TY - GEN
T1 - On the security of password-based pairing protocol in Bluetooth
AU - Fan, Chia Ming
AU - Shieh, Shiuhpyng
AU - Li, Bing Han
PY - 2011/12/15
Y1 - 2011/12/15
N2 - Bluetooth is a popular wireless communication technique, providing connection between portable or stationary devices in close range. A procedure called pairing needs to be performed when two devices intend to connect with each other in order to form a trusted pair and generate secret keys to protect the link. There are several modes of Bluetooth pairing, and password-based is the most convenient and prevalent way. In this paper, we discover a potential vulnerability in the password-based pairing protocol of the latest Bluetooth v4.0 proposed in 2010, which makes password guessing possible. To cope with the problem, a new scheme is proposed which can mitigate the network threats, and is compatible with the hardware of legacy Bluetooth devices. Note that our modification does not affect Bluetooth users' custom. This makes it a suitable replacement for the new Bluetooth pairing protocol.
AB - Bluetooth is a popular wireless communication technique, providing connection between portable or stationary devices in close range. A procedure called pairing needs to be performed when two devices intend to connect with each other in order to form a trusted pair and generate secret keys to protect the link. There are several modes of Bluetooth pairing, and password-based is the most convenient and prevalent way. In this paper, we discover a potential vulnerability in the password-based pairing protocol of the latest Bluetooth v4.0 proposed in 2010, which makes password guessing possible. To cope with the problem, a new scheme is proposed which can mitigate the network threats, and is compatible with the hardware of legacy Bluetooth devices. Note that our modification does not affect Bluetooth users' custom. This makes it a suitable replacement for the new Bluetooth pairing protocol.
KW - Bluetooth pairing
KW - Bluetooth PIN authentication
KW - password-based authenticated key exchange
UR - http://www.scopus.com/inward/record.url?scp=83255165557&partnerID=8YFLogxK
U2 - 10.1109/APNOMS.2011.6076998
DO - 10.1109/APNOMS.2011.6076998
M3 - Conference contribution
AN - SCOPUS:83255165557
SN - 9781457716706
T3 - APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program
BT - APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium
Y2 - 21 September 2011 through 23 September 2011
ER -