Abstract
Bluetooth technology is gaining increasing interest in the research community because of the convenience of exchanging information between wireless devices. As the communication medium is wireless, security is an important concern in this emerging technology. This paper discusses the basic security of Bluetooth technology, some of its shortcomings and presents two new proposals for securing Bluetooth technology. One of the proposals is based on passkey-authenticated key exchange, where security relies on keyed hash function, and the other one is on amplified passkey-authenticated key exchange, where security relies on elliptic curve discrete logarithms problem. The latter provides some additional security services, but with added cost compared to the former one. Both protocols provide mutual authentication, resist known and possible threats, and achieve efficiency compared to other protocols.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bluetooth Special Interest Group. Bluetooth Baseband Specification. Specifications of the Bluetooth System, 1.1 (2001)
IEEE P802.15 Working Group for WPANs, Cluster Tree Network (2001)
Bluetooth Special Interest Group. Bluetooth Core Specification plus Enhanced Data Rate. Specification of the Bluetooth System, 2.1 (2007)
Bluetooth Special Interest Group. Bluetooth Security WhitePaper, 1.0 (2002)
Bluetooth Special Interest Group. Bluetooth Security Specification. Specification of the Bluetooth System, 1.2 (2003)
Bellovin, S.M., Meritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: Proc. of the IEEE Symposium on Research in Security and Privacy, pp. 72–74 (1992)
Bellovin, S.M., Meritt, M.: Augmented Encrypted Key Exchange: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise. In: Proc. of the ACM Conference on Computer and Communications Security, pp. 244–250 (1993)
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)
Jablon, D.: Strong Password-Only Authenticated Key Exchange. Computer Communication Review 26(5), 5–26 (1996)
Kwon, T.: Authentication and key agreement via memorable password. Contribution to the IEEE P1363 study group for Future PKC Standards (2000)
MacKenzie, P.: The PAK suite: Protocols for Password-Authenticated Key Exchange. DIMACS Technical Report 2002-46 (2002)
Shaked, Y., Wool, A.: Cracking the Bluetooth PIN. In: Proc. of the International Conference on Mobile systems, applications, and services, pp. 39–50. ACM Press, New York (2005)
Wong, F.L., Stajano, F., Clulow, J.: Repairing the Bluetooth pairing protocol. In: Proc. of the International Conference on Security Protocols. LNCS. Springer, Heidelberg (2005)
Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020. Springer, Heidelberg (2001)
V. Kostakos. The privacy implications of Bluetooth. ArXiv (2008) (Retrived on May 15, 2008), http://arxiv.org/pdf/0804.3752
Juels, A.: RIFD Security and privacy: a research survey. IEEE Journal On Selected Areas In Communications 24(2), 381–394 (2006)
Frankel, S., Kelly, S.: The HMAC-SHA-256-128 Algorithm and Its Use With IPsec. draft-ietf-ipsec-ciph-sha-256-01.txt (2002)
Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–209 (1987)
Massey, J., Khachatrian, G., Kuregian, M.: Nomination of SAFER+ as Candidate Algorithm for the Advanced Encryption Standard. In: Proc. of the AES Candidate Conference (1998)
Bluetooth Special Interest Group. Simple Pairing Whitepaper. Core Specification Working Group, V10r00 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Das, M.L., Mukkamala, R. (2008). Revisiting Bluetooth Security (Short Paper). In: Sekar, R., Pujari, A.K. (eds) Information Systems Security. ICISS 2008. Lecture Notes in Computer Science, vol 5352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89862-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-89862-7_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89861-0
Online ISBN: 978-3-540-89862-7
eBook Packages: Computer ScienceComputer Science (R0)