BlueID: A practical system for Bluetooth device identification

Despite the widespread use of Bluetooth technology, identity management of Bluetooth devices remains a significant challenge because the MAC address and name of Bluetooth device are easy to forge. In this paper, we present BlueID - a practical system that identifies Bluetooth devices by fingerprinting their clocks. Previous approaches to clock fingerprinting exclusively rely on the timestamps carried by packet headers, which can be easily spoofed by hacking the user-space device driver. In comparison, BlueID performs clock fingerprinting based on the temporal feature of Bluetooth frequency hopping, which is impossible to forge without a customized baseband. Due to the proprietary nature of chipset firmware that implements baseband on commodity Bluetooth devices, BlueID will significantly raise the bar of identity spoofing. Moreover, BlueID employs simple yet efficient techniques to detect and differentiate low power Bluetooth transmissions from a distance, making it suitable for mobile applications like energy efficient localization and tracking. BlueID is implemented on a low cost wireless development platform and extensively evaluated based on 56 commodity devices. We show that BlueID can detect Bluetooth radios from 100m away, and identify different devices with high accuracy, short delay, and low computational overhead. Although this paper focuses on Bluetooth, the design of BlueID is general and can be applied to other frequency hopping based wireless systems.