A secure framework for at risk populations in austere environments utilizing Bluetooth Mesh communications
Austere environments are defined by the US Military as those regularly experiencing significant environmental hazards, have limited access to reliable electricity, or require prolonged use of body armor or chemical protection equipment. We propose that in modern society, this definition can extend also to telecommunications infrastructure, areas where an active adversary controls the telecommunications infrastructure and works against the people such as protest areas in Iran, Russia, and China or areas experiencing conflict and war such as Eastern Ukraine. People in these austere environments need basic text communications and the ability to share simple media like low resolution pictures. This communication is complicated by the adversaries’ capabilities as a potential nation-state actor. To address this, Low Earth Orbit satellite clusters, like Starlink, can be used to exfiltrate communications completely independent of local infrastructure. This, however, creates another issue as these satellite ground terminals are not inherently designed to support many users over a large area. Traditional means of extending this connectivity create both power and security concerns. We propose that Bluetooth Mesh can be used to extend connectivity and provide communications.
Bluetooth Mesh provides a low signal footprint to reduce the risk of detection, blends into existent signals within the 2.4ghz spectrum, has security aspects in the specification, and devices can utilize small batteries maintaining a covert form factor. To realize this security enhancements must be made to both the provisioning process of the Bluetooth Mesh network and a key management scheme that ensures the regular and secure changing of keys either in response to an adversary’s action or as a prevention of an adversary’s action must be implemented. We propose a provisioning process using whitelists on both provisioner and device and uses attestation for passwords allowing devices to be provisioned on deployment to protect the at-risk population and prevent BlueMirror attacks. We also propose, implement, and measure the impact of an automated key exchange that meets the Bluetooth Mesh 3 phase specification. Our experimentation, in a field environment, shows that Bluetooth Mesh has the throughput, reliability and security to meet the requirements of at-risk populations in austere environments.