TY - EJOU AU - Zhang, Qiaoyang AU - Liang, Zhiyao AU - Cai, Zhiping TI - Developing a New Security Framework for Bluetooth Low Energy Devices T2 - Computers, Materials \& Continua PY - 2019 VL - 59 IS - 2 SN - 1546-2226 AB - Wearable devices are becoming more popular in our daily life. They are usually used to monitor health status, track fitness data, or even do medical tests, etc. Since the wearable devices can obtain a lot of personal data, their security issues are very important. Motivated by the consideration that the current pairing mechanisms of Bluetooth Low Energy (BLE) are commonly impractical or insecure for many BLE based wearable devices nowadays, we design and implement a security framework in order to protect the communication between these devices. The security framework is a supplement to the Bluetooth pairing mechanisms and is compatible with all BLE based wearable devices. The framework is a module between the application layer and the GATT (Generic Attribute Profile) layer in the BLE architecture stack. When the framework starts, a client and a server can automatically and securely establish shared fresh keys following a designed protocol; the services of encrypting and decrypting messages are provided to the applications conveniently by two functions; application data are securely transmitted following another protocol using the generated keys. Prudential principles are followed by the design of the framework for security purposes. It can protect BLE based wearable devices from replay attacks, Man-in-The-Middle attacks, data tampering, and passive eavesdropping. We conduct experiments to show that the framework can be conveniently deployed with practical operational cost of power consumption. The protocols in this framework have been formally verified that the designed security goals are satisfied. KW - Bluetooth Low Energy KW - security KW - privacy KW - protocol KW - wearable devices KW - Internet of Things DO - 10.32604/cmc.2019.03758