Repairing the bluetooth pairing protocol

Authors:
Ford-Long Wong;Frank Stajano;Jolyon Clulow
Affiliations:
University of Cambridge, Computer Laboratory;University of Cambridge, Computer Laboratory;University of Cambridge, Computer Laboratory
Venue:
Proceedings of the 13th international conference on Security protocols
Year:
2005

Citing 11
Cited 5

Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Strong password-only authenticated key exchange

ACM SIGCOMM Computer Communication Review
Security Weaknesses in Bluetooth

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
More Efficient Password-Authenticated Key Exchange

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Extended Password Key Exchange Protocols Immune to Dictionary Attacks

WET-ICE '97 Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks

Proceedings of the 7th International Workshop on Security Protocols
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Number theoretic attacks on secure password schemes

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Cracking the Bluetooth PIN

Proceedings of the 3rd international conference on Mobile systems, applications, and services
Provably secure password-authenticated key exchange using Diffie-Hellman

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology

Security issues in m-government

International Journal of Electronic Security and Digital Forensics
Revisiting Bluetooth Security (Short Paper)

ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
The Martini Synch: joint fuzzy hashing via error correction

ESAS'07 Proceedings of the 4th European conference on Security and privacy in ad-hoc and sensor networks
Building a dark piconet upon bluetooth interfaces of computers

MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Location privacy in bluetooth

ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

We implement and demonstrate a passive attack on the Bluetooth authentication protocol used to connect two devices to each other. Using a protocol analyzer and a brute-force attack on the PIN, we recover the link key shared by two devices. With this secret we can then decrypt any encrypted traffic between the devices as well as, potentially, impersonate the devices to each other. We then implement an alternative pairing protocol that is more robust against passive attacks and against active man-in-the-middle attacks. The price of the added security offered by the new protocol is its use of asymmetric cryptography, traditionally considered infeasible on handheld devices. We show that an implementation based on elliptic curves is well within the possibility of a modern handphone and has negligible effects on speed and user experience.