On the security of password-based pairing protocol in Bluetooth

Chia Ming Fan; Shiuhpyng Shieh; Bing Han Li

doi:10.1109/APNOMS.2011.6076998

On the security of password-based pairing protocol in Bluetooth

Chia Ming Fan^*, Shiuhpyng Shieh, Bing Han Li

^*Corresponding author for this work

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

Bluetooth is a popular wireless communication technique, providing connection between portable or stationary devices in close range. A procedure called pairing needs to be performed when two devices intend to connect with each other in order to form a trusted pair and generate secret keys to protect the link. There are several modes of Bluetooth pairing, and password-based is the most convenient and prevalent way. In this paper, we discover a potential vulnerability in the password-based pairing protocol of the latest Bluetooth v4.0 proposed in 2010, which makes password guessing possible. To cope with the problem, a new scheme is proposed which can mitigate the network threats, and is compatible with the hardware of legacy Bluetooth devices. Note that our modification does not affect Bluetooth users' custom. This makes it a suitable replacement for the new Bluetooth pairing protocol.

Original language	English
Title of host publication	APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium
Subtitle of host publication	Managing Clouds, Smart Networks and Services, Final Program
DOIs	https://doi.org/10.1109/APNOMS.2011.6076998
State	Published - 15 Dec 2011
Event	13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, APNOMS 2011 - Taipei, Taiwan Duration: 21 Sep 2011 → 23 Sep 2011

Publication series

Name	APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program

Conference

Conference	13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, APNOMS 2011
Country	Taiwan
City	Taipei
Period	21/09/11 → 23/09/11

Keywords

Bluetooth pairing
Bluetooth PIN authentication
password-based authenticated key exchange

Access to Document

10.1109/APNOMS.2011.6076998

Link to publication in Scopus

Fingerprint Dive into the research topics of 'On the security of password-based pairing protocol in Bluetooth'. Together they form a unique fingerprint.

Cite this

Fan, C. M., Shieh, S., & Li, B. H. (2011). On the security of password-based pairing protocol in Bluetooth. In APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program [6076998] (APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program). https://doi.org/10.1109/APNOMS.2011.6076998

Fan, Chia Ming ; Shieh, Shiuhpyng ; Li, Bing Han. / On the security of password-based pairing protocol in Bluetooth. APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program. 2011. (APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program).

@inproceedings{04325b1c003944d688bd37002fcfee03,

title = "On the security of password-based pairing protocol in Bluetooth",

abstract = "Bluetooth is a popular wireless communication technique, providing connection between portable or stationary devices in close range. A procedure called pairing needs to be performed when two devices intend to connect with each other in order to form a trusted pair and generate secret keys to protect the link. There are several modes of Bluetooth pairing, and password-based is the most convenient and prevalent way. In this paper, we discover a potential vulnerability in the password-based pairing protocol of the latest Bluetooth v4.0 proposed in 2010, which makes password guessing possible. To cope with the problem, a new scheme is proposed which can mitigate the network threats, and is compatible with the hardware of legacy Bluetooth devices. Note that our modification does not affect Bluetooth users' custom. This makes it a suitable replacement for the new Bluetooth pairing protocol.",

keywords = "Bluetooth pairing, Bluetooth PIN authentication, password-based authenticated key exchange",

author = "Fan, {Chia Ming} and Shiuhpyng Shieh and Li, {Bing Han}",

year = "2011",

month = dec,

day = "15",

doi = "10.1109/APNOMS.2011.6076998",

language = "English",

isbn = "9781457716706",

series = "APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program",

booktitle = "APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium",

note = "null ; Conference date: 21-09-2011 Through 23-09-2011",

}

Fan, CM, Shieh, S & Li, BH 2011, On the security of password-based pairing protocol in Bluetooth. in APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program., 6076998, APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program, 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, APNOMS 2011, Taipei, Taiwan, 21/09/11. https://doi.org/10.1109/APNOMS.2011.6076998

On the security of password-based pairing protocol in Bluetooth. / Fan, Chia Ming; Shieh, Shiuhpyng; Li, Bing Han.

APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program. 2011. 6076998 (APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the security of password-based pairing protocol in Bluetooth

AU - Fan, Chia Ming

AU - Shieh, Shiuhpyng

AU - Li, Bing Han

PY - 2011/12/15

Y1 - 2011/12/15

N2 - Bluetooth is a popular wireless communication technique, providing connection between portable or stationary devices in close range. A procedure called pairing needs to be performed when two devices intend to connect with each other in order to form a trusted pair and generate secret keys to protect the link. There are several modes of Bluetooth pairing, and password-based is the most convenient and prevalent way. In this paper, we discover a potential vulnerability in the password-based pairing protocol of the latest Bluetooth v4.0 proposed in 2010, which makes password guessing possible. To cope with the problem, a new scheme is proposed which can mitigate the network threats, and is compatible with the hardware of legacy Bluetooth devices. Note that our modification does not affect Bluetooth users' custom. This makes it a suitable replacement for the new Bluetooth pairing protocol.

AB - Bluetooth is a popular wireless communication technique, providing connection between portable or stationary devices in close range. A procedure called pairing needs to be performed when two devices intend to connect with each other in order to form a trusted pair and generate secret keys to protect the link. There are several modes of Bluetooth pairing, and password-based is the most convenient and prevalent way. In this paper, we discover a potential vulnerability in the password-based pairing protocol of the latest Bluetooth v4.0 proposed in 2010, which makes password guessing possible. To cope with the problem, a new scheme is proposed which can mitigate the network threats, and is compatible with the hardware of legacy Bluetooth devices. Note that our modification does not affect Bluetooth users' custom. This makes it a suitable replacement for the new Bluetooth pairing protocol.

KW - Bluetooth pairing

KW - Bluetooth PIN authentication

KW - password-based authenticated key exchange

UR - http://www.scopus.com/inward/record.url?scp=83255165557&partnerID=8YFLogxK

U2 - 10.1109/APNOMS.2011.6076998

DO - 10.1109/APNOMS.2011.6076998

M3 - Conference contribution

AN - SCOPUS:83255165557

SN - 9781457716706

T3 - APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program

BT - APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium

Y2 - 21 September 2011 through 23 September 2011

ER -

Fan CM, Shieh S, Li BH. On the security of password-based pairing protocol in Bluetooth. In APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program. 2011. 6076998. (APNOMS 2011 - 13th Asia-Pacific Network Operations and Management Symposium: Managing Clouds, Smart Networks and Services, Final Program). https://doi.org/10.1109/APNOMS.2011.6076998