Defending IoT Devices against Bluetooth Worms with Bluetooth OBEX Proxy
Abstract
:1. Introduction
- System call level: The goal is to hook system calls that are related to files, such as open, close, read, write, etc. These can be accomplished by (1) modifying the kernel’s system call implementation or (2) using the eBPF filter to intercept the system calls. For this approach to work, the file system must be in mandatory locking mode, which ensures that a time-of-check to time-of-use attack cannot happen [45].
- File system level: Avfs [37] is an on-access antivirus file system that uses Linux’s virtual file system (VFS) to stack on top of existing file systems and hooks the filtering mechanisms into the read/write operation of the VFS. The on-access design minimizes the performance impact compared to onopen, onclosed, or on-exec scanning.
- Protocol level: Unlike the previous two categories, this approach focuses on files that are transferred from external devices over network or wireless protocols. Depending on the implementation and usage of the protocol stack, it may be challenging to determine at which layer(s) in the protocol stack the hook points should be placed. There are several challenges with this approach. For example, it may implement some layers in the protocol stack inside the kernel; we need to be extra careful when hooking them. Also, hooking inside the protocol layer involves manually inspecting and modifying raw packets. For protocols that live inside another protocol, the packets may fragment, and it may be challenging to reconstruct them, especially if the protocol has to deal with retransmission packets.
- The service level, based on where the mechanism hooks into the system: When multiple applications need Bluetooth to interact with other devices, they may want to implement some Bluetooth stacks. These can typically be performed through libraries, sockets, or by sending the request to a service agent that does the job. This service approach makes managing connected Bluetooth devices and using standard Bluetooth protocols easier.
2. Background
2.1. Bluetooth Worm
2.2. BlueZ
2.3. Systemd
- Service unit
2.4. D-Bus
- Bus Name
- 2.
- Object and Interface
- ●
- org.freedesktop.DBus.Introspectable
- ●
- org.freedesktop.DBus.Properties
- ●
- org.freedesktop.DBus.ObjectManager
- ●
- org.freedesktop.DBus.Peer
- 3.
- Message
- 4.
- D-Bus Service
2.5. OBEX and Object Push Profile
3. Related Work
3.1. BlueBorne
3.2. Packet Filtering for BlueBorne
3.3. LBM
3.4. Avfs
4. Proposed Model
4.1. System Design Principles
4.2. Bluetooth OBEX Proxy (BOP)
- Asynchronous Message Handling
- 2.
- Message Redirection
- 3.
- Object Creation
- 4.
- Filter Mechanism
- 5.
- Custom Systemd Service and D-Bus Service
- (a)
- obex-bus.service and obex-bus.socket
- (b)
- obex.service
- (c)
- dbus-org.bluez.obex.service
5. Evaluation
5.1. Functional Testing
5.2. Accuracy
5.3. Performance
5.4. Functionality Comparisons
6. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- González, G.; Lárraga, M.E.; Alvarez-Icaza, L.; Gomez, J. Bluetooth worm propagation in smartphones: Modeling and analyzing spatio-temporal dynamics. IEEE Access 2021, 9, 75265–75282. [Google Scholar] [CrossRef]
- Nallusamy, T.; Ravi, R. Investigation on cybernetic worm propagation in Bluetooth enabled devices. Caribb. J. Sci. 2022, 52, 1450–1460. [Google Scholar]
- Ghillani, D.; Gillani, D.H. A perspective study on Malware detection and protection, A review. Authorea 2022. preprints. [Google Scholar] [CrossRef]
- Mahboubi, A.; Camtepe, S.; Ansari, K. Stochastic modeling of IoT botnet spread: A short survey on mobile malware spread modeling. IEEE Access 2020, 8, 228818–228830. [Google Scholar] [CrossRef]
- Carettoni, L.; Merloni, C.; Zanero, S. Studying bluetooth malware propagation: The bluebag project. IEEE Secur. Priv. 2007, 5, 17–25. [Google Scholar] [CrossRef]
