CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
Security Weaknesses in Bluetooth
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
More Efficient Password-Authenticated Key Exchange
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Extended Password Key Exchange Protocols Immune to Dictionary Attacks
WET-ICE '97 Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
Proceedings of the 7th International Workshop on Security Protocols
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Number theoretic attacks on secure password schemes
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Proceedings of the 3rd international conference on Mobile systems, applications, and services
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Security issues in m-government
International Journal of Electronic Security and Digital Forensics
Revisiting Bluetooth Security (Short Paper)
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
The Martini Synch: joint fuzzy hashing via error correction
ESAS'07 Proceedings of the 4th European conference on Security and privacy in ad-hoc and sensor networks
Building a dark piconet upon bluetooth interfaces of computers
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks
Hi-index | 0.00 |
We implement and demonstrate a passive attack on the Bluetooth authentication protocol used to connect two devices to each other. Using a protocol analyzer and a brute-force attack on the PIN, we recover the link key shared by two devices. With this secret we can then decrypt any encrypted traffic between the devices as well as, potentially, impersonate the devices to each other. We then implement an alternative pairing protocol that is more robust against passive attacks and against active man-in-the-middle attacks. The price of the added security offered by the new protocol is its use of asymmetric cryptography, traditionally considered infeasible on handheld devices. We show that an implementation based on elliptic curves is well within the possibility of a modern handphone and has negligible effects on speed and user experience.