CRAWDAD toronto/bluetooth

Citation Author(s):
Jing
Su
University of Toronto
Stefan
Saroiu
University of Toronto
Submitted by:
CRAWDAD Team
Last updated:
Wed, 11/11/2009 - 08:00
DOI:
10.15783/C7901T
Data Format:
License:
88 Views
Categories:
Keywords:
0
0 ratings - Please login to submit your rating.

Abstract 

To investigate whether a large-scale Bluetooth worm outbreak is viable in practice, we conducted controlled experiments and we gathered traces of Bluetooth activity in different urban environments to determine the feasibility of a worm infection 

date/time of measurement start: 2005-11-16

date/time of measurement end: 2005-11-26 

collection environment: Even if a worm could exploit a security vulnerability in the Bluetooth protocol to replicate itself, a large-scale Bluetooth worm outbreak might never develop. If vulnerable Bluetooth devices are few and far between, and most inter-device contacts are short, a worm might never reach many victims. In this case, the threat of a largescale Bluetooth worm infection is minimal. To investigate these questions, we examined whether a large-scale Bluetooth worm outbreak is viable in practice. For this, we collected traces of Bluetooth activity and conducted controlled experiments in a Bluetooth environment.

network configuration: We used Palm Tungsten T PDAs having 16MB of RAM with PalmOS version 5.0 to scan for Bluetooth devices. The Bluetooth radios of our PDAs are similar to the ones found in most commodity cell-phones: our empirical tests found that our PDAs' ranges are about 10 meters in an urban environment corresponding to the specifications presented on Palm's website. Because a Bluetooth inquiry is a power-intensive procedure, we used a total of eight scanners. Each device sends "inquiries" over its Bluetooth interface. Our inquiry rate is variable: we increase it when no devices are discovered, and we decrease it when others answer our probes. We issue inquiries at least once every 10 seconds but never more often than once every 3 seconds. This variable rate deals with congestion scenarios when several devices answer simultaneously.

data collection methodology: We collected three different traces of Bluetooth activity. Two of our traces are gathered inside Pacific Mall and Eaton Centre, two malls in Toronto, Canada. We gathered the third trace while riding the Toronto subway system. These three locations provide a broad coverage of different density and mobility characteristics one might find in various urban destinations. When collecting these traces, we had a behavior compatible to the environment we were scanning. For example, we were casually walking in the malls, we stopped briefly by their food courts, and we stood still while riding the subway. In this way, our data illustrates a scenario where an attacker behaves inconspicuously while launching a Bluetooth worm. We used two devices scanning simultaneously to collect the Eaton Centre and the Subway traces. We used only one device to collect the Pacific Mall trace.

sanitization: We have anonymized the MAC addresses of the discovered devices.

Traceset

toronto/bluetooth/encountering 

Traceset of Bluetooth activity in different urban environment.

  • files: pacificMall.txt, eatonCenter.txt, subway.txt
  • description: Traceset of Bluetooth activity in three different locations which have different density and mobility characteristics one might find in various urban destinations.
  • measurement purpose: Network Security, Computer Malware (Worms) Investigation
  • methodology: We collected three different traces of Bluetooth activity. Two of our traces are gathered inside Pacific Mall and Eaton Centre, two malls in Toronto, Canada. We gathered the third trace while riding the Toronto subway system. These three locations provide a broad coverage of different density and mobility characteristics one might find in various urban destinations.
  • sanitization: if the same foreign device answers multiple consecutive Bluetooth inquiries except one, we "patch" the missed Bluetooth inquiry, pretending the device answered the inquiry. If the foreign device misses two consecutive Bluetooth inquiries, we do not "patch" the encounter. We have anonymized the MAC addresses of the discovered devices. We preserved the first three octets of the original MAC address, however we have generated random three octets for the last three octects of the MAC address. In short: anonymized_MAC = first_3_octets(orig_MAC) + random_3_octets

toronto/bluetooth/encountering Traces

  • pacificMall: Trace of Bluetooth activity in Pacific Mall, a mall in Toronto, Canada
    • configuration: Each line in the file corresponds to one "encountering", where one of our scanners encountered a foreign Bluetooth device. One encounter is a sequence of several (one or more) consecutive successful Bluetooth inquiries. Each encounter has a start time (the time of the first Bluetooth inquiry answered by the encountered device) and an end time (the time of the last Bluetooth inquiry answered by the encountered device.)
    • format:  Here's a breakdown of the format, column by column:

1. 32-bit timestamp: the encounter start time.

2. same timestamp as per #1, but in a human readable format

3. 32-bit timestamp: the encounter end time

4. same timestamp as per #3, but in a human readable format

5. location (one of EATON_CENTER, PACIFIC_MALL, or SUBWAY).

6. scanner ID

7. anonymized MAC address of foreign Bluetooth device encountered.

8. type of Bluetooth device

9. manufacturer of Bluetooth device

  • eatonCenter: Trace of Bluetooth activity in Eaton Centre, a mall in Toronto, Canada.
    • configuration: Each line in the file corresponds to one "encountering", where one of our scanners encountered a foreign Bluetooth device. One encounter is a sequence of several (one or more) consecutive successful Bluetooth inquiries. Each encounter has a start time (the time of the first Bluetooth inquiry answered by the encountered device) and an end time (the time of the last Bluetooth inquiry answered by the encountered device.)
    • format: Here's a breakdown of the format, column by column:

1. 32-bit timestamp: the encounter start time.

2. same timestamp as per #1, but in a human readable format

3. 32-bit timestamp: the encounter end time

4. same timestamp as per #3, but in a human readable format

5. location (one of EATON_CENTER, PACIFIC_MALL, or SUBWAY).

