Evaluating the impact of malicious spoofing attacks on Bluetooth low energy based occupancy detection systems

Occupancy detection of a building has a wide range of applications. Areas such as emergency management, home automation and building energy management can benefit from the knowledge of occupants' locations to provide better results and improve their efficiency. Bluetooth Low Energy (BLE) beacons installed inside a building are able to provide information on an occupant's location. Since, however, their operation is based on broadcasting advertisements, they are vulnerable to network security breaches. In this work, we evaluate the effect of two types of spoofing attacks on a BLE based occupancy detection system. The system is composed of BLE beacons installed inside the building, a mobile application installed on occupants mobile phones and a remote control server. Occupancy detection is performed by a classifier installed on the remote server. We use our real-world experimental results to evaluate the impact of these attacks on the system's operation, particularly in terms of the accuracy with which it can provide location information.