Two practical man-in-the-middle attacks on Bluetooth secure simple pairing and countermeasures

Haataja, Keijo; Toivanen, Pekka

doi:10.1109/twc.2010.01.090935

Cited by 73 publications

(49 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Distance-bounding is a well-researched area of cryptography [1], [3]- [10], [12], [13], [15], [17]- [20], [23], [24], [26], though the approach in most works is mostly informal. The two formal frameworks due to Avoine et al [3] and Dürholz et al [15] both concur in defining distance-bounding as an authentication protocol where the verifier is convinced that the prover is in its neighborhood.…”

Section: Introductionmentioning

confidence: 99%

Mafia fraud attack against the RČ Distance-Bounding Protocol

Mitrokotsa

Onete

Vaudenay

2012

2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA)

View full text Add to dashboard Cite

Abstract-At ACM CCS 2008, Rasmussen andČapkun introduced a distance-bounding protocol [22] (henceforth RČ protocol) where the prover and verifier use simultaneous transmissions and the verifier counts the delay between sending a challenge (starting with a hidden marker) and receiving the response. Thus, the verifier is able to compute an upper bound on the distance separating it and the prover. Distance bounding protocols should resist to the most classical types of attacks such as distance fraud and mafia fraud. In mafia fraud, a man-in-the-middle adversary attempts to prove to a legitimate verifier that the prover is in the verifier's proximity, even though the prover is in reality far away and does not wish to run the protocol. The RČ protocol was only claiming to resist distance fraud attacks. In this paper, we show a concrete mafia fraud attack against the RČ protocol, which relies on replaying the prover nonce which was used in a previous session between a legitimate prover and the verifier. This attack has a large probability of success. We propose a new protocol called LPDB that is not vulnerable to the presented attack. It offers state-of-the-art security in addition to the notion of location privacy achieved by the RČ protocol.

show abstract

Section: Introductionmentioning

confidence: 99%

Mafia fraud attack against the RČ Distance-Bounding Protocol

Mitrokotsa

Onete

Vaudenay

2012

2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA)

View full text Add to dashboard Cite

show abstract

“…The protocol specifies the necessary steps for two Bluetooth devices to establish a shared common link for subsequent secure communications (Phan and Mingard, 2012). The SSP protocol consists of the following six phases (Haataja and Toivanen, 2010):  Capabilities exchanged: Devices that are pairing for the first time or are re-pairing, exchange their Input/Output (IO) capabilities in order to determine the appropriate association model to use for the pairing. In the case of mobile devices, which have access to displays and keyboards, the Numeric Comparison (NC) model is used.…”

Section: Bluetooth Technologymentioning

confidence: 99%

Bluetooth Command and Control channel

Pieterse

Olivier

2014

Computers & Security

View full text Add to dashboard Cite

Bluetooth is popular technology for short-range communications and is incorporated in mobile devices such as smartphones, tablet computers and laptops. Vulnerabilities associated with Bluetooth technology led to improved security measures surrounding Bluetooth connections. Besides the improvement in security features, Bluetooth technology is still plagued by vulnerability exploits. This paper explores the development of a physical Bluetooth C&C channel, moving beyond previous research that mostly relied on simulations. In order to develop a physical channel, certain requirements must be fulfilled and specific aspects regarding Bluetooth technology must be taken into consideration. To measure performance, the newly designed Bluetooth C&C channel is executed in a controlled environment using the Android operating system as a development platform. The results show that a physical Bluetooth C&C channel is indeed possible and the paper concludes by identifying potential strengths and weaknesses of the new channel.

show abstract

“…This is because even if the user correctly checks that the numbers displayed on both devices are equal, they may not necessarily be involved in the same intended session. Haataja et al [7][8][9][10] exploited the fact that prior to SSP the devices exchange their respective input/output capabilities without any authentication, and so describe that one could modify these exchange messages to force devices to use the Just Works (JW) association model whose SSP is not designed to resist MitM attacks, thus leading to an MitM attack on the devices. Raphael and Patrick [3] have done an extensive analysis of the different association models with respect to secure simple pairing in Bluetooth 4.0 for both (BR/EDR) and LE operational modes.…”

Section: Related Workmentioning

confidence: 99%

Analysis of Bluetooth threats and v4.0 security features

Sandhya¹,

Devi²

2012

2012 International Conference on Computing, Communication and Applications

View full text Add to dashboard Cite

The advent of Bluetooth technology has made wireless communication easier. Any new invention or improvement is viewed very closely by people who are looking to gain information in an unauthorized manner. Security in any area is given more importance as it leads to better product and satisfied customers. The initial days of any technological invention is more challenging as they deal with new issues every day. The product/ invention needs to keep evolving to address the growing list of new features requirement and handling of security issues. Bluetooth security has evolved a lot with different versions of blue tooth. Keeping in mind the growing list of Bluetooth products in the market, there has been lot of improvements done in the version 4.0 of Bluetooth. The LE (Low Energy) operational mode which is new in version 4.0 has slightly different security association models. In this paper, a review of the recent studies in the analysis of Bluetooth security issues and new security features of v4.0 is done. Specifically the paper covers secure simple pairing in Bluetooth normal mode and low energy mode. For each threat, the particular issues are addressed and a review of major approaches to improve security of Bluetooth communication using secure simple pairing is discussed.

show abstract

Two practical man-in-the-middle attacks on Bluetooth secure simple pairing and countermeasures

Cited by 73 publications

References 12 publications

Mafia fraud attack against the RČ Distance-Bounding Protocol

Mafia fraud attack against the RČ Distance-Bounding Protocol

Bluetooth Command and Control channel

Analysis of Bluetooth threats and v4.0 security features

Contact Info

Product

Resources

About

Two practical man-in-the-middle attacks on Bluetooth secure simple pairing and countermeasures

Cited by 73 publications

References 12 publications

Mafia fraud attack against the R&#x010C; Distance-Bounding Protocol

Mafia fraud attack against the R&#x010C; Distance-Bounding Protocol

Bluetooth Command and Control channel

Analysis of Bluetooth threats and v4.0 security features

Contact Info

Product

Resources

About

Mafia fraud attack against the RČ Distance-Bounding Protocol

Mafia fraud attack against the RČ Distance-Bounding Protocol