Title :
Implementing an Attack on Bluetooth 2.1+ Secure Simple Pairing in Passkey Entry Mode
Author :
Barnickel, Johannes ; Wang, Jian ; Meyer, Ulrike
Author_Institution :
IT Security Res. Group, RWTH Aachen Univ., Aachen, Germany
Abstract :
Due to the serious security issues found in early Bluetooth revisions, Bluetooth revision 2.1 (and later) uses a new pairing process called Secure Simple Pairing (SSP). SSP allows two devices to establish a link key based on a Diffie-Hellman key agreement and supports four methods to authenticate the key agreement. One of these methods is called Passkey Entry method, which uses a PIN entered on one or both devices. The Passkey Entry method has been shown to leak this PIN to any attacker eavesdropping on the first part of the pairing process. If in addition, the attacker can prevent the pairing process to successfully complete and the user uses the same PIN twice (or a fixed PIN is used), the attacker can mount a man-in-the-middle attack on a new run of the pairing process. In this paper, we explore the practicality of this attack and show that it is should be taken very seriously. Lacking devices with a reasonably programmable Bluetooth stack to implement the attack upon, we created Bluetrial: our own implementation of the relevant Bluetooth parts using the GNU Radio platform on USRP and USRP2 devices.
Keywords :
Bluetooth; security of data; Bluetooth 2.1; Bluetrial; Diffie-Hellman key agreement; GNU radio platform; SSP; USRP2 devices; man-in-the-middle attack; pairing process; passkey entry mode; secure simple pairing; Conferences; Privacy; Security; attack; bluetooth; fix pin; fixed pin; gnu radio; man in the middle; passkey entry; pin reuse; secure simple pairing; software defined radio; usrp; wireless security;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4673-2172-3
DOI :
10.1109/TrustCom.2012.182
