SPADE: Secure Periodic Advertising using Coded Time-Channel Rendezvous for BLE Audio

Abstract

Periodic advertising is an extended advertisement mechanism introduced in Bluetooth 5.0 that broadcasts time-synchronized data to multiple scanners. It is an essential operation in Auracast, a Bluetooth Low Energy (BLE) audio broadcast mechanism newly defined in 2022, which enables audio sharing applications such as hearing aid and public announcement. However, its unencrypted metadata distribution and lack of authentication make it vulnerable to simple yet destructive attacks. In this work, we first show that a selective jammer can easily and significantly degrade the performance of periodic advertising by precisely jamming only the SYNC (auxiliary synchronize indicator) packets. Then to defend against this attack, we propose SPADE as a countermeasure, a secure periodic advertising scheme using coded time-channel rendezvous and feedback. In SPADE, the broadcaster assigns a Hamming- code based device-specific time-channel sequence to each scanner using short connections. Then, it receives light-weight feedback on repetitive packets from the scanners to discriminate the jammer and update new metadata to the scanners so that the jammer is rejected. We implement SPADE on real BLE devices, and evaluate through both experiments and simulations to show over 80 % PRR even under selective jamming attacks. © 2023 IEEE.