BACON: Improving Broadcast Audio Authentication
Bluetooth’s LE Audio, particularly broadcast audio, is at the forefront of becoming the de facto standard for immersive audio applications in public venues. Nevertheless, the security of the transmitted audio data is solely based on a passkey (Broadcast_Code) shared between all (including possibly malicious) receiver devices, leaving many envisaged applications vulnerable to impersonation as well as denial-of-service attacks. In order to address these vulnerabilities, we present BACON, a novel Bluetooth core specification-compliant mechanism for the authentication of Broadcast Isochronous Groups (BIGs). Authenticated BIGs are able to provide data authenticity for broadcast isochronous streams as well as control subevents used to disseminate control information to all receiver devices in the communication range. With BACON, we are the first to outline a mechanism that protects against attacks on broadcast audio applications while being small enough to fit on resource-constrained devices thanks to the underlying protocol’s lightweight symmetric cryptography.