Integration of Hardware Security Modules into BLE Beacons: Fundamentals and Use in a Secure and Private Geofencing Application

Abstract

Bluetooth Low Energy (BLE) is a wireless technology designed for creating personal area networks in low-power applications. In the context of BLE, Beacon devices are widely used to transmit small packets of data with unique identifiers at regular intervals to be detected by surrounding devices. These devices enable a wide range of applications, including indoor navigation, marketing, and asset tracking. However, BLE Beacons suffer from multiple security issues and privacy concerns since the transmissions are unencrypted and do not include authentication mechanisms. While many implementations try to provide security to the Beacons packet, they often rely on external servers, static keys, synchronization for key derivation, or use difficult to maintain and to operate Public Key Infrastructure (PKI). In this work, we propose a solution to enhance Beacon security through the integration of Secure Elements (SEs), establishing a Root of Trust. Our approach is based on the over-the-air activation of the BLE beacons incorporating an authentication mechanism and a key derivation technique to safeguard privacy and data integrity in the communication. We demonstrate that this implementation incurs minimal delays and power consumption compared to traditional Beacons while avoiding the added complexity of solutions based on Certificates and Public Key Infrastructure (PKI). The feasibility of the proposed approach is also illustrated through a secure and privacy-preserving geofencing application. In summary, this method supports a low-power and secure point-to-point communication suitable not only for BLE beacon networks, but also for other IoT scenarios where data privacy is critical.