- Podhradsky, A.L.; Casey, C.; Ceretti, P. The Bluetooth honeypot project. In Proceedings of the Wireless Telecommunications Symposium 2012, London, UK, 18–20 April 2012; IEEE: Piscataway, NJ, USA, 2012; pp. 1–10. [Google Scholar]
- Hassan, S.S.; Bibon, S.D.; Hossain, M.S.; Atiquzzaman, M. Security threats in Bluetooth technology. Comput. Secur. 2018, 74, 308–322. [Google Scholar] [CrossRef]
- Dunning, J. Taming the blue beast: A survey of bluetooth based threats. IEEE Secur. Priv. 2010, 8, 20–27. [Google Scholar] [CrossRef]
- Albahar, M.A.; Haataja, K.; Toivanen, P. Bluetooth MITM vulnerabilities: A literature review, novel attack scenarios, novel countermeasures, and lessons learned. Int. J. Inf. Technol. Secur. 2016, 8, 25–49. [Google Scholar]
- Haataja, K.; Hyppönen, K.; Pasanen, S.; Toivanen, P. MITM attacks on Bluetooth. In Bluetooth Security Attacks: Comparative Analysis, Attacks, and Countermeasures; Springer: Berlin/Heidelberg, Germany, 2013; pp. 61–70. [Google Scholar]
- Sandhya, S.; Devi, K.S. Contention for man-in-the-middle attacks in Bluetooth networks. In Proceedings of the 2012 Fourth International Conference on Computational Intelligence and Communication Networks, Mathura, India, 3–5 November 2012; IEEE: Piscataway, NJ, USA, 2012; pp. 700–703. [Google Scholar]
- Haataja, K.; Hypponen, K.; Toivanen, P. Ten years of bluetooth security attacks: Lessons learned. In Computer Science I Like; University of Eastern Finland: Kuopio, Finland, 2011; p. 45. [Google Scholar]
- Minar, N.B.-N.I.; Tarique, M. Bluetooth security threats and solutions: A survey. Int. J. Distrib. Parallel Syst. 2012, 3, 127. [Google Scholar] [CrossRef]
- Wang, Y.; Wen, S.; Xiang, Y.; Zhou, W. Modeling the propagation of worms in networks: A survey. IEEE Commun. Surv. Tutor. 2013, 16, 942–960. [Google Scholar] [CrossRef]
- Zou, C.C.; Towsley, D.; Gong, W. Modeling and simulation study of the propagation and defense of internet e-mail worms. IEEE Trans. Dependable Secur. Comput. 2007, 4, 105–118. [Google Scholar] [CrossRef]
- Su, J.; Chan, K.K.W.; Miklas, A.G.; Po, K.; Akhavan, A.; Saroiu, S.; de Lara, E.; Goel, A. A preliminary investigation of worm infections in a bluetooth environment. In Proceedings of the 4th ACM Workshop on Recurring Malcode, Alexandria, VA, USA, 3 November 2006; pp. 9–16. [Google Scholar]
- Yan, G.; Eidenbenz, S. Modeling propagation dynamics of bluetooth worms (extended version). IEEE Trans. Mob. Comput. 2008, 8, 353–368. [Google Scholar] [CrossRef]
- Mickens, J.W.; Noble, B.D. Modeling epidemic spreading in mobile environments. In Proceedings of the 4th ACM Workshop on Wireless Security, Cologne, Germany, 2 September 2005; pp. 77–86. [Google Scholar]
- Morris-King, J.R.; Cam, H. Controlling proximity-malware infection in diverse tactical mobile networks using K-distance pruning. In Proceedings of the MILCOM 2016—2016 IEEE Military Communications Conference, Baltimore, MD, USA, 1–3 November 2016; IEEE: Piscataway, NJ, USA, 2016; pp. 503–508. [Google Scholar]
- Zyba, G.; Voelker, G.M.; Liljenstam, M.; Méhes, A.; Johansson, P. Defending mobile phones from proximity malware. In Proceedings of the IEEE INFOCOM 2009, Rio de Janeiro, Brazil, 19–25 April 2009; IEEE: Piscataway, NJ, USA, 2009; pp. 1503–1511. [Google Scholar]
- Yang, Y.; Zhu, S.; Cao, G. Improving sensor network immunity under worm attacks: A software diversity approach. In Proceedings of the 9th ACM International Symposium on Mobile ad hoc Networking and Computing, Hong Kong, China, 26–30 May 2008; pp. 149–158. [Google Scholar]
- Li, F.; Yang, Y.; Wu, J. CPMC: An efficient proximity malware coping scheme in smartphone-based mobile networks. In Proceedings of the 2010 Proceedings IEEE INFOCOM, San Diego, CA, USA, 14–19 March 2010; IEEE: Piscataway, NJ, USA, 2010; pp. 1–9. [Google Scholar]
- Miklas, A.G.; Gollu, K.K.; Chan, K.K.; Saroiu, S.; Gummadi, K.P.; De Lara, E. Exploiting social interactions in mobile systems. In Proceedings of the International Conference on Ubiquitous Computing, Tyrol, Austria, 16–19 September 2007; Springer: Berlin/Heidelberg, Germany, 2007; pp. 409–428. [Google Scholar]
