The recently released Bluetooth 5.1 specification introduces fine-grained positioning capabilities in this wireless technology, which is deemed essential to context-/location-based Internet of Things (IoT) applications. In this paper, we evaluate experimentally, for the first time, the accuracy of a positioning system based on the Angle of Arrival (AoA) mechanism adopted by the Bluetooth standard. We first scrutinize the fidelity of angular detection and then assess the feasibility of using angle information from multiple fixed receivers to determine the position of a device. Our results reveal that angular detection is limited to a restricted range. On the other hand, even in a simple deployment with only two antennas per receiver, the AoA-based positioning technique can achieve sub-meter accuracy; yet attaining localization within a few centimeters remains a difficult endeavor. We then demonstrate that a malicious device may be able to easily alter the truthfulness of the measured AoA, by tampering with the packet structure. To counter this protocol weakness, we propose simple remedies that are missing in the standard, but which can be adopted with little effort by manufacturers, to secure the Bluetooth 5.1 positioning system.

Dead on arrival: An empirical study of the Bluetooth 5.1 positioning system

Cominelli M.;
2019-01-01

Abstract

The recently released Bluetooth 5.1 specification introduces fine-grained positioning capabilities in this wireless technology, which is deemed essential to context-/location-based Internet of Things (IoT) applications. In this paper, we evaluate experimentally, for the first time, the accuracy of a positioning system based on the Angle of Arrival (AoA) mechanism adopted by the Bluetooth standard. We first scrutinize the fidelity of angular detection and then assess the feasibility of using angle information from multiple fixed receivers to determine the position of a device. Our results reveal that angular detection is limited to a restricted range. On the other hand, even in a simple deployment with only two antennas per receiver, the AoA-based positioning technique can achieve sub-meter accuracy; yet attaining localization within a few centimeters remains a difficult endeavor. We then demonstrate that a malicious device may be able to easily alter the truthfulness of the measured AoA, by tampering with the packet structure. To counter this protocol weakness, we propose simple remedies that are missing in the standard, but which can be adopted with little effort by manufacturers, to secure the Bluetooth 5.1 positioning system.
2019
Proceedings of the Annual International Conference on Mobile Computing and Networking, MOBICOM
File in questo prodotto:
File Dimensione Formato  
postprint.pdf

Accesso riservato

: Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione 699.39 kB
Formato Adobe PDF
699.39 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/1264924
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 63
  • ???jsp.display-item.citation.isi??? ND
social impact