Repairing the Bluetooth Pairing Protocol

8 years 10 months ago
Repairing the Bluetooth Pairing Protocol
Abstract. We implement and demonstrate a passive attack on the Bluetooth authentication protocol used to connect two devices to each other. Using a protocol analyzer and a brute-force attack on the PIN, we recover the link key shared by two devices. With this secret we can then decrypt any encrypted traffic between the devices as well as, potentially, impersonate the devices to each other. We then implement an alternative pairing protocol that is more robust against passive attacks and against active man-in-the-middle attacks. The price of the added security offered by the new protocol is its use of asymmetric cryptography, traditionally considered infeasible on handheld devices. We show that an implementation based on elliptic curves is well within the possibility of a modern handphone and has negligible effects on speed and user experience.
Frank Stajano
Added 28 Jun 2010
Updated 28 Jun 2010
Type Conference
Year 2005
Where SPW
Authors Frank Stajano
Comments (0)