Managing Cybersecurity Break-ins Using Bluetooth Low Energy Devices to Verify Attackers: A Practical Study

We present a novel solution in tracking the behaviour of an attacker and limiting their ability to compromise a cybersecurity system. The solution is based on combining a decoy with a real system, in which a BLE controller will be embedded in the middle of the system, thereby acting like a fob that opens and closes the access of the server’s BLE. If the first server wants to communicate with the second server, the BLE must be activated by the BLE controller in order for both servers to communicate with one another. This is a relatively low-cost solution and our aim is to lower the interruption to the live system, capture the attacker’s position, and limit the damages the attacker can do to a live system. A second related goal is to lower the attacker’s opportunity to detect that they are being monitored. A third goal is to gather evidence of the attacker’s actions that can be used for further investigation. This work is significant in that it is implemented within a real physical system for testing and evaluation using Raspberry PI and Arduino boards to replicate servers that communicate wirelessly. Adding a specifically-designed Encryption Block Cycle Cipher can protect legitimate users and redirect attackers to a honeypot system. Several custom programs were written from scratch to monitor the attacker’s behaviour and Bluetooth Low Energy is enlisted to verify users. When the device was disassembled, all of the Raspberry PI, which run the Linux servers, were discontinued and unable to communicate with other devices.