Fingerprinting Bluetooth Low Energy Devices via Active Automata Learning

Andrea Pferscher; Bernhard Aichernig

doi:10.1007/978-3-030-90870-6_28

Fingerprinting Bluetooth Low Energy Devices via Active Automata Learning

Andrea Pferscher^*, Bernhard Aichernig

^*Corresponding author for this work

Institute of Software Technology (7160)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Active automata learning is a technique to automatically infer behavioral models of black-box systems. Today’s learning algorithms enable the deduction of models that describe complex system properties, e.g., timed or stochastic behavior. Despite recent improvements in the scalability of learning algorithms, their practical applicability is still an open issue. Little work exists that actually learns models of physical black-box systems. To fill this gap in the literature, we present a case study on applying automata learning on the Bluetooth Low Energy (BLE) protocol. It shows that not the size of the system limits the applicability of automata learning. Instead, the interaction with the system under learning, is a major bottleneck that is rarely discussed. In this paper, we propose a general automata learning architecture for learning a behavioral model of the BLE protocol implemented by a physical device. With this framework, we can successfully learn the behavior of five investigated BLE devices. The learned models reveal several behavioral differences. This shows that automata learning can be used for fingerprinting black-box devices, i.e., identifying systems via their specific learned models. Based on the fingerprint, an attacker may exploit vulnerabilities specific to a device

Original language	English
Title of host publication	Formal Methods - 24th International Symposium, FM 2021, Proceedings
Editors	Marieke Huisman, Corina Păsăreanu, Naijun Zhan
Place of Publication	Cham
Publisher	Springer
Pages	524-542
Number of pages	19
ISBN (Electronic)	978-3-030-90870-6
ISBN (Print)	978-3-030-90869-0
DOIs	https://doi.org/10.1007/978-3-030-90870-6_28
Publication status	Published - 2021
Event	24th International Symposium on Formal Methods: FM' 2021 - Virtuell, China Duration: 20 Nov 2021 → 26 Nov 2021

Publication series

Name	Lecture Notes in Computer Science
Volume	13047
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	24th International Symposium on Formal Methods
Abbreviated title	FM' 2021
Country/Territory	China
City	Virtuell
Period	20/11/21 → 26/11/21

Keywords

Active automata learning
Bluetooth Low Energy
Fingerprinting
IoT
Learning-based testing
Model inference

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-90870-6_28

Cite this

Fingerprinting Bluetooth Low Energy Devices via Active Automata Learning. / Pferscher, Andrea; Aichernig, Bernhard.
Formal Methods - 24th International Symposium, FM 2021, Proceedings. ed. / Marieke Huisman; Corina Păsăreanu; Naijun Zhan. Cham: Springer, 2021. p. 524-542 (Lecture Notes in Computer Science ; Vol. 13047 ).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Pferscher, A & Aichernig, B 2021, Fingerprinting Bluetooth Low Energy Devices via Active Automata Learning. in M Huisman, C Păsăreanu & N Zhan (eds), Formal Methods - 24th International Symposium, FM 2021, Proceedings. Lecture Notes in Computer Science , vol. 13047 , Springer, Cham, pp. 524-542, 24th International Symposium on Formal Methods, Virtuell, China, 20/11/21. https://doi.org/10.1007/978-3-030-90870-6_28

@inproceedings{f497bdb6d5b0448a93790e2e1757cdb1,

title = "Fingerprinting Bluetooth Low Energy Devices via Active Automata Learning",

abstract = "Active automata learning is a technique to automatically infer behavioral models of black-box systems. Today{\textquoteright}s learning algorithms enable the deduction of models that describe complex system properties, e.g., timed or stochastic behavior. Despite recent improvements in the scalability of learning algorithms, their practical applicability is still an open issue. Little work exists that actually learns models of physical black-box systems. To fill this gap in the literature, we present a case study on applying automata learning on the Bluetooth Low Energy (BLE) protocol. It shows that not the size of the system limits the applicability of automata learning. Instead, the interaction with the system under learning, is a major bottleneck that is rarely discussed. In this paper, we propose a general automata learning architecture for learning a behavioral model of the BLE protocol implemented by a physical device. With this framework, we can successfully learn the behavior of five investigated BLE devices. The learned models reveal several behavioral differences. This shows that automata learning can be used for fingerprinting black-box devices, i.e., identifying systems via their specific learned models. Based on the fingerprint, an attacker may exploit vulnerabilities specific to a device",

