Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security Protocols

Security Protocols 2005: Security Protocols pp 31–45Cite as

Repairing the Bluetooth Pairing Protocol

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4631))

Abstract

We implement and demonstrate a passive attack on the Bluetooth authentication protocol used to connect two devices to each other. Using a protocol analyzer and a brute-force attack on the PIN, we recover the link key shared by two devices. With this secret we can then decrypt any encrypted traffic between the devices as well as, potentially, impersonate the devices to each other. We then implement an alternative pairing protocol that is more robust against passive attacks and against active man-in-the-middle attacks. The price of the added security offered by the new protocol is its use of asymmetric cryptography, traditionally considered infeasible on handheld devices. We show that an implementation based on elliptic curves is well within the possibility of a modern handphone and has negligible effects on speed and user experience.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R., Lomas, M.: Fortifying key negotiation schemes with poorly chosen passwords. Electronics Letters 30(13), 1040–1041 (1994)

    Article  Google Scholar 

  2. Bellovin, S.M., Meritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 72–74. IEEE Computer Society Press, Los Alamitos (1992)

    Chapter  Google Scholar 

  3. Bellovin, S.M., Meritt, M.: Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 244–250. ACM Press, New York (1993)

    Chapter  Google Scholar 

  4. Bluetooth SIG Security Experts Group. Bluetooth Security White Paper, 1.0 (April 2002)

    Google Scholar 

  5. Bluetooth Special Interest Group. Bluetooth specification volume 1 part b baseband specification. Specifications of the Bluetooth System, 1.1 (February 2001)

    Google Scholar 

  6. Bluetooth Special Interest Group. Bluetooth specification volume 2 part h security specification. Specification of the Bluetooth System, 1.2 (November 2003)

    Google Scholar 

  7. Boyko, V., Mackenzie, P., Patel, S.: Provably secure password authentication and key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  8. Certicom Corp. SEC 2: Recommended Elliptic Curve Domain Parameters, 1.0 (September 2000)

    Google Scholar 

  9. Gehrmann, C., Nyberg, K.: Enhancements to bluetooth baseband security. In: Proceedings of Nordsec 2001 (November 2001)

    Google Scholar 

  10. Gong, L., Lomas, M., Needham, R., Saltzer, J.: Protecting poorly chosen secrets from guessing attacks. IEEE Journal on Selected Areas in Communications 11(5), 648–656 (1993)

    Article  Google Scholar 

  11. Jablon, D.: Strong password-only authenticated key exchange. Computer Communication Review 26(5), 5–26 (1996)

    Article  Google Scholar 

  12. Jablon, D.: Extended password key exchange protocols immune to dictionary attack. In: Proceedings of the Sixth Workshops on Enabling Technologies: Infrastructure for Collaborative Engineering, vol. 11, pp. 248–255 (June 1997)

    Google Scholar 

  13. Jakobsson, M., Wetzel, S.: Security weaknesses in bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, Springer, Heidelberg (2001)

    Google Scholar 

  14. Kwon, T.: Authentication and key agreement via memorable password. Contribution to the IEEE P1363 study group for Future PKC Standards (2000)

    Google Scholar 

  15. Kwon, T.: Authentication and key agreement via memorable password. In: ISOC Network and Distributed System Security Symposium (February 2001)

    Google Scholar 

  16. Kwon, T.: Summary of amp (authentication and key agreement via memorable passwords) (August 2003)

    Google Scholar 

  17. Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. Journal of Cryptology 14, 255–293 (2001)

    MATH  MathSciNet  Google Scholar 

  18. Lenstra, A.K.: Further progress in hashing cryptanalysis (February 2005)

    Google Scholar 

  19. Shamus Software Ltd. Multiprecision Integer and Rational Arithmetic C/C++ Library

    Google Scholar 

  20. MacKenzie, P.: On the Security of the SPEKE Password-Authenticated Key Agreement Protocol (July 2001)

    Google Scholar 

  21. Mackenzie, P.: More efficient password-authenticated key exchange. In: RSA Conference, Cryptographer’s Track, pp. 361–377 (2001)

    Google Scholar 

  22. Massey, J., Khachatrian, G., Kuregian, M.: Nomination of safer+ as candidate algorithm for the advanced encryption standard. In: Proceedings of the 1st AES Candidate Conference (1998)

    Google Scholar 

  23. Miller, G.A.: The magic number seven, plus or minus two: Some limits on our capacity for processing information. Psychological Review 63, 81–97 (1956)

    Article  Google Scholar 

  24. Mobiwave. Bluetooth Protocol Analyzer BPA-D10

    Google Scholar 

  25. IEEE P, Standard Specifications For Public-Key Cryptography (1363)

    Google Scholar 

  26. Patel, S.: Number theoretic attacks on secure password schemes. In: Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, pp. 236–247. IEEE Computer Society Press, Los Alamitos (1997)

    Google Scholar 

  27. Ritvanen, K., Nyberg, K.: Upgrade of bluetooth encryption and key replay attack. In: 9th Nordic Workshop on Secure-IT Systems (November 2004)

    Google Scholar 

  28. Roe, M., Christianson, B., Wheeler, D.: Secure sessions from weak secrets. Technical report from University of Cambridge and University of Hertfordshire (1998)

    Google Scholar 

  29. Shaked, Y., Wool, A.: Cracking the bluetooth pin. In: 3rd USENIX/ACM Conf. Mobile Systems, Applications, and Services (MobiSys), pp. 39–50 (June 2005)

    Google Scholar 

  30. Stajano, F., Anderson, R.: The resurrecting duckling — security issues for ad-hoc wireless networks. In: Proceedings of the 7th International Workshop on Security Protocols (1999)

    Google Scholar 

  31. Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full sha-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)

    Google Scholar 

  32. Wu, T.: The secure remote password protocol. In: Proceedings of 1998 Internet Society Symposium on Network and Distributed System Security, pp. 97–111 (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Cambridge, Computer Laboratory,  

    Ford-Long Wong, Frank Stajano & Jolyon Clulow

Authors
  1. Ford-Long Wong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frank Stajano
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jolyon Clulow
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Bruce Christianson Bruno Crispo James A. Malcolm Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wong, FL., Stajano, F., Clulow, J. (2007). Repairing the Bluetooth Pairing Protocol. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2005. Lecture Notes in Computer Science, vol 4631. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77156-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77156-2_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77155-5

  • Online ISBN: 978-3-540-77156-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation