On Bluetooth Repairing: Key Agreement Based on Symmetric-Key Cryptography

  • Serge Vaudenay
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3822)


Despite many good (secure) key agreement protocols based on public-key cryptography exist, secure associations between two wireless devices are often established using symmetric-key cryptography for cost reasons. The consequence is that common daily used security protocols such as Bluetooth pairing are insecure in the sense that an adversary can easily extract the main private key from the protocol communications. Nevertheless, we show that a feature in the Bluetooth standard provides a pragmatic and costless protocol that can eventually repair privateless associations, thanks to mobility. This proves (in the random oracle model) the pragmatic security of the Bluetooth pairing protocol when repairing is used.


Authentication Protocol Random Oracle Commitment Scheme Random Oracle Model Test Query 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Specification of the Bluetooth System. Core System Package. Bluetooth Specification version 1.2 vol. 2 (2003)Google Scholar
  2. 2.
    Specification of the Bluetooth System. Bluetooth Specification version 2.0 (2004)Google Scholar
  3. 3.
    Abdalla, M., Chevassut, O., Pointcheval, D.: One-time verifier-based encrypted key exchange. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 47–64. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution: the Three Party Case. In: Proceedings of the 27th ACM Symposium on Theory of Computing, Las Vegas, Nevada,U.S.A, pp. 57–66. ACM Press, New York (1995)Google Scholar
  7. 7.
    Bellare, M., Rogaway, P.: The AuthA Protocol for Password-Based Authenticated Key Exchange. In: Contribution to the IEEE P1363 study group for Future PKC Standards (2002), Available from
  8. 8.
    Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: IEEE symposium on Research in Security and Privacy, Oakland, California, USA, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)CrossRefGoogle Scholar
  9. 9.
    Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and reduced SHA-1. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Čagalj, M., Čapkun, S., Hubaux, J.-P.: Key Agreement in Peer-to-Peer Wireless Networks. The Proceedings of the IEEE, late (2005) (to appear)Google Scholar
  12. 12.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22, 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Gehrmann, C., Mitchell, C., Nyberg, K.: Manual Authentication for Wireless Devices. RSA Cryptobytes 7, 29–37 (2004)Google Scholar
  14. 14.
    Gehrmann, C., Nyberg, K.: Security in Personal Area Networks. In: Mitchell, C. (ed.) Security for Mobility, pp. 191–230. IEE (2004)Google Scholar
  15. 15.
    Hoepman, J.-H.: The ephemeral pairing problem. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 212–226. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Jakobsson, M., Wetzel, S.: Security weaknesses in bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 176–191. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    MacKenzie, P.: The PAK Suite: Protocols for Password-Authenticated Key Exchange. Technical report No. 2002-46. DIMACS Center, Rutgers University (2002), Available from
  19. 19.
    Merkle, R.C.: Secure Communications over Insecure Channels. Communication of the ACM 21, 294–299 (1978)CrossRefGoogle Scholar
  20. 20.
    Pasini, S., Vaudenay, S.: An optimal non-interactive message authentication protocol. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 280–294. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Rivest, R.L.: The MD5 Message Digest Algorithm. RFC 1321 (1992)Google Scholar
  22. 22.
    Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)Google Scholar
  23. 23.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis for Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  24. 24.
    Wang, X., Yu, H., Yin, Y.L.: Efficient collision search attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)Google Scholar
  25. 25.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  26. 26.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  27. 27.
    Wu, T.: The Secure Remote Password Protocol. In: Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pp. 97–111. The Internet Society, San Diego (1998)Google Scholar
  28. 28.
    Wu, T.: The SRP Authentication and Key Exchange System. In: RFC 2945 standard track, The Internet Society, San Diego (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Serge Vaudenay
    • 1
  1. 1.EPFLLausanneSwitzerland

Personalised recommendations