Abstract
A BLE beacon is a small electronic device that has recently been proposed as a building block to construct an infrastructure supporting emerging smart applications. However, due to its simple communication protocol architecture, which broadcasts a static payload, a BLE beacon-based infrastructure is vulnerable to different types of abuses and attacks, in particular free-riding and device spoofing. Many beacon manufacturers propose dynamically randomizing beacon advertisement packets at the device firmware level as a solution. However, this approach is difficult to implement for already deployed beacon nodes as it requires a firmware update on each device. To alleviate these drawbacks, a crowd-assisted architecture for securing BLE beacons is proposed in this paper. A detailed architecture is presented along with experimental results and an implementation to demonstrate its feasibility. It is found that the beacon ID can be changed by user's mobile phone within a 20 m range with probability of almost 100% under both stationary and mobile conditions.