论文信息 - A Location Privacy Analysis of Bluetooth Mesh

A Location Privacy Analysis of Bluetooth Mesh

Previous research demonstrated that Bluetooth Low Energy beacons enable very accurate indoor positioning. This leads to the question whether a Bluetooth Mesh network could inadvertently serve the same purpose, leading to unexpected location privacy violations. We analyze the information broadcasted by a typical Bluetooth Mesh installation and show that it can indeed be utilized by a potentially malicious smartphone app in order to localize a smartphone user within a building. This is facilitated by the unique advertising address regularly emitted by each mesh node. Further, we show that implementing address randomization on the side of the mesh network completely prevents this type of positioning without having a negative impact on the functioning of the mesh network.

Jan Steffan | Matthias Caesar

[1] Gui-hua Yang,et al. Research on Indoor Location Algorithm Based on WIFI , 2018 .

[2] Vinod Sharma,et al. Cross-App Tracking via Nearby Bluetooth Low Energy Devices , 2018, CODASPY.

[3] Frank Piessens,et al. Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms , 2016, AsiaCCS.

[4] Hiroshi Matsuo,et al. Global map matching using BLE beacons for indoor route and stay estimation , 2018, SIGSPATIAL/GIS.

[5] Sachin Katti,et al. SpotFi: Decimeter Level Localization Using WiFi , 2015, SIGCOMM.

[6] Aaron Striegel,et al. Estimating dining hall usage using bluetooth low energy beacons , 2017, UbiComp/ISWC Adjunct.

[7] Kang G. Shin,et al. Locating and Tracking BLE Beacons with Smartphones , 2017, CoNEXT.

[8] Robert Harle,et al. Location Fingerprinting With Bluetooth Low Energy Beacons , 2015, IEEE Journal on Selected Areas in Communications.

[9] Song Gao,et al. Employing spatial analysis in indoor positioning and tracking using wi-fi access points , 2016, ISA@SIGSPATIAL.

[10] Scott Bell,et al. Quantitative comparison of indoor positioning on different densities of WiFi arrays in a single environment , 2013, ISA '13.