Integration of Hardware Security Modules into BLE Beacons: Fundamentals and Use in a Secure and Private Geofencing Application

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2025-09-13 DOI:10.1016/j.iot.2025.101762

Miguel Mesa-Simón , Antonio Escobar-Molero , Luis Parrilla , Diego P. Morales , José Antonio Álvarez-Bermejo , Francisco J. Romero

{"title":"Integration of Hardware Security Modules into BLE Beacons: Fundamentals and Use in a Secure and Private Geofencing Application","authors":"Miguel Mesa-Simón , Antonio Escobar-Molero , Luis Parrilla , Diego P. Morales , José Antonio Álvarez-Bermejo , Francisco J. Romero","doi":"10.1016/j.iot.2025.101762","DOIUrl":null,"url":null,"abstract":"<div><div>Bluetooth Low Energy (BLE) is a wireless technology designed for creating personal area networks in low-power applications. In the context of BLE, Beacon devices are widely used to transmit small packets of data with unique identifiers at regular intervals to be detected by surrounding devices. These devices enable a wide range of applications, including indoor navigation, marketing, and asset tracking. However, BLE Beacons suffer from multiple security issues and privacy concerns since the transmissions are unencrypted and do not include authentication mechanisms. While many implementations try to provide security to the Beacons packet, they often rely on external servers, static keys, synchronization for key derivation, or use difficult to maintain and to operate Public Key Infrastructure (PKI). In this work, we propose a solution to enhance Beacon security through the integration of Secure Elements (SEs), establishing a Root of Trust. Our approach is based on the over-the-air activation of the BLE beacons incorporating an authentication mechanism and a key derivation technique to safeguard privacy and data integrity in the communication. We demonstrate that this implementation incurs minimal delays and power consumption compared to traditional Beacons while avoiding the added complexity of solutions based on Certificates and Public Key Infrastructure (PKI). The feasibility of the proposed approach is also illustrated through a secure and privacy-preserving geofencing application. In summary, this method supports a low-power and secure point-to-point communication suitable not only for BLE beacon networks, but also for other IoT scenarios where data privacy is critical.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101762"},"PeriodicalIF":7.6000,"publicationDate":"2025-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525002756","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Bluetooth Low Energy (BLE) is a wireless technology designed for creating personal area networks in low-power applications. In the context of BLE, Beacon devices are widely used to transmit small packets of data with unique identifiers at regular intervals to be detected by surrounding devices. These devices enable a wide range of applications, including indoor navigation, marketing, and asset tracking. However, BLE Beacons suffer from multiple security issues and privacy concerns since the transmissions are unencrypted and do not include authentication mechanisms. While many implementations try to provide security to the Beacons packet, they often rely on external servers, static keys, synchronization for key derivation, or use difficult to maintain and to operate Public Key Infrastructure (PKI). In this work, we propose a solution to enhance Beacon security through the integration of Secure Elements (SEs), establishing a Root of Trust. Our approach is based on the over-the-air activation of the BLE beacons incorporating an authentication mechanism and a key derivation technique to safeguard privacy and data integrity in the communication. We demonstrate that this implementation incurs minimal delays and power consumption compared to traditional Beacons while avoiding the added complexity of solutions based on Certificates and Public Key Infrastructure (PKI). The feasibility of the proposed approach is also illustrated through a secure and privacy-preserving geofencing application. In summary, this method supports a low-power and secure point-to-point communication suitable not only for BLE beacon networks, but also for other IoT scenarios where data privacy is critical.

查看原文本刊更多论文

将硬件安全模块集成到BLE信标中：基础知识和在安全和私人地理围栏应用中的使用

低功耗蓝牙（BLE）是一种用于在低功耗应用中创建个人区域网络的无线技术。在BLE环境下，信标设备被广泛用于定期传输具有唯一标识符的小数据包，以供周围设备检测。这些设备支持广泛的应用，包括室内导航、营销和资产跟踪。然而，由于传输未加密且不包含身份验证机制，BLE beacon存在多种安全问题和隐私问题。虽然许多实现尝试为Beacons包提供安全性，但它们通常依赖于外部服务器、静态密钥、密钥派生的同步，或者使用难以维护和操作的公钥基础设施（PKI）。在这项工作中，我们提出了一种解决方案，通过集成安全元素（se）来增强信标安全性，建立信任根。我们的方法是基于无线激活的BLE信标，结合认证机制和密钥派生技术，以保护通信中的隐私和数据完整性。我们证明，与传统信标相比，这种实现产生的延迟和功耗最小，同时避免了基于证书和公钥基础设施（PKI）的解决方案增加的复杂性。通过一个安全且保护隐私的地理围栏应用程序说明了所提出方法的可行性。总之，这种方法支持低功耗和安全的点对点通信，不仅适用于BLE信标网络，也适用于其他对数据隐私至关重要的物联网场景。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.