我們提出一項具有近距離認證的低功耗藍牙燈光控制系統, 近距離認證可以透過更動 低功耗電磁波強弱來達成NFC(Near Field Communication)的效果, 而且是具有主動式認證 仿NFC的低功耗藍牙功能。
我們以燈光權限管理系統為基礎,加上近距離認證後的加密演算法加密訊息, 可以有效 預防外部人員的藍芽偷錄攻擊而取得權限, 相較於現在低功耗藍牙硬體上支援的AES128加 密, 我們多了一層M2M軟體的加密, 實驗方法顯示我們可以對未來的智慧家電能夠提供更 高的安全性保護。

We propose a lighting control system based on a near-field version of Bluetooth Low Energy (BLE) Technology, called NFB, and an access control protocol to enhance security. At the hardware level, we reduce the RF power of the BLE transceiver to that comparable to Near Field Communi- cation (NFC) so that it can mimic the convenient contactless-style authentication in NFC ID cards. While the reduced RF power of NFB makes it more difficult for attackers to snoop compared to stan- dard BLE, we add another encryption layer to further strengthen the security of NFB beyond AES128 crypto co-processor built into BLE today. Experimental results show that our proposed scheme to provide strong security for protecting future smart home systems.

1 Introduction........................................ 1
1.1 Motivation........................................ 1
1.1.1 Access Control and Authentication ...................... 1
1.1.2 Security..................................... 2
1.1.3 Central Point of Failure............................. 3
1.1.4 Distributed Access Control over BLE ..................... 3
1.2 Contributions ...................................... 4
2 Related Work................................... 5
2.1 Wireless protocols.................................... 5
2.1.1 Radio-frequency identification(RFID)..................... 5
2.1.2 Near Field Communication(NFC)....................... 6
2.1.3 ZigBee ..................................... 6
2.1.4 Bluetooth Low Energy(BLE) ......................... 6
2.1.5 Wi-Fi Direct .................................. 7
2.2 Authentication Approaches............................... 7
2.2.1 Two-step verification.............................. 7
2.2.2 CAPTCHA................................... 8
2.2.3 3-DSecure ................................... 8
2.3 Bluetooth Attack Model ................................ 8
2.3.1 Man In The Middle Attack(MITM)...................... 9
i2.3.2 Replay attack.................................. 9
2.3.3 Denial of Service Attack............................ 9
2.4 Access Control ..................................... 10
2.4.1 Tag-Based Access Control ........................... 10
2.4.2 Role-Based Access Control(RBAC)...................... 10
2.4.3 Temporal Role-Based Access Control(TRBAC)................................... 11
3 System Overview................................... 12
3.1 Overall System ..................................... 12
3.2 Communication between Smartmobile and SENode ................................... 12
3.2.1 Near-Field Communication on Bluetooth ................... 13
3.2.2 Temporal role-based access control ...................... 13
4 Near-Field Bluetooth Low Energy (NFB)................................... 14
4.1 Near Field Connection ................................. 14
4.2 Power Control in Near Field Key Exchange ...................... 15
4.2.1 Radio Capabilities ............................... 15
4.2.2 Periodic BLE and NF Mode Toggling ..................... 16
4.2.3 Mode Change Scheduling ........................... 16
4.3 Public and Private Key Exchange Protocol....................... 17
4.4 Encryption Algorithm.................................. 20
5 Temporal Role-Based Access control(TRBAC)................................... 22
5.1 Components of TRBAC................................. 22
5.2 Authentication Process ................................. 24
5.3 Command formation .................................. 26
5.3.1 User command................................. 27
5.3.2 Role command ................................. 27
5.3.3 Alarm command ................................ 28
5.3.4 Setting command ............................... 28
5.4 Control process ..................................... 28
6 System Implementation................................... 30
6.1 BLE-enable SE Nodes ................................. 30
6.2 Terminal......................................... 32
6.3 Gateway......................................... 33
6.3.1 BlueZ...................................... 34
6.3.2 Bluepy ..................................... 34
6.3.3 Django ..................................... 34
6.4 Cloud.......................................... 35
7 Evaluation................................... 37
7.1 Transmission Power Measurement ........................... 37
7.1.1 Periodic BLE and NF Mode Toggling ..................... 37
7.1.2 Power change with increasing distance .................... 38
7.2 Latency ......................................... 39
7.2.1 Key exchange protocol............................. 39
7.2.2 Processing Time over Key Length ....................... 39
7.2.3 Connection Latency .............................. 40
8 Conclusions and Future Work...................................41
8.1 Conclusions....................................... 41
8.2 FutureWork....................................... 41
8.2.1 Multi-Hop Network .............................. 42
8.2.2 Localization................................... 42
Appendices................................... 43

[1] KISI secure smartphone keys homepage. https://getkisi.com/.
[2] August smart lock hompage. http://august.com/.
[3] BlueZ. https://www.bluez.org.
[4] Danalock smart lock hompage. https://danalock.com/.
[5] Lockitron smart lock hompage. https://lockitron.com/.
[6] Elisa Bertino, Piero Andrea Bonatti, and Elena Ferrari. Trbac: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur., 4(3):191–233, August 2001. ISSN 1094-9224. doi: 10.1145/501978.501979. URL http://doi.acm.org/10.1145/501978.501979.
[7] bluepy. Python interface to Bluetooth LE on Linux. https://github.com/IanHarvey/bluepy.
[8] David F. Ferraiolo and D. Richard Kuhn. Role-based access controls. CoRR, abs/0903.2171,
2009. URL http://arxiv.org/abs/0903.2171.
[9] David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chan- dramouli. Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Se- cur., 4(3):224–274, August 2001. ISSN 1094-9224. doi: 10.1145/501978.501980. URL http://doi.acm.org/10.1145/501978.501980.
[10] GOOGLE. Two-step verification. https://www.google.com/landing/2step/.
[11] James BD Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. A generalized temporal role- based access control model. IEEE Transactions on Knowledge and Data Engineering, 17(1): 4–23, 2005.
47[12] Cheng-Ting Lee, Cheng-Hsun Yang, Chun-Min Chang, Chung-Yi Kao, Hua-Min Tseng, Hen- pai Hsu, and Pai H Chou. A smart energy system with distributed access control. In Internet of Things (iThings), 2014 IEEE International Conference on, and Green Computing and Com- munications (GreenCom), IEEE and Cyber, Physical and Social Computing (CPSCom), IEEE, pages 53–60. IEEE, 2014.
[13] RaviSSandhu,EdwardJCoynek,HalLFeinsteink,andCharlesEYoumank.Role-basedaccess control models yz. IEEE computer, 29(2):38–47, 1996.
[14] Jonathan Shahen, Jianwei Niu, and Mahesh Tripunitara. Mohawk+ t: Efficient analysis of ad- ministrative temporal role-based access control (atrbac) policies. In Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, pages 15–26. ACM, 2015.
[15] TechCity Technology Co., Ltd. E2-live. http://e2-live.com/.
[16] Peng-Loon Teh, Huo-Chong Ling, and Soon-Nyean Cheong. NFC smartphone based access control system using information hiding. In Open Systems (ICOS), 2013 IEEE Conference on, pages 13–17. IEEE, 2013.
[17] Texas Instruments. CC2541 2.4 GHz Bluetooth Low Energy system-on-chip. http://www.ti. com/product/cc2541/.