Managing cybersecurity break-ins using bluetooth low energy devices to verify attackers: A practical study
Abstract—We present a novel solution in tracking the behaviour of an attacker and limiting their ability to compromise a cybersecurity system. The solution is based on combining a decoy with a real system, where a BLE controller will be placed in the middle, acting like a fob that opens and closes the access of the server’s BLE. If the first server wants to communicate with the second server, the BLE must be activated by the BLE controller in order for both servers to communicate with one another. This is a relatively low-cost solution and our aim is to lower the interruption to the live system, capture the attacker’s position, and limit the damages the attacker can do to a live system. A second related goal is to lower the attacker’s opportunity to detect that they are being monitored. A third goal is to gather evidence of the attacker’s actions that can be used for further investigation. This work is significant in that it is implemented within a real physical system for testing and evaluation using Raspberry PI and Arduino boards to replicate servers that communicate wirelessly. Several custom programs are written from scratch to monitor the attacker’s behaviour, and the use of Bluetooth Low Energy to verify users. When the device was disassembled, all of the Raspberry PI, which run the Linux servers, were discontinued and unable to communicate with other devices.
We introduce a novel architecture to mitigate the cybersecurity threats in a network environment. We propose a solution in which a fictitious main system interacts with a monitoring system (real system), representing good use of Bluetooth Low Energy (BLE) devices to control the communication flow between each server. This approach of using the BLE devices can limit the opportunity for the attacker to breach the real system. Each user must have a dedicated BLE built into their computer at 5 meters distance in order for the master (main) BLE controller to verify the user.
This research makes several contributions to existing work on cybersecurity. First, without the proper BLE verification, even with the correct username and password, the system will direct the user to the decoy system and never to the real system.Second, we provide python applications that can be installed in practice to detect and trace attackers’ positioning in the system. Significantly, our solutions have been tested in a real, physical network environment.