Advertisement

Revisiting Bluetooth Security (Short Paper)

Conference paper
  • 1.6k Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5352)

Abstract

Bluetooth technology is gaining increasing interest in the research community because of the convenience of exchanging information between wireless devices. As the communication medium is wireless, security is an important concern in this emerging technology. This paper discusses the basic security of Bluetooth technology, some of its shortcomings and presents two new proposals for securing Bluetooth technology. One of the proposals is based on passkey-authenticated key exchange, where security relies on keyed hash function, and the other one is on amplified passkey-authenticated key exchange, where security relies on elliptic curve discrete logarithms problem. The latter provides some additional security services, but with added cost compared to the former one. Both protocols provide mutual authentication, resist known and possible threats, and achieve efficiency compared to other protocols.

Keywords

Bluetooth technology Bluetooth security Authentication Privacy Wireless communications 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bluetooth Special Interest Group. Bluetooth Baseband Specification. Specifications of the Bluetooth System, 1.1 (2001)Google Scholar
  2. 2.
    IEEE P802.15 Working Group for WPANs, Cluster Tree Network (2001)Google Scholar
  3. 3.
    Bluetooth Special Interest Group. Bluetooth Core Specification plus Enhanced Data Rate. Specification of the Bluetooth System, 2.1 (2007)Google Scholar
  4. 4.
    Bluetooth Special Interest Group. Bluetooth Security WhitePaper, 1.0 (2002)Google Scholar
  5. 5.
    Bluetooth Special Interest Group. Bluetooth Security Specification. Specification of the Bluetooth System, 1.2 (2003)Google Scholar
  6. 6.
    Bellovin, S.M., Meritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: Proc. of the IEEE Symposium on Research in Security and Privacy, pp. 72–74 (1992)Google Scholar
  7. 7.
    Bellovin, S.M., Meritt, M.: Augmented Encrypted Key Exchange: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise. In: Proc. of the ACM Conference on Computer and Communications Security, pp. 244–250 (1993)Google Scholar
  8. 8.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Jablon, D.: Strong Password-Only Authenticated Key Exchange. Computer Communication Review 26(5), 5–26 (1996)CrossRefGoogle Scholar
  10. 10.
    Kwon, T.: Authentication and key agreement via memorable password. Contribution to the IEEE P1363 study group for Future PKC Standards (2000)Google Scholar
  11. 11.
    MacKenzie, P.: The PAK suite: Protocols for Password-Authenticated Key Exchange. DIMACS Technical Report 2002-46 (2002)Google Scholar
  12. 12.
    Shaked, Y., Wool, A.: Cracking the Bluetooth PIN. In: Proc. of the International Conference on Mobile systems, applications, and services, pp. 39–50. ACM Press, New York (2005)Google Scholar
  13. 13.
    Wong, F.L., Stajano, F., Clulow, J.: Repairing the Bluetooth pairing protocol. In: Proc. of the International Conference on Security Protocols. LNCS. Springer, Heidelberg (2005)Google Scholar
  14. 14.
    Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020. Springer, Heidelberg (2001)Google Scholar
  15. 15.
    V. Kostakos. The privacy implications of Bluetooth. ArXiv (2008) (Retrived on May 15, 2008), http://arxiv.org/pdf/0804.3752
  16. 16.
    Juels, A.: RIFD Security and privacy: a research survey. IEEE Journal On Selected Areas In Communications 24(2), 381–394 (2006)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Frankel, S., Kelly, S.: The HMAC-SHA-256-128 Algorithm and Its Use With IPsec. draft-ietf-ipsec-ciph-sha-256-01.txt (2002)Google Scholar
  18. 18.
    Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–209 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Massey, J., Khachatrian, G., Kuregian, M.: Nomination of SAFER+ as Candidate Algorithm for the Advanced Encryption Standard. In: Proc. of the AES Candidate Conference (1998)Google Scholar
  20. 20.
    Bluetooth Special Interest Group. Simple Pairing Whitepaper. Core Specification Working Group, V10r00 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  1. 1.Dhirubhai Ambani Institute of Information and Communication TechnologyGandhinagarIndia
  2. 2.Department of Computer ScienceOld Dominion UniversityNorfolkUSA

Personalised recommendations