Vulnerability and Enhancement on Bluetooth Pairing and Link Key Generation Scheme for Security Modes 2 and 3
According to adopted Bluetooth standard specifications, we examine the security of the pairing and link key generation scheme for Security Modes 2 and 3. The contribution is threefold. (1) It is demonstrated that the pairing and link key generation scheme for Security Modes 2 and 3 suffers the known-key attack. That is, the attacker without any long-term secret key is able to impersonate the targeted Bluetooth device at any time, once he obtains a short-term secret key, i.e., the initialization key, in its previous successful run. (2) An improved scheme is therefore proposed to overcome the known-key attack. (3) A security model is also presented to check the improved scheme. The improved scheme provably prevents the known-key attack on the original pairing and link key generation scheme for Security Modes 2 and 3. In addition, the improved scheme is more efficient than the original pairing and link key generation scheme.
KeywordsBluetooth standard Pairing Link key generation Known-key attack Security model Bluetooth device
We thank the anonymous reviewers for their useful comments. The work of Dr. Da-Zhi Sun was supported in part by the State Scholarship Fund of the China Scholarship Council, in part by the Open Project of Shanghai Key Laboratory of Trustworthy Computing under Grant No. 07dz22304201402, and in part by National Natural Science Foundation of China under Grant Nos. 61003306 and 61272106.
- 1.Bluetooth Special Interest Group (SIG) (2016). https://www.bluetooth.org/en-us
- 2.Hager, C.T., Midkiff, S.F.: An analysis of Bluetooth security vulnerabilities. In: Proceedings of IEEE Wireless Communications and Networking Conference-WCNC 2003, New Orleans, LA, USA, vol. 3, pp. 1825–1831. IEEE Communications Society (2003)Google Scholar
- 7.Xu, J.F., Zhang, T., Lin, D., Mao, Y., Liu, X.N., Chen, S.W., Shao, S., Tian, B., Yi, S.W.: Pairing and authentication security technologies in low-power Bluetooth. In: Proceedings of the 2013 IEEE International Conference on Green Computing and Communications-GreenCom, the 2013 IEEE International Conference on Internet of Things-iThings, the 2013 IEEE International Conference on and IEEE Cyber, Physical and Social Computing-CPSCom, Beijing, China, pp. 1081–1085. IEEE Computer Society (2013)Google Scholar
- 8.Mandal, B.K., Bhattacharyya, D., Kim, T.H.: An architecture design for wireless authentication security in Bluetooth network. Int. J. Secur. Appl. 8(3), 1–8 (2014)Google Scholar
- 9.Padgette, J., Scarfone, K., Chen, L.: Guide to Bluetooth security: recommendations of the National Institute of Standards and Technology. National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Special Publication 800-121 Revision 1 June 2012. http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf
- 10.Specification of the Bluetooth System, Covered Core Package Version: 4.2, Master Table of Contents & Compliance Requirements, Bluetooth SIG Proprietary, December 2014. https://www.bluetooth.com/specifications/adopted-specifications
- 11.Specification of the Bluetooth System, Supplement to the Bluetooth Core Specification, CSSv6, Bluetooth SIG Proprietary, July 2015. https://www.bluetooth.com/specifications/adopted-specifications