{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T19:12:25Z","timestamp":1760209945063,"version":"build-2065373602"},"reference-count":29,"publisher":"MDPI AG","issue":"10","license":[{"start":{"date-parts":[[2017,10,14]],"date-time":"2017-10-14T00:00:00Z","timestamp":1507939200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100004663","name":"Ministry of Science and Technology, Taiwan","doi-asserted-by":"publisher","award":["Grant MOST 105-2221-E-259-014-MY3","Grant MOST 105-2221-E-011-070-MY3","Grant MOST 105-2221-E-011-079-MY3","Grant MOST 106-3114-E-011-003"],"award-info":[{"award-number":["Grant MOST 105-2221-E-259-014-MY3","Grant MOST 105-2221-E-011-070-MY3","Grant MOST 105-2221-E-011-079-MY3","Grant MOST 106-3114-E-011-003"]}],"id":[{"id":"10.13039\/501100004663","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Bluetooth Low Energy (BLE) has emerged as one of the most promising technologies to enable the Internet-of-Things (IoT) paradigm. In BLE-based IoT applications, e.g., wearables-oriented service applications, the Bluetooth MAC addresses of devices will be swapped for device pairings. The random address technique is adopted to prevent malicious users from tracking the victim\u2019s devices with stationary Bluetooth MAC addresses and accordingly the device privacy can be preserved. However, there exists a tradeoff between privacy and security in the random address technique. That is, when device pairing is launched and one device cannot actually identify another one with addresses, it provides an opportunity for malicious users to break the system security via impersonation attacks. Hence, using random addresses may lead to higher security risks. In this study, we point out the potential risk of using random address technique and then present critical security requirements for BLE-based IoT applications. To fulfill the claimed requirements, we present a privacy-aware mechanism, which is based on elliptic curve cryptography, for secure communication and access-control among BLE-based IoT objects. Moreover, to ensure the security of smartphone application associated with BLE-based IoT objects, we construct a Smart Contract-based Investigation Report Management framework (SCIRM) which enables smartphone application users to obtain security inspection reports of BLE-based applications of interest with smart contracts.<\/jats:p>","DOI":"10.3390\/s17102348","type":"journal-article","created":{"date-parts":[[2017,10,16]],"date-time":"2017-10-16T11:11:09Z","timestamp":1508152269000},"page":"2348","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Toward a Robust Security Paradigm for Bluetooth Low Energy-Based Smart Objects in the Internet-of-Things"],"prefix":"10.3390","volume":"17","author":[{"given":"Shi-Cho","family":"Cha","sequence":"first","affiliation":[{"name":"Department of Information Management, National Taiwan University of Science and Technology, Taipei 10607, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0598-761X","authenticated-orcid":false,"given":"Kuo-Hui","family":"Yeh","sequence":"additional","affiliation":[{"name":"Department of Information Management, National Dong Hwa University, Hualien 97401, Taiwan"}]},{"given":"Jyun-Fu","family":"Chen","sequence":"additional","affiliation":[{"name":"Department of Information Management, National Taiwan University of Science and Technology, Taipei 10607, Taiwan"}]}],"member":"1968","published-online":{"date-parts":[[2017,10,14]]},"reference":[{"key":"ref_1","unstructured":"Android Developer Website (2017, October 12). Android 6.0 Changes. Available online: https:\/\/developer.android.com\/about\/versions\/marshmallow\/android-6.0-changes.html."},{"key":"ref_2","unstructured":"Bluetooth SIG (2017, October 12). Specification of Bluetooth System Core Package 4.2. Available online: https:\/\/www.bluetooth.com\/specifications\/adopted-specifications."},{"key":"ref_3","unstructured":"Gupta, N. (2013). Inside Bluetooth Low Energy, Artech House."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Cha, S.-C., Dai, C.-Y., and Chen, J.-F. (2016, January 11\u201314). Is there a tradeoff between privacy and security in BLE-based IoT applications: Using a smart vehicle of a major Taiwanese brand as example?. Proceedings of the 2016 IEEE 5th Global Conference on Consumer Electronics (GCCE 2016), Kyoto, Japan.","DOI":"10.1109\/GCCE.2016.7800552"},{"key":"ref_5","unstructured":"(2017, October 05). Gogoro Smart Scooters. Available online: https:\/\/www.gogoro.com\/tw\/."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Jara, A.J., Zamora, M.A., and Skarmeta, A.F. (2012, January 25\u201327). Knowledge acquisition and management architecture for mobile and personal Health environments based on the Internet of Things. Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Liverpool, UK.","DOI":"10.1109\/TrustCom.2012.194"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Berhanu, Y., Abie, H., and Hamdi, M. (2013, January 8\u201312). A Test bed for Adaptive Security for IoT in eHealth. Proceedings of the International Workshop on Adaptive Security, Zurich, Switzerland.","DOI":"10.1145\/2523501.2523506"},{"key":"ref_8","unstructured":"(2017, October 12). ASSET Project. Available online: http:\/\/asset.nr.no."