dell Precision T5820 workstation having the feature of Intel ® Xeon ® W-2245 (16.5 MB cache, 8 cores, 16 threads, 3.90 GHz to 4.70 GHz Turbo, 155 W), NVIDIA ® RTX™ A4000, 16 GB GDDR6, 4 DP. The data preparation process was done using Python libraries. These libraries are most efficient in the domain of data science (e.g., Pandas). Pandas supports various input and output data formats and has strong probabilities in estimating the statics and elementary visualization [ 40 ]. Finally, we selected nine features from each dataset through statistical methods and correlation analysis as presented in Table 3 and Table 4 .

3.3. IDS Classifiers

The entire classification process is divided into two main stages—training and testing. In the training phase, some samples of a dataset are used to train the model. In the testing phase, new samples are fed to the classifier from the test dataset to evaluate the performance. To validate the dataset performance, we used existing supervised and unsupervised ML algorithms in addition to the proposed DL model for training and testing. The reason for using various ML and the proposed DL models is to benchmark it and to show that the dataset is free from abnormal results on different classifier models. Many of the datasets used in the literature are algorithm-dependent [ 41 ]. Our dataset produced acceptable accuracy for supervised and unsupervised ML and DL models. Various experiments with different classifiers helped us build the most efficient DL model to identify malicious activities with more than 99 % accuracy.

3.3.1. Classifier Using Supervised ML Algorithms

Among the existing supervised ML algorithms, we selected the most popular ones, namely: logistic regression (LR), decision tree (DT), support vector machine (SVM), and random forest (RF). We provide short descriptions of the algorithms that we used in experiments.

3.3.2. Classifier Using Unsupervised ML Algorithms

The selected algorithms are naïve Bayes (NB), isolation forest (IF), K-Means (KM), and local outlier factor (LOF). Unsupervised algorithms are trained without using the labels of the features in the dataset. IoMT devices operate on different protocols, and due to this complexity, vulnerabilities may emerge. Furthermore, with classical ML algorithms, many attacks cannot be detected when the attacker does a small manipulation over time. DL techniques can recognize unknown patterns, outliers, and small changes from the training model.

3.3.3. Classifier Using DNN

We used the multilayer perceptron (MLP) model, which is one of the categories of the feed-forward neural network (FNN), with multiple layers: one input layer, one output layer, and three hidden layers. Each layer consists of a set of neurons. The process of assembling the hidden layers is known as a DNN, as depicted in Figure 4 . The DNN-IDS training comprises two phases—forward propagation and backward propagation. In forward propagation, output values are calculated. Whereas, in backward propagation, the weights are updated by passing the residual. The training of the model is implemented using Keras (with TensorFlow backend) and Table 5 provides detailed information on the various functions and parameters used. The combination of all layers is reflected in Figure 4 . The model’s hidden layers are formulated as in the MLP. The vector and the biases are represented as b h and b y .

DNN architecture for the proposed IDS. It has three hidden layers with softmax as the output layer.

DNN architectural hyperparameters.

• Hidden layer: H l ( x ) = H l 1 ( H l 1 − 1 ( H l − 2 ( … ( H l 1 ( x ) ) ) ) ) (4)
• Training samples: x t = x 1 , x 2 , x 3 , x 4 , … , x i − 1 , x i (5)
• Hidden states: h t = h 1 , h 2 , h 3 , h 4 , … , h i − 1 , h i (6)
• Predictions of sequence: y ^ t = y 1 , y 2 , y 3 , y 4 , … y i − 1 , y i (7)
• Input-hidden weighted matrix: W l x · W l h (8)
• Output-hidden weighted matrix: W l y (9)

