In the era of the Internet of Things, Bluetooth low energy (BLE/BTLE) plays an important role as a well-known wireless communication technology. While the security and privacy of BLE have been analyzed and fixed several times, the threat of side-channel attacks to BLE devices is still not well understood. In this work, we highlight a side-channel threat to the re-keying protocol of BLE. This protocol uses a fixed long term key for generating session keys, and the leakage of the long term key could render the encryption of all the following (and previous) connections useless. Our attack exploits the side-channel leakage of the re-keying protocol when it is implemented on embedded devices. In particular, we present successful correlation electromagnetic analysis and deep learning based profiled analysis that recover long term keys of BLE devices. We evaluate our attack on an ARM Cortex-M4 processor (Nordic Semiconductor nRF52840) running Nimble, a popular open-source BLE stack. Our results demonstrate that the long term key can be recovered within only a small amount of electromagnetic traces. Further, we summarize the features and limitations of our attack, and suggest a range of countermeasures to prevent it.

在物联网时代，低功耗蓝牙（BLE/BTLE）作为众所周知的无线通信技术发挥着重要作用。尽管 BLE 的安全性和隐私性已被多次分析和修复，但侧信道攻击对 BLE 设备的威胁仍然没有得到很好的理解。在这项工作中，我们重点介绍了 BLE 密钥更新协议的侧信道威胁。该协议使用固定的长期密钥来生成会话密钥，长期密钥的泄漏可能会使所有后续（和先前）连接的加密变得毫无用处。当在嵌入式设备上实现时，我们的攻击利用了重新密钥协议的侧信道泄漏。特别是，我们展示了成功的相关电磁分析和基于深度学习的分析分析，可恢复 BLE 设备的长期密钥。我们评估了对运行 Nimble（一种流行的开源 BLE 堆栈）的 ARM Cortex-M4 处理器（Nordic Semiconductor nRF52840）的攻击。我们的结果表明，只需少量电磁痕迹即可恢复长期密钥。此外，我们总结了我们的攻击的特征和局限性，并提出了一系列防范措施。