keywords = "Active automata learning, Bluetooth Low Energy, Fingerprinting, IoT, Learning-based testing, Model inference",

author = "Andrea Pferscher and Bernhard Aichernig",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 24th International Symposium on Formal Methods : FM' 2021, FM' 2021 ; Conference date: 20-11-2021 Through 26-11-2021",

year = "2021",

doi = "10.1007/978-3-030-90870-6_28",

language = "English",

isbn = "978-3-030-90869-0",

series = "Lecture Notes in Computer Science ",

publisher = "Springer",

pages = "524--542",

editor = "Marieke Huisman and Corina P{\u a}s{\u a}reanu and Naijun Zhan",

booktitle = "Formal Methods - 24th International Symposium, FM 2021, Proceedings",

}

TY - GEN

T1 - Fingerprinting Bluetooth Low Energy Devices via Active Automata Learning

AU - Pferscher, Andrea

AU - Aichernig, Bernhard

PY - 2021

Y1 - 2021

N2 - Active automata learning is a technique to automatically infer behavioral models of black-box systems. Today’s learning algorithms enable the deduction of models that describe complex system properties, e.g., timed or stochastic behavior. Despite recent improvements in the scalability of learning algorithms, their practical applicability is still an open issue. Little work exists that actually learns models of physical black-box systems. To fill this gap in the literature, we present a case study on applying automata learning on the Bluetooth Low Energy (BLE) protocol. It shows that not the size of the system limits the applicability of automata learning. Instead, the interaction with the system under learning, is a major bottleneck that is rarely discussed. In this paper, we propose a general automata learning architecture for learning a behavioral model of the BLE protocol implemented by a physical device. With this framework, we can successfully learn the behavior of five investigated BLE devices. The learned models reveal several behavioral differences. This shows that automata learning can be used for fingerprinting black-box devices, i.e., identifying systems via their specific learned models. Based on the fingerprint, an attacker may exploit vulnerabilities specific to a device

AB - Active automata learning is a technique to automatically infer behavioral models of black-box systems. Today’s learning algorithms enable the deduction of models that describe complex system properties, e.g., timed or stochastic behavior. Despite recent improvements in the scalability of learning algorithms, their practical applicability is still an open issue. Little work exists that actually learns models of physical black-box systems. To fill this gap in the literature, we present a case study on applying automata learning on the Bluetooth Low Energy (BLE) protocol. It shows that not the size of the system limits the applicability of automata learning. Instead, the interaction with the system under learning, is a major bottleneck that is rarely discussed. In this paper, we propose a general automata learning architecture for learning a behavioral model of the BLE protocol implemented by a physical device. With this framework, we can successfully learn the behavior of five investigated BLE devices. The learned models reveal several behavioral differences. This shows that automata learning can be used for fingerprinting black-box devices, i.e., identifying systems via their specific learned models. Based on the fingerprint, an attacker may exploit vulnerabilities specific to a device

KW - Active automata learning

KW - Bluetooth Low Energy

KW - Fingerprinting

KW - IoT

KW - Learning-based testing

KW - Model inference

UR - http://www.scopus.com/inward/record.url?scp=85119879298&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-90870-6_28

DO - 10.1007/978-3-030-90870-6_28

M3 - Conference paper

SN - 978-3-030-90869-0

T3 - Lecture Notes in Computer Science

SP - 524

EP - 542

BT - Formal Methods - 24th International Symposium, FM 2021, Proceedings

A2 - Huisman, Marieke

A2 - Păsăreanu, Corina

A2 - Zhan, Naijun

PB - Springer

CY - Cham

T2 - 24th International Symposium on Formal Methods

Y2 - 20 November 2021 through 26 November 2021

ER -

Fingerprinting Bluetooth Low Energy Devices via Active Automata Learning

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

LearnTwins - Learning Digital Twins for the Validation and Verification of Dependable Cyber-PhysicalSystems

Dependable Internet of Things

Cite this

Fingerprinting Bluetooth Low Energy Devices via Active Automata Learning

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Projects

LearnTwins - Learning Digital Twins for the Validation and Verification of Dependable Cyber-PhysicalSystems

Dependable Internet of Things

Cite this