The objective function of the model, defined as the single pair of the training example ( x t , y t ) is: L is described as the distance calculating the actual y t and y ^ t denote the prediction labels, η denotes the learning rate and k denotes the number of iterations. In DNN, each hidden layer uses a non-linear activation function to model the gradient error. Among various activation functions, ReLU gives faster performance and can train the model with a huge number of hidden layers. For maximizing the efficiency of the DNN, we built the model by considering the binary-cross entropy loss function, ReLU function, and softmax function with non-linear activation to achieve greater accuracy among the most substantial probability value of each class. In addition, we applied dropout techniques, to counter the problem of overfitting, by ignoring the randomly selected neurons. During this process, downstream neurons are ignored in the forward propagation and updated weights are not applied for the backward pass [ 42 ]. The neuron weights are settled within the network and are tuned for specific features. This effect on the network will result in less sensitivity to the definite weights of the neurons, which makes better generalization and is less likely to overfit the training data. In the below subsections, we show the experiments that we performed in the selection of IDS classifiers for the IDS models.

4. Experimental Results

To choose the best classifier for Intrusion detection, we trained and tested the BR/EDR and BLE Bluetooth datasets with supervised and unsupervised ML algorithms and DNN. The experimental results and discussion are provided below.

4.1. Unsupervised ML Algorithms

4.1.1. br/edr dataset.

The BR/EDR dataset is trained and tested on four unsupervised ML algorithms with a balanced ratio of DOS attack and normal traffic pattern. We trained the four algorithms as binary classifiers to identify the DOS attack and normal traffic. The results achieved are shown in Table 6 and Figure 5 . The naïve Bayes algorithm recorded the highest accuracy, precision, F1-score, and other favorable metrics among all the algorithms. The precision and recall scores of Isolation Forest achieved an acceptable level of prediction, while K-means and LOF achieve more than 55 % and 30 % of precision and recall, respectively. This suggests that these two algorithms are not suitable to train the IDS using the created BR/ EDR dataset. Moreover, the reason for lower precision and recall of LOF is a direct indication that the dataset is fully pre-processed. The dataset does not contain a high level of deviations and we performed intensive preprocessing on the dataset to make it normalized and free from outliers (in the Layer _ 1 of the IDS model). Furthermore, the features that have been selected are highly significant for the output class. The other three metrics are the F1 score, area under the ROC curve (AUC), and Cohen’s kappa scores. These metrics provide a homogeneous pattern to the previous three metrics for the Naïve Bayes classifier.

Performance of BR/EDR–Unsupervised ML algorithms. This result shows that the dataset does not show any deviation irrespective of different models (i.e., the dataset is preprocessed intensively).

Performance analysis of the BR/EDR IDS using unsupervised—ML algorithms.

4.1.2. BLE Dataset

Similarly, the BLE dataset was trained and tested on the same unsupervised algorithms, but we modeled those as multiclass classifiers to identify DoS, MITM, and normal traffic from the samples. The performances of the classifiers are shown in Figure 6 . The numeric scores of each class are visible in Table 7 . Among the four unsupervised algorithms, naïve Bayes records the highest accuracy scores of 98 , 78 , and 80 for DoS, MITM, and normal traffic identification, respectively. Recall, precision, and other metrics fall close to the accuracy scores for the naïve Bayes classifier. Isolation forest, K-means, and LOF classifiers show better performances than the BR/EDR dataset with an average accuracy of 80 % for three classes.

Performances of BLE–unsupervised ML algorithms. Multiple attacks were trained on the same models of BR/EDR; we observe that the models are not biased.

Performance analysis of the multiclass classification of the BLE IDS using supervised—ML algorithms.

4.2. Supervised ML Algorithms

4.2.1. br/edr dataset.

Likewise, the dataset BR/EDR was modeled as a binary classifier using four supervised ML algorithms each time, namely LR, DT, SVM, and RF to differentiate the DoS attack and normal traffic. The experimental results depicted in Figure 7 and Table 8 show that accuracy, precision, and recall are satisfactory for all classifiers. However, the RF classifier gave the highest score for all three metrics, followed by DT, SVM, and then LR. This is clear evidence that the classifier model and dataset are efficient in identifying malicious traffic of DoS attacks on Bluetooth medical IoT devices.

Performance of BR/EDR–supervised ML algorithms. The dataset and models are efficient in identifying malicious traffic behavior. (Deployed models are SVM and K-means).

