Battery Polling and Trace Determination for Bluetooth Attack Detection in Mobile Devices

Buennemeyer, T.K.; Nelson, Theresa; Gora, Michael; Marchany, Randy; Tront, Joseph G.

doi:10.1109/iaw.2007.381925

Cited by 8 publications

(8 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[36] Buennemeyer et al provided a means of detecting Bluetooth battery depletion attacks using an anomaly detection system that measured the power levels of a particular Bluetooth device. [23] …”

Section: Wireless and Mobile Threat Modelingmentioning

confidence: 97%

See 1 more Smart Citation

Bluetooth Network-Based Misuse Detection

OConnor

Reeves

2008

2008 Annual Computer Security Applications Conference (ACSAC)

View full text Add to dashboard Cite

Bluetooth, a protocol designed to replace peripheral cables, has grown steadily over the last five years and includes a variety of applications. The Bluetooth protocol operates on a wide variety of mobile and wireless devices and is nearly ubiquitous. Several attacks exist that successfully target and exploit Bluetooth enabled devices. This paper describes the implementation of a network intrusion detection system for discovering malicious Bluetooth traffic. The work improves upon existing techniques, which only detect a limited set of attacks (based on measuring anomalies in the power levels of the Bluetooth device). The new method identifies reconnaissance, denial of service, and information theft attacks on Bluetooth enabled devices, using signatures of the attacks. Furthermore, this system includes an intrusion response component to deflect attacks in progress, based on the attack classification.This paper presents the implementation of the Bluetooth Intrusion Detection System and demonstrates its detection, analysis, and response capabilities. The tool includes a visualization interface to facilitate the understanding of Bluetooth enabled attacks. The experimental results show that the system can significantly improve the overall security of an organization by identifying and responding to threats posed to the Bluetooth protocol.

show abstract

Section: Wireless and Mobile Threat Modelingmentioning

confidence: 97%

“…Researchers at Virginia Tech have shown how to combine classic Internet protocol attacks such as the SYN flood with a Bluetooth distribution scheme. [23] As the number of attacks have grown, so have the severity of attacks and the ease of implementation. Repositories of attacks exist with source code.…”

Section: Emerging Trendsmentioning

confidence: 99%

Bluetooth Network-Based Misuse Detection

OConnor

Reeves

2008

2008 Annual Computer Security Applications Conference (ACSAC)

View full text Add to dashboard Cite

show abstract

“…Until recently, many Bluetooth device users considered their systems to be safe from attack. Table 1 [14] indicates that Bluetooth exploits and emerging attacks are increasing. The ever changing state of attack vectors has opened another avenue for attack signature development, which encompasses the characterization of Bluetooth wireless personal area network (WPAN) attacks.…”

Section: Proceedings Of the 42nd Hawaii International Conference On Smentioning

confidence: 99%

“…This will offer greater opportunities to develop battery-based trace signatures, since Bluetooth capable devices tend to be of low powered design. Attacking exposed hosts through unsecured WPANs would allow the attacker direct access to the mobile device and its OS environment, completely bypassing any upstream defensive measures [14]. This observation suggests that mobile devices have an increasing need for hybrid IDS protection such as B-SIPS.…”

Section: Proceedings Of the 42nd Hawaii International Conference On Smentioning

confidence: 99%

“…While considering plausible attacks that could disrupt PDA and smart phone operations, three original DoS attacks were crafted in the lab: BlueSYN, BlueSYN Calling DoS and PingBlender [14]. These blended attacks were designed to saturate the test devices multiple communication channels capabilities to hasten the drain time of its battery resources.…”

Section: Proceedings Of the 42nd Hawaii International Conference On Smentioning

confidence: 99%

See 1 more Smart Citation

Simulating the Deployment of Battery-Sensing Intrusion Protection Systems

Nelson

Buennemeyer

Marchany

et al. 2009

2009 42nd Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

This paper extends Battery-Sensing Intrusion Protection System (B-SIPS) research by utilizing network simulations for deployment validation and optimization. The primary simulation goal is to ensure that B-SIPS does not negatively affect external applications in the network, as any drastic throughput degradation would severely lower the probability of successful B-SIPS deployments. The research goal is accomplished goal by modeling the Virginia Tech wireless-cum-wired network and simulating various network sizes, external network loads, and B-SIPS application transmission settings. This research demonstrates that under reasonable network loads the B-SIPS application had little to no effect on the throughput of external applications. Additionally, the 1 second default transmission rate for B-SIPS was determined to cause the least application degradation for external applications and ensured B-SIPS reports were successfully transmitted in a saturated network environment. Next, the detection capabilities of B-SIPS are examined by conducting Bluetooth, Wi-Fi, and blended attacks against mobile devices. The ability of B-SIPS to detect multi-vector attacks provides application users with the ability to conserve battery charge life and retain device service significantly longer than devices undergoing similar attacks and not utilizing B-SIPS. The attacks used in this portion of the research should be applied to future network simulations of B-SIPS. These simulations will quantify network throughput and device battery usage in large scale network deployments that are, and are not, using B-SIPS.

show abstract