- Gao, C.; Liu, J. Modeling and restraining mobile virus propagation. IEEE Trans. Mob. Comput. 2012, 12, 529–541. [Google Scholar] [CrossRef]
- Fleizach, C.; Liljenstam, M.; Johansson, P.; Voelker, G.M.; Mehes, A. Can you infect me now? Malware propagation in mobile phone networks. In Proceedings of the 2007 ACM Workshop on Recurring Malcode, Alexandria, VA, USA, 2 November 2007; pp. 61–68. [Google Scholar]
- Meng, X.; Zerfos, P.; Samanta, V.; Wong, S.H.; Lu, S. Analysis of the reliability of a nationwide short message service. In Proceedings of the IEEE INFOCOM 2007—26th IEEE International Conference on Computer Communications, Anchorage, AK, USA, 6–12 May 2007; IEEE: Piscataway, NJ, USA, 2007; pp. 1811–1819. [Google Scholar]
- Bose, A.; Hu, X.; Shin, K.G.; Park, T. Behavioral detection of malware on mobile handsets. In Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services, Breckenridge, CO, USA, 17–20 June 2008; pp. 225–238. [Google Scholar]
- Zhu, Z.; Cao, G.; Zhu, S.; Ranjan, S.; Nucci, A. A social network based patching scheme for worm containment in cellular networks. In Handbook of Optimization in Complex Networks: Communication and Social Networks; Springer: New York, NY, USA, 2012; pp. 505–533. [Google Scholar]
- Zhao, D.; Wang, L.; Wang, Z.; Xiao, G. Virus propagation and patch distribution in multiplex networks: Modeling, analysis, and optimal allocation. IEEE Trans. Inf. Forensics Secur. 2018, 14, 1755–1767. [Google Scholar] [CrossRef]
- Zhang, X.; Cao, G. Transient community detection and its application to data forwarding in delay tolerant networks. IEEE/ACM Trans. Netw. 2017, 25, 2829–2843. [Google Scholar] [CrossRef]
- Lu, Z.; Sun, X.; Wen, Y.; Cao, G.; La Porta, T. Algorithms and applications for community detection in weighted networks. IEEE Trans. Parallel Distrib. Syst. 2014, 26, 2916–2926. [Google Scholar] [CrossRef]
- Peng, S.; Wu, M.; Wang, G.; Yu, S. Containing smartphone worm propagation with an influence maximization algorithm. Comput. Netw. 2014, 74, 103–113. [Google Scholar] [CrossRef]
- Yang, W.; Wang, H.; Yao, Y. An immunization strategy for social network worms based on network vertex influence. China Commun. 2015, 12, 154–166. [Google Scholar] [CrossRef]
- Wu, J.; Wu, R.; Antonioli, D.; Payer, M.; Tippenhauer, N.O.; Xu, D.; Tian, D.; Bianchi, A. {LIGHTBLUE}: Automatic {Profile-Aware} Debloating of Bluetooth Stacks. In Proceedings of the 30th USENIX Security Symposium (USENIX Security 21), Virtual, 11–13 August 2021; pp. 339–356. [Google Scholar]
- Vasan, D.; Alazab, M.; Venkatraman, S.; Akram, J.; Qin, Z. MTHAEL: Cross-architecture IoT malware detection based on neural network advanced ensemble learning. IEEE Trans. Comput. 2020, 69, 1654–1667. [Google Scholar] [CrossRef]
- Huda, S.; Miah, S.; Yearwood, J.; Alyahya, S.; Al-Dossari, H.; Doss, R. A malicious threat detection model for cloud assisted internet of things (CoT) based industrial control system (ICS) networks using deep belief network. J. Parallel Distrib. Comput. 2018, 120, 23–31. [Google Scholar] [CrossRef]
- Parra, G.D.L.T.; Rad, P.; Choo, K.-K.R.; Beebe, N. Detecting Internet of Things attacks using distributed deep learning. J. Netw. Comput. Appl. 2020, 163, 102662. [Google Scholar] [CrossRef]
- De Donno, M.; Dragoni, N.; Giaretta, A.; Spognardi, A. Analysis of DDoS-capable IoT malwares. In Proceedings of the 2017 Federated Conference on Computer Science and Information Systems (FedCSIS), Prague, Czech Republic, 3–6 September 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 807–816. [Google Scholar]
- Hallman, R.; Bryan, J.; Palavicini, G.; Divita, J.; Romero-Mariona, J. IoDDoS-the internet of distributed denial of sevice attacks. In Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security, Porto, Portugal, 24–26 April 2017; Scitepress: Setúbal, Portugal, 2017; pp. 47–58. [Google Scholar]