Performance analysis of the BR/EDR IDS using supervised–ML algorithms.

Figure 7 also records the F1-score, AUC score, and Cohen’s Kappa score, substantiating the inference that we deduced from the previous three metrics. Moreover, we can conclude that the dataset gives stable results using any of these supervised ML algorithms, of which RF and DT are the most recommended for general IoT devices and other networks. However, in the case of medical IoT devices, we need to choose a lightweight computationally inexpensive model. Among the tested algorithms, K-means (unsupervised) and SVM (supervised) are lightweight but they are computationally expensive in terms of training a model that is deployable on medical IoT devices. Nevertheless, the performance scores fall short for the real-time IDS model, so we investigated the DNN models using the created datasets.

4.2.2. BLE Dataset

The results of the multi-class model trained using the BLE dataset with four different algorithms are shown in Figure 8 and Table 9 . We observe that, unlike LR, the accuracy scores of the three supervised algorithms, DT, SVM, and RF lie between 95 % and 98 % . Though the average performance of the three algorithms, namely, DoS, MITM, and normal, is satisfactory, it is difficult to choose the best among these three. Moreover, neither one of the single classifiers give better performances for the three identification classes to suit the real-time IDS performance. LR records less than 50 % accuracy and unstable scores for other metrics. Because of these shortcomings, we investigated the use of a DNN model for both of the datasets.

Performances of BLE–supervised ML algorithms. For real-time detection and deployment, neither of the single classifiers gave a better performance.

Performance analysis of the multiclass classification of the BLE IDS using supervised–ML algorithms.

4.3. DNN Model

Two DNNs were modeled as binary and multi-class classifiers using BR/EDR and BLE datasets, respectively. The training accuracies of the two models were between 92 % and 95 % , as depicted in Figure 9 . The testing accuracies were 98 % and above for both models. From these results, we conclude that the classifier model using DNN was the best among all the other algorithms we tested. This deduction was bolstered by considering the training and testing loss scores in Figure 10 . The training loss of the two models started at approximately 0.3 and then reached 0.15 as the learning process went on. Similarly, the lowest Test loss recorded was 0.01 , which is an indication of a stable DNN model.

Training and testing accuracy. The proposed IDS DNN model for the BR/EDR and BLE datasets for 1000 epochs attained an accuracy of 98%.

Training and testing loss–DNN. The recorded test was a loss of 0.01, which indicated that DNN was reliable for the real-time application.

Additionally, to check the uniformity of the dataset, we tested various ratios of abnormal (malicious) and benign traffic patterns. The ratios of benign and abnormal patterns considered were 50–50, 75–25, and 80–20. Each time, the results that we achieved were consistent, which suggests that our dataset does not have any bias in the ratios of the traffic patterns. The accuracy scores of all the tests show that our dataset achieved less accuracy for unsupervised ML algorithms than for the supervised ML algorithms. From Table 10 and Figure 11 , we deduce that the dataset can be considered a standard for training IDS models to identify DoS, DDoS, and Bluesmack attacks against Bluetooth IoMT devices. Moreover, in comparison to other models, our proposed model attained the best accuracy, as shown in Table 11 .

Performance analysis of the binary and multiclass of the proposed model for BR/EDR and BLE, respectively.

Performance analysis of the binary and multi-class classification of the proposed IDS (BR/EDR and BLE).

Comparison of our model with existing IDS models).

