Analyzing the Secure Simple Pairing in Bluetooth v4.0

Phan, Raphaël C.‐W.; Mingard, Patrick

doi:10.1007/s11277-010-0215-1

Cited by 18 publications

(13 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed MITM attacks exploit the falsification of information sent during the IO capabilities exchange and the fact that the security of SSP is likely to be limited by the capabilities of the least powerful or the least secure device type. Phan and Mingard [17] mainly analyzed the numeric comparison, passkey entry, and OOB association models using the MITM attacks, providing that one device is malicious. Barnickel et al [18] explored a MITM attack on the passkey entry association model, when the attacker prevents the pairing process to successfully complete and the user inputs the same passkey twice.…”

Section: Previous Work On Secure Simple Pairingmentioning

confidence: 99%

“…Under the home network environments, Bluetooth devices are identifiable and trustable, because they always belong to the home members. Since Phan-Mingard's MITM attack [17] uses the outside device, it is not regarded as a serious threat for SSP under the passkey entry association model. That is to say, the home member would be cautious, when he finds that the unfamiliar Bluetooth device tries to pair his Bluetooth Note that the home members are perhaps apt to sharing and reusing the passkey.…”

Section: Home Network Application Of Improved Passkey Entry Protocolmentioning

confidence: 99%

See 1 more Smart Citation

Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5.0 and its countermeasure

Sun

Susilo

2017

Pers Ubiquit Comput

View full text Add to dashboard Cite

Bluetooth devices are widely employed in the home network systems. It is important to secure the home members' Bluetooth devices, because they always store and transmit personal sensitive information. In the Bluetooth standard, Secure Simple Pairing (SSP) is an essential security mechanism for Bluetooth devices. We examine the security of SSP in the recent Bluetooth standard V5.0. The passkey entry association model in SSP is analyzed under the man-in-the-middle (MITM) attacks. Our contribution is twofold. (1) We demonstrate that the passkey entry association model is vulnerable to the MITM attack, once the host reuses the passkey. (2) An improved passkey entry protocol is therefore designed to fix the reusing passkey defect in the passkey entry association model. The improved passkey entry protocol can be easily adapted to the Bluetooth standard, because it only uses the basic cryptographic components existed in the Bluetooth standard. Our research results are beneficial to the security enhancement of Bluetooth devices in the home network systems.

show abstract

Section: Previous Work On Secure Simple Pairingmentioning

confidence: 99%

Section: Home Network Application Of Improved Passkey Entry Protocolmentioning

confidence: 99%

Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5.0 and its countermeasure

Sun

Susilo

2017

Pers Ubiquit Comput

View full text Add to dashboard Cite

show abstract

“…Considering all these aspects, a comparison between solutions needs to be performed. Although there are several papers dedicated to Bluetooth analysis (such as [ 5 , 6 , 7 ]), or ZigBee evaluation (such as [ 8 , 9 ]), very few compare these technologies (one probable cause may be that they were developed in the beginning for different purposes). ZigBee is an unusual choice for a vehicular communication protocol, or even communication between moving devices, but has great advantages from the power consumption point of view.…”

Section: Background and Related Workmentioning

confidence: 99%

Use of Energy Efficient Sensor Networks to Enhance Dynamic Data Gathering Systems: A Comparative Study between Bluetooth and ZigBee

Gheorghiu

Iordache

2018

Sensors

View full text Add to dashboard Cite

As road traffic conditions worsen due to the constantly increasing number of cars, traffic management systems are struggling to provide a suitable environment, by gathering all the relevant information from the road network. However, in most cases these are obtained via traffic detectors placed near road junctions, thus providing no information on the conditions in between. A large-scale sensor network using detectors on the majority of vehicles would certainly be capable of providing useful data, but has two major impediments: the equipment installed on the vehicles should be cheap enough (assuming the willingness of private car owners to be a part of the network) and be capable of transferring the required amount of data in due time, as the vehicle passes by the road side unit that acts as interface with the traffic management system. These restrictions reduce the number of technologies that can be used. In this article a series of comprehensive tests have been performed to evaluate the Bluetooth and ZigBee protocols for this purpose from many points of view: handshake time, static and dynamic data transfer (in laboratory conditions and in real traffic conditions). An assessment of the environmental conditions (during tests and probable to be encountered in real conditions) was also provided.

show abstract

“…The continued use of SSP in the Bluetooth protocol stack allows nearly all Bluetooth-enabled devices to remain vulnerable to MitM attacks, regardless of manufacturer or Bluetooth protocol version [40]. Phan and Mingard [25] demonstrated that the SSP protocol used in Bluetooth v4.0 (released 2010) is just as vulnerable to MitM attacks as it is in v2.1 (released 2007). These researchers were able to successfully replicate the attack methods utilized by Lindell [24] four years later.…”

Section: B Bluetooth Low Energy Researchmentioning

confidence: 99%

Digital Blues: An Investigation Into the Use of Bluetooth Protocols

Ledbetter

Glisson

McDonald

et al. 2018

2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/ 12th IEEE International

View full text Add to dashboard Cite

The proliferation of Bluetooth mobile device communications into all aspects of modern society raises security questions by both academicians and practitioners. This environment prompted an investigation into the real-world use of Bluetooth protocols along with an analysis of documented security attacks. The experiment discussed in this paper collected data for one week in a local coffee shop. The data collection took about an hour each day and identified 478 distinct devices. The contribution of this research is two-fold. First, it provides insight into real-world Bluetooth protocols that are being utilized by the general public. Second, it provides foundational research that is necessary for future Bluetooth penetration testing research.

show abstract

Analyzing the Secure Simple Pairing in Bluetooth v4.0

Cited by 18 publications

References 18 publications

Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5.0 and its countermeasure

Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5.0 and its countermeasure

Use of Energy Efficient Sensor Networks to Enhance Dynamic Data Gathering Systems: A Comparative Study between Bluetooth and ZigBee

Digital Blues: An Investigation Into the Use of Bluetooth Protocols

Contact Info

Product

Resources

About