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Torjusen, A.B., Abie, H., Paintsil, E., Trcek, D., and Skomedal, \u00c5. (2014, January 25\u201329). Towards Run-Time Verification of Adaptive Security for IOT in eHealth. Proceedings of the 2014 European Conference on Software Architecture Workshops, Vienna, Austria.","DOI":"10.1145\/2642803.2642807"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1368","DOI":"10.1109\/JSEN.2015.2502401","article-title":"BSN-Care: A Secure IoT-Based Modern Healthcare System Using Body Sensor Network","volume":"16","author":"Gope","year":"2016","journal-title":"IEEE Sens. J."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"5340","DOI":"10.1109\/JSEN.2015.2441113","article-title":"Untraceable Sensor Movement in Distributed IoT Infrastructure","volume":"15","author":"Gope","year":"2015","journal-title":"IEEE Sens. J."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"3693","DOI":"10.1109\/JSEN.2013.2266116","article-title":"A Lightweight Multicast Authentication Mechanism for Small Scale IoT Applications","volume":"13","author":"Yao","year":"2013","journal-title":"IEEE Sens. J."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Nyberg, K. (1996, January 21\u201323). Fast accumulated hashing. Proceedings of the 3rdFast Software Encryption Workshop, Cambridge, UK.","DOI":"10.1007\/3-540-60865-6_45"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"657","DOI":"10.1109\/TPDS.2014.2311791","article-title":"Aggregated-proof Based Hierarchical Authentication Scheme for the Internet of Things","volume":"26","author":"Ning","year":"2015","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"690","DOI":"10.1109\/JSAC.2015.2393436","article-title":"Toward a Lightweight Authentication and Authorization Framework for Smart Objects","volume":"33","author":"Pawlowski","year":"2015","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"1403","DOI":"10.1109\/JSYST.2015.2456878","article-title":"Effectively Collecting Data for the Location-Based Authentication in Internet of Things","volume":"11","author":"Kawamoto","year":"2017","journal-title":"IEEE Sys. J."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1224","DOI":"10.1109\/JSEN.2014.2361406","article-title":"IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios","volume":"15","author":"Cirani","year":"2015","journal-title":"IEEE Sens. J."},{"key":"ref_18","unstructured":"Fawaz, K., Kim, K.-H., and Shin, K.G. (2016, January 10\u201312). Protecting Privacy of BLE Device Users. Proceedings of the 25th USENIX Security Symposium, Austin, TX, USA."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1016\/j.is.2016.05.004","article-title":"AUPS: An Open Source AUthenticated Publish\/Subscribe system for the Internet of Things","volume":"62","author":"Rizzardi","year":"2016","journal-title":"Inf. Syst."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"603","DOI":"10.1145\/2829988.2790021","article-title":"Federated end-to-end authentication for the constrained internet of things using ibc and ecc","volume":"45","author":"Markmann","year":"2015","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Pointcheval, D., and Stern, J. (1996, January 12\u201316). Security Proofs for Signature Schemes. Proceedings of the EUROCRYPT \u201996 (LNCS 1070), Zaragoza, Spain.","DOI":"10.1007\/3-540-68339-9_33"},{"key":"ref_22","unstructured":"(2017, May 12). The Bouncy Castle Crypto APIs. Available online: https:\/\/www.bouncycastle.org\/."},{"key":"ref_23","unstructured":"(2017, June 30). European Union Agency for Network and Information Security (ENISA). Available online: https:\/\/www.enisa.europa.eu\/publications\/smartphonesecuredevelopment-guidelines2016."},{"key":"ref_24","unstructured":"(2017, October 12). Taiwan IDB (Industrial Development Bureau), Available online: https:\/\/www.moeaidb.gov.tw\/external\/ctlr?PRO=index&lang=1."},{"key":"ref_25","unstructured":"Quirolgico, S., Voas, J., Karygiannis, T., Michael, C., and Scarfone, K. (2017, October 12). Vetting the Security of Mobile Applications, Available online: http:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-163.pdf."},{"key":"ref_26","unstructured":"Mueller, B. (2017, October 12). Mobile Application Security Verification Standard (MASVS) 0.9.4. Available online: https:\/\/www.owasp.org\/images\/6\/61\/MASVS_v0.9.4.pdf."},{"key":"ref_27","unstructured":"Taiwan Industrial Development Bureau (IDB) (2017, October 12). Self-Regulatory Mobile App Functional Security Certification v3.0, Available online: https:\/\/www.moeaidb.gov.tw\/external\/en.html."},{"key":"ref_28","unstructured":"(2017, October 10). Accreditation Program for Mobile Application Basic Security Evaluation Laboratories 0263, 2918, 3016, 3102, 3302, 3325, 3334. Available online: http:\/\/www.taftw.org.tw\/wSite\/taf\/list_expansion_special.jsp."},{"key":"ref_29","unstructured":"(2017, June 30). Ethereum Blockchain System. Available online: https:\/\/www.ethereum.org\/."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/17\/10\/2348\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T18:47:20Z","timestamp":1760208440000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/17\/10\/2348"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,14]]},"references-count":29,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2017,10]]}},"alternative-id":["s17102348"],"URL":"https:\/\/doi.org\/10.3390\/s17102348","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2017,10,14]]}}}