Bluetooth Low Energy Security Vulnerability and Improvement Method

Abstract

In this paper, we introduce a security vulnerability of Bluetooth Low Energy(BLE) and propose an improved security method to solve it. BLE is used to transmit and receive data between nodes such as sensors, wearable devices in the Internet of Things (IoT) environment. However, there is a possibility that an encryption key for communicating between nodes is cracked because of the security vulnerability of BLE. The security vulnerability of BLE is that the length of the Temporary Key (TK) to generate the encryption key is too short. It is a fatal problem in terms of a data security. We describe how an attacker can crack the encryption key through the vulnerability. To solve this problem, we propose an improved security method that increases the length of the TK. In the conventional BLE, the encryption key can be cracked within 20 seconds. But, it may take 600,000,000,000 years when the proposed method is used. Therefore, the proposed method can ensure that it is infeasible to crack the encryption key.