How to secure bluetooth-based pico networks

Authors:
Dennis K. Nilsson;Phillip A. Porras;Erland Jonsson
Affiliations:
Department of Computer Science and Engineering, Chalmers University of Technology, Gothenburg, Sweden;Computer Science Laboratory, SRI International, Menlo Park, CA;Department of Computer Science and Engineering, Chalmers University of Technology, Gothenburg, Sweden
Venue:
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
Year:
2007

Citing 4
Cited 1

Security Weaknesses in Bluetooth

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Bluetooth Security

Bluetooth Security
Cracking the Bluetooth PIN

Proceedings of the 3rd international conference on Mobile systems, applications, and services
A preliminary investigation of worm infections in a bluetooth environment

Proceedings of the 4th ACM workshop on Recurring malcode

Auxiliary channel Diffie-Hellman encrypted key-exchange authentication

Proceedings of the 5th International ICST Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness

Quantified Score

Hi-index	0.00

Visualization

Abstract

We have examined Bluetooth-based Pico-network (Piconet) applications in wireless computing and cellular devices and found an extensive number of "unexpected abuses", where the security expectations of the device owner can be violated. We have studied the underlying causes of such problems and found that many products lack the controls to administer these devices securely. We also observed cases where explicit security claims from the Bluetooth protocol are not satisfied. We classify a number of abuses and security violations as Bluetooth protocol design flaws, application-layer implementation errors or simply pitfalls in the security management. Using this classification we define a core set of requirements that would improve security significantly.