Zhiqiang Lin, Distinguished Professor of Engineering in the Department of Computer Science and Engineering at The Ohio State University, will present a Computer Science Colloquium lecture on Friday, October 14, 2022, from 3-4 p.m. via Zoom online meeting. The title of Lin’s talk is, “Rethinking the Security and Privacy of Bluetooth Low Energy.” The lecture is presented by the Michigan Tech Department of Computer Science.
Dr. Lin’s research interests center around systems and software security, with a key focus on developing automated binary analysis techniques for vulnerability discovery and malware analysis; hardening the systems and software from binary code rewriting, virtualization, and trusted execution environment; and the applications of these techniques in Mobile, IoT, Bluetooth, and Connected and Autonomous Vehicles.
Abstract: As near-range wireless communication technology, Bluetooth Low Energy (BLE) has been widely used in numerous Internet-of-Things (IoT) devices from healthcare, fitness, wearables, to smart homes, because of its extremely lower energy consumption. Unfortunately, the past several years have also witnessed numerous security flaws that have rendered billions of Bluetooth devices vulnerable to attacks. While luckily these flaws have been discovered, there is no reason to believe that current Bluetooth Low Energy protocols and implementations are free from attacks, since Bluetooth Low Energy consists of multiple layers with various sub-protocols and components.
In this talk, Dr. Lin will talk about a number of recently discovered security and privacy threats against the BLE, and the lessons learned from those threats. In particular, he will first discuss the protocol-level downgrade attack, an attack that can force the secure BLE channels into insecure ones to break the data integrity and confidentiality of BLE traffic. Then, he will introduce Bluetooth Address Tracking (BAT) attack, a new protocol-level attack discovered from his group, which can track randomized Bluetooth MAC addresses by using a novel allowlist-based side channel. Next, he will discuss the lessons learned, root causes of the attack, and its countermeasures. Finally, he will conclude his talk by discussing future directions in Bluetooth security and privacy.
Lin has published over 100 papers, many of which appeared in the top venues in cybersecurity. He is a recipient of Harrison Faculty Award for Excellence in Engineering Education, NSF CAREER award, AFOSR Young Investigator award, and Outstanding Faculty Teaching Award. He received his Ph.D. in Computer Science from Purdue University.