Enhancing Critical Infrastructure Security Using Bluetooth Low Energy Traffic Sniffers

Jose A. Gutierrez del Arroyo


Bluetooth Low Energy (BLE) is a wireless communications protocol used in Critical Infrastructure (CI) applications. Based on recent research trends, it is likely that the next generation of wireless sensor networks, a CI application that the Department of Defense (DoD) regularly employs in surveillance and reconnaissance missions, will include BLE as an inter-sensor communications protocol. Thus, future U.S. military missions may be directly impacted by the security of BLE. One natural way to help protect BLE sensors is to use BLE traffic sniffers to detect attacks. The primary limitation with current sniffers is that they can only capture one connection at a time, making them impractical for applications employing multiple BLE devices. This work aims to overcome that limitation to help secure the types of BLE sensor networks employed by the DoD. First, this work identifies vulnerabilities and enumerates attack vectors against a BLE wireless industrial sensor, presenting a list of security best practices that vendors and end-users can follow and demonstrating how users can employ BLE sniffers to detect attacks. The work then introduces BLE-Multi, an enhancement to an open-source BLE sniffer that can simultaneously and reliably capture multiple connections. Finally, the work presents and executes a methodology to evaluate BLE sniffers. Under the evaluation conditions applied, BLE-Multi achieves simultaneous capture of multiple active connections, paving the way for automated defensive tools that can be used by the DoD and security community. The contributions within are published in one journal article and one conference paper and were presented at three conferences focused on wireless security and CI protection.