因為智慧型手機普及，而目前智慧型手機多半支援低功率藍牙(Bluetooth Low Energy, BLE)，因此目前許多物聯網(Internet of Thing, IoT) 的應用皆採用低功率藍牙進行資料交換。目前低功率藍牙機制也提供了綁定的機制，以便裝置間可以互相交換資訊，而產生會議金鑰，來確保資料傳輸的機密性。然而，因為傳統藍牙的綁定方式有被竊取會議金鑰的弱點，而新版的藍牙協定又不是所有的裝置都支援，因此，本研究提出透過於低功率藍牙與應用層之間加入一個安全層的概念。該層可以讓應用程式透過所提供的介面去與其他裝置進行身分鑑別與建立安全連線，而該安全層會運用基本GATT通訊方式達到上述功能，以解決裝置可能不支援綁定方式的問題。如此，可改善既有的低功率藍牙裝置的弱點，而提升藍牙應用的安全。

The smart phone has become so popular that we can be certain almost everyone has at least one smart phone. Most smart phones right now support the Bluetooth Low Energy (BLE) protocol to exchange data. Therefore, Internet of Things (IoT) applications usually use BLE for device communication. Devices can bind with each other to exchange session keys for secure communication. However, there are vulnerabilities in Legacy BLE binding schemes. The vulnerabilities are addressed in new versions of BLE protocols, but many current devices do not support new versions of BLE protocols. In light of this, this thesis proposes a secure layer for BLE communication. Our secure layer relies on BLE GATT services to provide applications with standard interfaces for authentication and security channel establishing between BLE-based devices. As a result, the secure layer can address the vulnerabilities without replacing the existing system, and also improve the security of IoT applications.

[1] V. Moreno-Cano, F. Terroso-Saenz, and A. F. Skarmeta-Gómez, "Big data for IoT services in smart cities," in Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on, 2015, pp. 418-423.
[2] L. Atzori, A. Iera, and G. Morabito, "The internet of things: A survey," Computer networks, vol. 54, pp. 2787-2805, 2010.
[3] E. Fernandes, J. Jung, and A. Prakash, "Security Analysis of Emerging Smart Home Applications," 2016.
[4] P. Misra, S. Raza, V. Rajaraman, J. Warrior, and T. Voigt, "Security Challenges in Indoor Location Sensing using Bluetooth LE Broadcast," ewsn 2015, p. 11, 2015.
[5] L. Barreto, A. Celesti, M. Villari, M. Fazio, and A. Puliafito, "An Authentication Model for IoT Clouds," in Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015, 2015, pp. 1032-1035.
[6] J. Mineraud, O. Mazhelis, X. Su, and S. Tarkoma, "A gap analysis of Internet-of-Things platforms," arXiv preprint arXiv:1502.01181, 2015.
[7] E. Borgia, "The Internet of Things vision: Key features, applications and open issues," Computer Communications, vol. 54, pp. 1-31, 2014.
[8] M. Ryan, "Bluetooth: With Low Energy Comes Low Security," in WOOT, 2013.
[9] Z.-K. Zhang, M. C. Y. Cho, and S. Shieh, "Emerging security threats and countermeasures in IoT," in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, 2015, pp. 1-6.
[10] C.-L. Yang, W. Tarng, K.-R. Hsieh, and M. Chen, "A security mechanism for clustered wireless sensor networks based on elliptic curve cryptography," in IEEE international conference on systems, man, and cybernetics (IEEE SMC), 2010.
[11] S. Bluetooth, "Bluetooth specification version 4.2," Bluetooth SIG, 2014.
[12] K. Townsend, C. Cufí, and R. Davidson, Getting started with Bluetooth low energy: Tools and techniques for low-power networking: " O'Reilly Media, Inc.", 2014.
[13] (2016, 22/05/2016). GAP | Introduction to Bluetooth Low Energy | Adafruit Learning System. Available: https://learn.adafruit.com/introduction-to-bluetooth-low-energy/gap
[14] (2016, 20/05/2016). GATT | Introduction to Bluetooth Low Energy | Adafruit Learning System. Available: https://learn.adafruit.com/introduction-to-bluetooth-low-energy/gatt
[15] (2016, 22/05/2016). GATT | Bluetooth Development Portal. Available: https://developer.bluetooth.org/TechnologyOverview/Pages/GATT.aspx
[16] (2016, 23/05/2016). Services | Bluetooth Development Portal. Available: https://developer.bluetooth.org/gatt/services/Pages/ServicesHome.aspx
[17] (2016, 23/05/2016). Characteristics | Bluetooth Development Portal. Available: https://developer.bluetooth.org/gatt/characteristics/Pages/CharacteristicsHome.aspx
[18] L. Martin, G. Appenzeller, and M. Schertler, "Identity-based encryption architecture and supporting data structures," Identity, 2009.
[19] A. Shamir, "Identity-based cryptosystems and signature schemes," in Advances in cryptology, 1984, pp. 47-53.
[20] X. Boyen and L. Martin, "Identity-based cryptography standard (IBCS)# 1: Supersingular curve implementations of the BF and BB1 cryptosystems," 2070-1721, 2007.
[21] C. Youngblood, "An Introduction to Identity-Based Cryptography," CSEP 590TU, 2005.
[22] T. Markmann, T. C. Schmidt, and M. Wählisch, "Federated End-to-End Authentication for the Constrained Internet of Things Using IBC and ECC," in Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, 2015, pp. 603-604.
[23] (2016, 25/05/2016). Overview of the ECDH Algorithm (CNG Example). Available: https://msdn.microsoft.com/en-us//library/cc488016(v=vs.90).aspx
[24] (2016, 25/05/2016). Elliptic curve Diffie-Hellman. Available: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman
[25] S. Sciancalepore, A. Capossele, G. Piro, G. Boggia, and G. Bianchi, "Key Management Protocol with Implicit Certificates for IoT systems," in Proceedings of the 2015 Workshop on IoT challenges in Mobile and Industrial Systems, 2015, pp. 37-42.