Analyzing the Secure Simple Pairing in Bluetooth v4.0 |
| |
Authors: | Raphael C-W Phan Patrick Mingard |
| |
Affiliation: | (1) IBM T.J. Watson Research Center, P.O.Box 704, Yorktown Heights, NY 10598, USA; |
| |
Abstract: | This paper analyzes the security of Bluetooth v4.0’s Secure Simple Pairing (SSP) protocol, for both the Bluetooth Basic Rate/Enhanced
Data Rate (BR/EDR) and Bluetooth Low Energy (LE) operational modes. Bluetooth v4.0 is the latest version of a wireless communication
standard for low-speed and low-range data transfer among devices in a human’s PAN. It allows increased network mobility among
devices such as headsets, PDAs, wireless keyboards and mice. A pairing process is initiated when two devices desire to communicate,
and this pairing needs to correctly authenticate devices so that a secret link key is established for secure communication.
What is interesting is that device authentication relies on humans to communicate verification information between devices
via a human-aided out-of-band channel. Bluetooth v4.0’s SSP protocol is designed to offer security against passive eavesdropping
and man-in-the-middle (MitM) attacks. We conduct the first known detailed analysis of SSP for all its MitM-secure models.
We highlight some issues related to exchange of public keys and use of the passkey in its models and discuss how to treat
them properly. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|