5. Conclusions and Future Work

Bluetooth communication is widely adopted in IoMT devices due to its various benefits. Nevertheless, because of its simplicity as a personal wireless communication protocol, Bluetooth lacks security mechanisms, which may result in devastating outcomes for patients treated using wireless medical devices. As discussed, continuous monitoring of network activity is efficient in identifying cyber-attacks in most scenarios. We applied the same concept to Bluetooth-based medical IoT devices in a smart healthcare system. In this paper, we proposed a secure and scalable architecture and deployed the IDS on the edge nodes of the smart healthcare system. we explored the issues and limitations of Bluetooth communication technology in IoMT systems and current IDS for Bluetooth-enabled IoMT devices. The second outcome of this research is a standard Bluetooth dataset and a DNN-based classifier for Bluetooth traffic. To the best of our knowledge, this is the first intrusion detection dataset for the Bluetooth classic and BLE. From the results, we can see that the created dataset can be used to train the IDS model for identifying DoS, DDoS, and Bluesmack attacks on medical IoT devices operated using Bluetooth technology. We also deduce that the proposed IDS classifier using DNN gives more than 99 % accuracy, precision, and recall, which outperforms the existing models for identifying Bluetooth-based attacks.

In the future, we plan to enhance the following critical areas of the proposed model. (1) We look forward to enlarging our dataset with more attack types, other than DoS, DDoS, and MITM. (2) We plan to include the attack data of other protocols, such as Wi-Fi. (3) We will aim to improve the intrusion detection classifier to identify those attacks efficiently on different datasets (by applying data fusion or feature fusion techniques). (4) Furthermore, we plan to develop a mitigation technique for the identified attacks from our model and to detect unknown attacks so that the architecture can be extended to include mitigation mechanisms for the identified attacks.

Acknowledgments

This publication was made possible by an NPRP grant, NPRP 10-0125-170250 from the Qatar National Research Fund (a member of the Qatar Foundation). The statements made herein are solely the responsibility of the authors.

Bluetooth vulnerabilities.

Features candidates for the proposed model.

Funding Statement

This publication was made possible by NPRP grant NPRP 100125-170250 from the Qatar National Research Fund (a member of Qatar Foundation).

Author Contributions

Conceptualization, M.Z., D.U. and A.A.-A.; methodology, M.Z., D.U. and A.A.-A.; software, M.Z.; validation, M.Z.; formal analysis, M.Z.; investigation, M.Z.; resources, M.Z. and D.U.; data curation, M.Z.; writing—original draft preparation, M.Z.; writing—review and editing, M.Z., A.G., D.U., A.A.-A., T.R., G.A., M.H. and J.Q.; visualization, M.Z.; supervision, D.U., A.A.-A. and J.Q.; project administration, D.U.; funding acquisition, D.U. All authors have read and agreed to the published version of the manuscript.

Institutional Review Board Statement

Not applicable.

Data Availability Statement

Conflicts of interest.

The author declare no conflict of interest.

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

https://www.nist.gov/publications/bluetooth-security-protecting-wireless-networks-and-devices

Bluetooth Security: Protecting Wireless Networks and Devices

Download paper, additional citation formats.

• Google Scholar

If you have any questions about this publication or are having problems accessing it, please contact [email protected] .

Ohio State nav bar

The Ohio State University

• BuckeyeLink
• Find People
• Search Ohio State

Study uncovers new threat to security and privacy of Bluetooth devices

Researchers also develop countermeasure to prevent tracking.

Mobile devices that use Bluetooth are vulnerable to a glitch that could allow attackers to track a user’s location, a new study has found. 

The research revolves around Bluetooth Low Energy (BLE), a type of Bluetooth that uses less energy when compared to Bluetooth Classic (an earlier generation of Bluetooth). On smartwatches and smartphones, billions of people rely on this type of wireless communication for all types of activities, ranging from entertainment and sports to retail and health care.  

Yet due to a design flaw in Bluetooth’s protocol, users’ privacy could be at risk, said Yue Zhang , lead author of the study and a postdoctoral researcher in computer science and engineering at The Ohio State University . Zhang recently presented the findings at the ACM Conference on Computer and Communications Security ( ACM CCS 2022 ). The study also received a “best paper” honorable mention at the conference. 

Zhang and his adviser, Zhiqiang Lin, professor of computer science and engineering at Ohio State, proved the threat by testing over 50 market-available Bluetooth devices as well as four BLE development boards. They reported the flaw to major stakeholders in the Bluetooth industry, including Bluetooth Special Interest Group (SIG) (the organization that oversees the development of Bluetooth standards), hardware vendors such as Texas Instruments and Nordic, and operating systems providers such as Google, Apple and Microsoft. Google rated their findings as a high-severity design flaw and gave the researchers a bug bounty award. 