- Shobana, M.; Rathi, S. Iot malware: An analysis of iot device hijacking. Int. J. Sci. Res. Comput. Sci. Comput. Eng. Inf. Technol. 2018, 3, 2456–3307. [Google Scholar]
- Vignau, B.; Khoury, R.; Hallé, S. 10 years of IoT malware: A feature-based taxonomy. In Proceedings of the 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C), Sofia, Bulgaria, 22–26 July 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 458–465. [Google Scholar]
- Vignau, B.; Khoury, R.; Hallé, S.; Hamou-Lhadj, A. The evolution of IoT Malwares, from 2008 to 2019: Survey, taxonomy, process simulator and perspectives. J. Syst. Archit. 2021, 116, 102143. [Google Scholar] [CrossRef]
- Almiani, M.; Razaque, A.; Yimu, L.; Minjie, T.; Alweshah, M.; Atiewi, S. Bluetooth application-layer packet-filtering for blueborne attack defending. In Proceedings of the 2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC), Rome, Italy, 10–13 June 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 142–148. [Google Scholar]
- Tian, D.J.; Hernandez, G.; Choi, J.I.; Frost, V.; Johnson, P.C.; Butler, K.R. LBM: A security framework for peripherals within the linux kernel. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 19–23 May 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 967–984. [Google Scholar]
- Miretskiy, Y.; Das, A.; Wright, C.P.; Zadok, E. Avfs: An On-Access Anti-Virus File System. In Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA, 9–13 August 2004; pp. 73–88. [Google Scholar]
- García, G.G.; Ramirez, M.E.L. Modeling the spatio-temporal dynamics of worm propagation in smartphones based on cellular automata. In Proceedings of the 2016 European Modelling Symposium (EMS), Pisa, Italy, 28–30 November 2016; IEEE: Piscataway, NJ, USA, 2016; pp. 196–201. [Google Scholar]
- Cäsar, M.; Pawelke, T.; Steffan, J.; Terhorst, G. A survey on Bluetooth Low Energy security and privacy. Comput. Netw. 2022, 205, 108712. [Google Scholar] [CrossRef]
- Wang, H.; Xi, M.; Liu, J.; Chen, C. Transmitting IPv6 packets over Bluetooth low energy based on BlueZ. In Proceedings of the 2013 15th International Conference on Advanced Communications Technology (ICACT), PyeongChang, Republic of Korea, 27–30 January 2013; IEEE: Piscataway, NJ, USA, 2013; pp. 72–77. [Google Scholar]
- Beutel, J.; Krasnyanskiy, M. Linux BlueZ Howto. Available online: http://www.grc.upv.es/localdocs/bluezhowto.pdf (accessed on 23 September 2023).
- Kirkbride, P. Basic Linux Terminal Tips and Tricks; Springer: Berlin/Heidelberg, Germany, 2020. [Google Scholar]
- Basig, L.; Lazzaretti, F. Reliable Messaging Using the CloudEvents Router; OST Ostschweizer Fachhochschule: Rapperswil, Switzerland, 2021. [Google Scholar]
- Celesti, A.; Fazio, M.; Galletta, A.; Carnevale, L.; Wan, J.; Villari, M. An approach for the secure management of hybrid cloud–edge environments. Future Gener. Comput. Syst. 2019, 90, 1–19. [Google Scholar] [CrossRef]
- Groza, B.; Andreica, T.; Berdich, A.; Murvay, P.-S.; Gurban, E.H. Prestvo: Privacy enabled smartphone based access to vehicle on-board units. IEEE Access 2020, 8, 119105–119122. [Google Scholar] [CrossRef]
- Zeadally, S.; Siddiqui, F.; Baig, Z. 25 years of bluetooth technology. Future Internet 2019, 11, 194. [Google Scholar] [CrossRef]
- Kiourtis, A.; Mavrogiorgou, A.; Kyriazis, D. A comparative study of bluetooth spp, pan and goep for efficient exchange of healthcare data. Emerg. Sci. J. 2021, 5, 279–293. [Google Scholar] [CrossRef]
- Seri, B.; Livne, A. Exploiting Blueborne in Linux-Based IoT Devices; Armis: Palo Alto, CA, USA, 2019. [Google Scholar]
- Seri, B.; Vishnepolsky, G. The Dangers of Bluetooth Implementations: Unveiling Zero Day Vulnerabilities and Security Flaws in Modern Bluetooth Stacks; ArmisLabs: Palo Alto, CA, USA, 2017; pp. 1–38. [Google Scholar]
- Seri, B.; Vishnepolsky, G. BlueBorne-Technical Report; Technical Report; Armis: Palo Alto, CA, USA, 2017; 41p, Available online: https://www.scribd.com/document/360135609/BlueBorne-Technical-White-Paper (accessed on 21 September 2023).
