Design, implementation and security analysis of Bluetooth pairing protocol in NS2

Gajbhiye, Samta; Sharma, Manoj; Karmkar, Sanjeev; Sharma, Sanjay

doi:10.1109/icacci.2016.7732294

Cited by 5 publications

(6 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Albahar et al [19][20][21] presented some countermeasures for SSP to prevent MITM attacks such as using new precautionary steps in the just works association model and building the virtual channel. Gajbhiye et al [22] presented the simulation and the security analysis of the numeric comparison association model in the network simulator NS2.…”

Section: Previous Work On Secure Simple Pairingmentioning

confidence: 99%

Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5.0 and its countermeasure

Sun

Susilo

2017

Pers Ubiquit Comput

View full text Add to dashboard Cite

Bluetooth devices are widely employed in the home network systems. It is important to secure the home members' Bluetooth devices, because they always store and transmit personal sensitive information. In the Bluetooth standard, Secure Simple Pairing (SSP) is an essential security mechanism for Bluetooth devices. We examine the security of SSP in the recent Bluetooth standard V5.0. The passkey entry association model in SSP is analyzed under the man-in-the-middle (MITM) attacks. Our contribution is twofold. (1) We demonstrate that the passkey entry association model is vulnerable to the MITM attack, once the host reuses the passkey. (2) An improved passkey entry protocol is therefore designed to fix the reusing passkey defect in the passkey entry association model. The improved passkey entry protocol can be easily adapted to the Bluetooth standard, because it only uses the basic cryptographic components existed in the Bluetooth standard. Our research results are beneficial to the security enhancement of Bluetooth devices in the home network systems.

show abstract

Section: Previous Work On Secure Simple Pairingmentioning

confidence: 99%

Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5.0 and its countermeasure

Sun

Susilo

2017

Pers Ubiquit Comput

View full text Add to dashboard Cite

show abstract

“…Typical device pairing protocols perform a Diffie-Hellman (DH) or an Elliptic Curve Diffie-Hellman (ECDH) key exchange over the in-band wireless channel and then use a human-assisted out-of-band (OOB) channel to thwart potential impersonation and man-in-themiddle attackers in the in-band channel. Several researchers have studied the security and usability of device pairing protocols in significant detail [22,26,30,42]. The existing literature assumes a powerful Dolev-Yao type attacker on the in-band wireless channel and an OOB channel that provides some inherent protection for the confidentiality and/or integrity of the data exchanged over it.…”

Section: Device Pairing and Relay Attackmentioning

confidence: 99%

Misbinding Attacks on Secure Device Pairing and Bootstrapping

Sethi

Peltonen

Aura

2019

Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

In identity misbinding attacks against authenticated key-exchange protocols, a legitimate but compromised participant manipulates the honest parties so that the victim becomes unknowingly associated with a third party. These attacks are well known, and resistance to misbinding is considered a critical requirement for security protocols on the Internet. In the context of device pairing, on the other hand, the attack has received little attention outside the trusted-computing community. This paper points out that most device pairing protocols are vulnerable to misbinding. Device pairing protocols are characterized by lack of a-priory information, such as identifiers and cryptographic roots of trust, about the other endpoint. Therefore, the devices in pairing protocols need to be identified by the user's physical access to them. As case studies for demonstrating the misbinding vulnerability, we use Bluetooth and a protocol that registers new IoT devices to authentication servers on wireless networks. We have implemented the attacks. We also show how the attacks can be found in formal models of the protocols with carefully formulated correspondence assertions. The formal analysis yields a new type of double misbinding attack. While pairing protocols have been extensively modelled and analyzed, misbinding seems to be an aspect that has not previously received sufficient attention. Finally, we discuss potential ways to mitigate the threat and its significance to security of pairing protocols. CCS CONCEPTS• Security and privacy → Systems security; Network security; Formal methods and theory of security; • Networks → Network protocol design.

show abstract

“…In this section, we analyze the security properties and the efficiency of the NC protocol and the OOB protocol in Bluetooth standard v5.0 by contrast to three related SSP protocols [ 12 , 13 , 23 ].…”

Section: Comparison Analysis Of Related Protocolsmentioning

confidence: 99%

“…The improved NC protocol proposed by Yeh et al [ 23 ] uses PIN number instead of confirming the displayed numbers to prevent MITM attacks. The improved NC protocol proposed by Gajbhiye et al [ 12 ] uses the signature mechanism to confirm the pairing devices. The SSP protocol with delayed-encrypted IO (SSP-DEIO) proposed by Gajbhiye et al [ 13 ] delays the exchange of encrypted IO capability until Phase 2 to overcome from the problem of capturing the IO capability of the pairing devices.…”

Section: Comparison Analysis Of Related Protocolsmentioning

confidence: 99%

“…Albahar et al [ 11 ] enhanced the JW protocol to prevent MITM attacks by adding a question and answer phase to ask both Bluetooth devices about IO capabilities. Gajbhiye et al [ 12 , 13 ] overviewed security issues that may result in MITM attacks on Bluetooth devices and improved SSP with the delayed-encrypted input-output mechanism to defeat MITM attacks. In addition, they also gave the simulation and the security analysis of the NC protocol.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On Secure Simple Pairing in Bluetooth Standard v5.0-Part I: Authenticated Link Key Security and Its Home Automation and Entertainment Applications

Sun

2019

Sensors

View full text Add to dashboard Cite

Bluetooth is an important technical standard for short-range and low-power wireless communication. The home automation and entertainment (HAE) systems often make use of Bluetooth technology to link different Bluetooth devices and form Bluetooth networks. The security concerns of the HAE systems are raised due to massive deployment of the Bluetooth devices. The Bluetooth standard mainly depends on the secure simple pairing (SSP) solution to protect the Bluetooth devices. Hence, we investigate the SSP solution according to the Bluetooth standard v5.0. The contributions are threefold. (1) A formal security model is proposed to evaluate SSP’s association models and authenticated link key. (2) We formally analyze two SSP protocols and present the security requirements for basic cryptographic modules in these SSP protocols. (3) We discuss the typical SSP applications in the HAE systems. Our results are useful to not only evaluating and designing the SSP protocols but also enhancing the security of the HAE systems in which the Bluetooth access is available.

show abstract

Design, implementation and security analysis of Bluetooth pairing protocol in NS2

Cited by 5 publications

References 3 publications

Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5.0 and its countermeasure

Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5.0 and its countermeasure

Misbinding Attacks on Secure Device Pairing and Bootstrapping

On Secure Simple Pairing in Bluetooth Standard v5.0-Part I: Authenticated Link Key Security and Its Home Automation and Entertainment Applications

Contact Info

Product

Resources

About