Bluetooth devices have what are called MAC addresses – a string of random numbers that uniquely identify them on a network. About once every 20 milliseconds an idle BLE device sends out a signal advertising its MAC address to other nearby devices that it could connect with. 

The study identifies a flaw that could allow attackers to observe how these devices interact with the network, and then either passively or actively collect and analyze the data to break a user’s privacy.  

“This is a new finding that nobody has ever noticed before,” said Zhang. “We show that by broadcasting a MAC address to the device’s location, an attacker may not physically be able to see you, but they would know that you’re in the area.”

One of the reasons researchers are concerned about such a scenario is because a captured MAC address could be deployed in what is called a replay attack, which may allow the attacker to monitor the user’s behaviors, track where the user has been in the past or even figure out the real-time location of the user.  

“Bluetooth SIG was certainly made aware of the MAC address tracking threat, and to protect devices from being tracked by bad actors, a solution called MAC address randomization has been used since 2010,” said Lin.

Later in 2014, Bluetooth introduced a new feature called the “allowlist” which only allows approved devices to be connected, and prevents private devices from accessing unknown ones. But according to the study, this allowlist feature actually introduces a side channel for device tracking. 

Zhang and Lin proved the new tracking threat is real by creating a novel attack strategy they called Bluetooth Address Tracking (BAT). The researchers used a customized smartphone to hack into more than 50 Bluetooth gadgets – most of them their own devices – and showed that by using BAT attacks, an attacker could still link and replay a victim’s data, even with frequent MAC randomization. 

As of yet, BAT attacks are undefeated, but the team did create a prototype of a defensive countermeasure. Called Securing Address for BLE (SABLE), their solution involves adding an unpredictable sequence number, essentially a timestamp, to the randomized address to ensure that each MAC address can only be used once to prevent the replay attack. The study noted it was successfully able to stop attackers from linking up to the victim’s devices. 

The results of their experiment showed that SABLE only slightly affects battery consumption and overall device performance, but Lin hopes to use the new attack and its countermeasure to raise awareness in the community. “The lesson learned from this study is that when you add new features to existing designs, you should revisit previous assumptions to check whether they still hold.”

This work was supported by the National Science Foundation. 

More Ohio State News

Things to know on your visit to ohio stadium this year.

As the start of the 2024 Ohio State football campaign nears, there are plenty of important notes, updates and reminders to share with fans who will be visiting Ohio Stadium this season.

Ohio State News Alert: Return to campus details

With Buckeye students, faculty and staff back on our campuses – some for the first time – Ohio State is providing a summary of important new and existing initiatives and resources for the 2024-25 academic year.

Author proposes new ways to resurrect America’s ‘Lost Subways’

Author Jake Berman explored how the U.S. can revitalize its long-dormant public transit systems in his presentation, “The Lost Subways of North America.”

Contact: Admissions | Webmaster | Page maintained by University Communications

Request an alternate format of this page | Web Services Status | Nondiscrimination notice

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to  upgrade your browser .

Enter the email address you signed up with and we'll email you a reset link.

• We're Hiring!
• Help Center

Bluetooth Security Threats: A Survey

Related Papers

Gypsy Nandi

Bluetooth is primarily used for establishing wireless Personal Area Networks (PANs) communication. It is a popular and commonly used technology for sending data from one device to another device. It allows the user to form ad hoc networks to transfer data among wide variety of devices. The current data transfer rate for a Bluetooth is 1 mbps. However, as Bluetooth technology is becoming widespread, vulnerabilities in its security are increasing which can be very dangerous to the users' personal information. Preventing such unauthorized access from secure communication plays a vital role to the pairing devices. This paper presents the malicious intervention about the attacks on the devices while connecting with other devices during the exchange of data using Bluetooth technology. It also discusses various security measures that can be involved during data exchange using Bluetooth technology. Keywords: Bluetooth Security, pairing, malicious attackers, network security and Man-in-t...