- Godwin, S.; Glendenning, B.; Gagneja, K. Future security of smart speaker and IoT smart home devices. In Proceedings of the 2019 Fifth Conference on Mobile and Secure Services (MobiSecServ), Miami Beach, FL, USA, 2–3 March 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 1–6. [Google Scholar]
- Caldwell, L.; Ekerfelt, S.; Hornung, A.; Wu, J.Y. The Art of Bluedentistry: Current Security and Privacy Issues with Bluetooth Devices; Semantic Scholar; University of Washington: Seattle, WA, USA, 2006. [Google Scholar]
- freedesktop.org. File-Hierarchy—File System Hierarchy Overview. Available online: https://www.freedesktop.org/software/systemd/man/file-hierarchy.html (accessed on 21 September 2023).
- Bazaar. Malware-Bazaar. Available online: https://datalake.abuse.ch/malware-bazaar/daily/ (accessed on 21 September 2023).
- O. L. B. p. Stack. BlueZ. Available online: https://github.com/bluez/bluez/archive/refs/heads/master.zip (accessed on 21 September 2023).
Kernel Space | User Space |
---|---|
L2CAP | SDP |
SMP | OBEX |
SCO audio | TCS |
RFCOMM | |
BNEP | |
CMTP | |
HIDP |
Server VM | |
---|---|
vCPU | 2 cores |
RAM | 4 GB |
Bluetooth | MediaTek Inc. mt7921e |
OS | Ubuntu 22.04.2 LTS |
Kernel | 5.15.0-75-generic |
Client VM | |
---|---|
vCPU | 2 cores |
RAM | 4 GB |
Bluetooth | Cambridge Silicon Radio, Ltd. Bluetooth Dongle (USB) |
OS | Ubuntu 22.04.2 LTS |
Kernel | 5.15.0-75-generic |
Automatically Scan | # of Signature Databases Used | Need to Configure Directory | |
---|---|---|---|
BOP | X | 60+ | X |
ClamAV | V | 1 | V |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Hsu, F.-H.; Wu, M.-H.; Hwang, Y.-L.; Chen, J.-X.; Huang, J.-H.; Wang, H.-J.; Lai, Y.-W. Defending IoT Devices against Bluetooth Worms with Bluetooth OBEX Proxy. Information 2023, 14, 525. https://doi.org/10.3390/info14100525
Hsu F-H, Wu M-H, Hwang Y-L, Chen J-X, Huang J-H, Wang H-J, Lai Y-W. Defending IoT Devices against Bluetooth Worms with Bluetooth OBEX Proxy. Information. 2023; 14(10):525. https://doi.org/10.3390/info14100525
Chicago/Turabian StyleHsu, Fu-Hau, Min-Hao Wu, Yan-Ling Hwang, Jian-Xin Chen, Jian-Hong Huang, Hao-Jyun Wang, and Yi-Wen Lai. 2023. "Defending IoT Devices against Bluetooth Worms with Bluetooth OBEX Proxy" Information 14, no. 10: 525. https://doi.org/10.3390/info14100525
APA StyleHsu, F. -H., Wu, M. -H., Hwang, Y. -L., Chen, J. -X., Huang, J. -H., Wang, H. -J., & Lai, Y. -W. (2023). Defending IoT Devices against Bluetooth Worms with Bluetooth OBEX Proxy. Information, 14(10), 525. https://doi.org/10.3390/info14100525