The growing adoption of smart bulbs has inadvertently introduced new security risks, as these devices leak sensitive information through both physical emissions and wireless traffic. This paper presents a mathematical formalization of two attack models–an optical covert channel and a Bluetooth Low Energy (BLE) traffic eavesdropping attack–on commercially available smart bulbs. We model light intensity as a discrete-time signal and BLE sessions as stochastic packet sequences, quantifying leakage using Shannon entropy and mutual information. Our experiments show that optical emissions significantly reduce the uncertainty of user commands, while BLE metadata analysis reconstructs fine-grained activity patterns, even under encryption. To mitigate these risks, we propose two lightweight defenses: Randomized Light Padding, which introduces timing jitter, dithering, and dummy transitions to disrupt optical repeatability, and Traffic Pattern Obfuscation, which injects dummy packets, randomizes transmission schedules, and normalizes packet sizes. Simulated results demonstrate that these countermeasures reduce optical signal-to-noise ratios, broaden timing distributions, and shrink attacker classification accuracy, lowering combined adversarial success probability from 0.855 to 0.261. By unifying formal models, empirical validation, and countermeasure evaluation, this work underscores the importance of layered defenses in IoT ecosystems and outlines practical pathways toward privacy-preserving smart environments.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

FORMAL-IoT: Formal Models and Adaptive Defense Methodology Against Optical and BLE Side-Channel Attacks on Smart IoT Devices

  • Arijit Kumar Tripathy,
  • Rajat Sadhukhan,
  • Biswajeet Sethi

摘要

The growing adoption of smart bulbs has inadvertently introduced new security risks, as these devices leak sensitive information through both physical emissions and wireless traffic. This paper presents a mathematical formalization of two attack models–an optical covert channel and a Bluetooth Low Energy (BLE) traffic eavesdropping attack–on commercially available smart bulbs. We model light intensity as a discrete-time signal and BLE sessions as stochastic packet sequences, quantifying leakage using Shannon entropy and mutual information. Our experiments show that optical emissions significantly reduce the uncertainty of user commands, while BLE metadata analysis reconstructs fine-grained activity patterns, even under encryption. To mitigate these risks, we propose two lightweight defenses: Randomized Light Padding, which introduces timing jitter, dithering, and dummy transitions to disrupt optical repeatability, and Traffic Pattern Obfuscation, which injects dummy packets, randomizes transmission schedules, and normalizes packet sizes. Simulated results demonstrate that these countermeasures reduce optical signal-to-noise ratios, broaden timing distributions, and shrink attacker classification accuracy, lowering combined adversarial success probability from 0.855 to 0.261. By unifying formal models, empirical validation, and countermeasure evaluation, this work underscores the importance of layered defenses in IoT ecosystems and outlines practical pathways toward privacy-preserving smart environments.