Prashant Panse , Trishna Panse

Dave Singelee

Vivek Kapoor

— In this article we present a survey on security mechanism used in Bluetooth communication. Bluetooth is the personal area network (PAN).It is the kind of wireless Ad hoc network. Low cost, low power, low complexity and robustness are the basic features of Bluetooth. It works on Radio frequency. Bluetooth communication range is categorized as high, medium and low depending upon power level. High range of Bluetooth communication is up to 91 meter, medium range is up to 9 meter and low range is up to 1 meter. Authentication and Encryption are the key security features that are used at the link level in Bluetooth communication. A secret link key is used to achieve these security features which is shared between two Bluetooth devices.

Computers & Security

Shohrab Hossain

This paper gives an overview of protocols used in Bluetooth communication and security weaknesses and vulnerabilities of the Bluetooth system. Now days, Bluetooth is a frequently used technique for data transmission. Bluetooth standard was come under IEEE 802.15. Its basic features are ad hoc in nature, very low power consumption and low cost. It operates on radio propagation with 2.4GHZ. Various types of security protocols are used to prevent eavesdropping and message interception but still some security weaknesses like no integrity check, man in middle attack, Bluesnarf attack and many more are present in Bluetooth transmission. This paper gives broad overview of the security flaws in Bluetooth.

Manish Shrivastava

Debnath Bhattacharyya

Dr. Akhilesh A . Waoo

Bluetooth is a recently proposed protocol for local wireless communication and has become a de facto standard for short-range ad hoc radio connections. Security concern is one of the most important problems delaying the mass adoption of Bluetooth. This article provides a study on the security issues behind the Bluetooth standard. After a overview of the general Bluetooth protocol, a security framework is introduced for the description of the Bluetooth security layout. Then both link-level and service-level security schemes are discussed in detail on the basis of the framework. Some weaknesses of the Bluetooth security strategies are analyzed, together with potential risks and possible attacks against the vulnerabilities. Corresponding countermeasures are also proposed in order to improve the Bluetooth security.

The Journal of Applied Sciences Research

samta gajbhiye

Bluetooth technology is used primarily to establish wireless personal area networks. Exponential growth of the volume of Bluetooth-enabled devices indicates that it has become a popular way of wireless interconnections for exchanging information. However, man in the middle attacks against unsecured Bluetooth implementations can provide attackers with unauthorized access to sensitive information. It is a challenging task for researchers to provide a complete secure Bluetooth device. However, extensive contributions have been achieved. A comprehensive literature review of worldwide contributions from 1999 to 2014 has been carried out to analyze the Bluetooth attacks in real scenario and to identify the security feature of Secure Simple Pairing protocol in of Bluetooth v4.0+ low energy device. It has been found that the SSP introduced Elliptic Curve Cryptosystems in Bluetooth which are more secure than the previous mathematical technique based on discrete logarithm problem. The com...

Loading Preview

Sorry, preview is currently unavailable. You can download the paper by clicking the button above.

RELATED PAPERS

Journal of Sensor and Actuator Networks

bassam mohd

Volume 1 Issue 3

IJRCAR JOURNAL

Nishant Behar

… on Applications and the Internet, 2008. …

Marijke Coetzee

International Journal of Computer Applications

Ahmad Alfarjat

AL-Rafidain Journal of Computer Sciences and Mathematics

Mohammed Zaki Hasan

Mohammed Tarique

International Journal Of engineering and Computer Science (IJECS)

Int'l J. of Communications, Network and System Sciences

Jan Loeschner

Assoc. Prof. Dr. RASHIDAH FUNKE OLANREWAJU

Paris Kitsos

Information Security Journal: A Global Perspective

Computers, Materials & Continua

zhiyao liang

Journal of Information Security and Applications

•   We're Hiring!
•   Help Center
• Find new research papers in:
• Health Sciences
• Earth Sciences
• Cognitive Science
• Mathematics
• Computer Science
• Academia ©2024