6. scanner ID

7. anonymized MAC address of foreign Bluetooth device encountered.

8. type of Bluetooth device

9. manufacturer of Bluetooth device

  • subway: Trace of Bluetooth activity gathered while riding the Toronto subway system.
    • configuration: Each line in the file corresponds to one "encountering", where one of our scanners encountered a foreign Bluetooth device. One encounter is a sequence of several (one or more) consecutive successful Bluetooth inquiries. Each encounter has a start time (the time of the first Bluetooth inquiry answered by the encountered device) and an end time (the time of the last Bluetooth inquiry answered by the encountered device.)
    • format: Here's a breakdown of the format, column by column:

1. 32-bit timestamp: the encounter start time.

2. same timestamp as per #1, but in a human readable format

3. 32-bit timestamp: the encounter end time

4. same timestamp as per #3, but in a human readable format

5. location (one of EATON_CENTER, PACIFIC_MALL, or SUBWAY).

6. scanner ID

7. anonymized MAC address of foreign Bluetooth device encountered.

8. type of Bluetooth device

9. manufacturer of Bluetooth device

toronto/bluetooth/controlled

  • files: bluetooth_traces.tar.gz, xfers.txt, controlled.txt
  • description: Traceset of controlled experiments for Bluetooth activity.
  • measurement purpose: Network Security, Computer Malware (Worms) Investigation
  • methodology: We conducted two controlled experiments as follows:

1. toronto/bluetooth/controlled/xfers

We measured the throughput and the failure rate of transmissions between two devices we controlled. We transfered a 256KB file between two devices placed apart at different the throughput and the failure rate of transmissions between two devices we controlled. We transfered a 256KB file between two devices placed apart at different

2. toronto/bluetooth/controlled/moving

We also conducted the controlled experiments of communicating over Bluetooth between two devices when only one is moving.

toronto/bluetooth/controlled Traces

  • xfers: Trace of measurement of Bluetooth transfers performed in different environments.
    • configuration: This trace contains the measurements of Bluetooth transfers performed in different environments. We measured how long it took to transfer 256KB between two stationary Bluetooth devices while they are K feet apart (for K between 0 and 25).
    • format: Here's a breakdown of the format, column by column:


This is a breakdown of the file's format, column by column:

1. inter-device distance in feet

2. data successfully transfered (out of 256032 bytes)

3. duration of transfer (in seconds)

  • movingTrace of measurements of Bluetooth transfer performed in a controlled environment (our lab).
    • configuration: We conducted controlled experiments to determine whether walking can prevent a person's device from becoming infected. We placed one device on a wall at a T-junction hallway, while a person carried another device pacing themselves at a constant speed. The mobile device first issued inquiry requests. Once the stationary device is discovered, the mobile device transmitted a file. We performed several experiments. We set the size of the file at 500 bytes and at 25KB. We moved the mobile device at a speed of 1 m/s, corresponding to a typical walking speed, and 2 m/s, to approximate the relative speed of two people walking in opposite directions. Each experiment is repeated five times. We chose the T-junction hallway because it combines both line-of-sight and obstructed inter-device transmissions. There are five trials for each setting of moving device's speed and transfer data (except when we are transffering 25KB and the device is moving at 2m/s; in this case, we only have four successful trials.)
    • format: 

1. moving device's speed (in meters per second)

2. transfer size in KB

3. time elapsed until target is discovered (in seconds)

4. time elapsed until an ACL connection is established

5. time elapsed until an L2CAP socket is setup

6. time elapsed to complete (and ACK) data transmission

Instructions: 

The files in this directory are a CRAWDAD dataset hosted by IEEE DataPort. 

About CRAWDAD: the Community Resource for Archiving Wireless Data At Dartmouth is a data resource for the research community interested in wireless networks and mobile computing. 

CRAWDAD was founded at Dartmouth College in 2004, led by Tristan Henderson, David Kotz, and Chris McDonald. CRAWDAD datasets are hosted by IEEE DataPort as of November 2022. 

Note: Please use the Data in an ethical and responsible way with the aim of doing no harm to any person or entity for the benefit of society at large. Please respect the privacy of any human subjects whose wireless-network activity is captured by the Data and comply with all applicable laws, including without limitation such applicable laws pertaining to the protection of personal information, security of data, and data breaches. Please do not apply, adapt or develop algorithms for the extraction of the true identity of users and other information of a personal nature, which might constitute personally identifiable information or protected health information under any such applicable laws. Do not publish or otherwise disclose to any other person or entity any information that constitutes personally identifiable information or protected health information under any such applicable laws derived from the Data through manual or automated techniques. 

Please acknowledge the source of the Data in any publications or presentations reporting use of this Data. 

Citation:

Jing Su, Stefan Saroiu, toronto/bluetooth, https://doi.org/10.15783/C7901T , Date: 20060829

Dataset Files

LOGIN TO ACCESS DATASET FILES
Open Access dataset files are accessible to all logged in  users. Don't have a login?  Create a free IEEE account.  IEEE Membership is not required.

Documentation

AttachmentSize
File toronto-bluetooth-readme.txt1.57 KB

These datasets are part of Community Resource for Archiving Wireless Data (CRAWDAD). CRAWDAD began in 2004 at Dartmouth College as a place to share wireless network data with the research community. Its purpose was to enable access to data from real networks and real mobile users at a time when collecting such data was challenging and expensive. The archive has continued to grow since its inception, and starting in summer 2022 is being housed on IEEE DataPort.

Questions about CRAWDAD? See our CRAWDAD FAQ. Interested in submitting your dataset to the CRAWDAD collection? Get started, by submitting an Open Access Dataset.