Skip to main content
placeholder image

Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5.0 and its countermeasure

Journal Article


Abstract


  • Bluetooth devices are widely employed in the home network systems. It is important to secure the home members’ Bluetooth devices, because they always store and transmit personal sensitive information. In the Bluetooth standard, Secure Simple Pairing (SSP) is an essential security mechanism for Bluetooth devices. We examine the security of SSP in the recent Bluetooth standard V5.0. The passkey entry association model in SSP is analyzed under the man-in-the-middle (MITM) attacks. Our contribution is twofold. (1) We demonstrate that the passkey entry association model is vulnerable to the MITM attack, once the host reuses the passkey. (2) An improved passkey entry protocol is therefore designed to fix the reusing passkey defect in the passkey entry association model. The improved passkey entry protocol can be easily adapted to the Bluetooth standard, because it only uses the basic cryptographic components existed in the Bluetooth standard. Our research results are beneficial to the security enhancement of Bluetooth devices in the home network systems.

Authors


  •   Sun, Da-Zhi (external author)
  •   Mu, Yi (external author)
  •   Susilo, Willy

Publication Date


  • 2018

Citation


  • Sun, D., Mu, Y. & Susilo, W. (2018). Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5.0 and its countermeasure. Personal and Ubiquitous Computing, 22 (1), 55-67.

Scopus Eid


  • 2-s2.0-85029906342

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers1/705

Number Of Pages


  • 12

Start Page


  • 55

End Page


  • 67

Volume


  • 22

Issue


  • 1

Place Of Publication


  • United Kingdom

Abstract


  • Bluetooth devices are widely employed in the home network systems. It is important to secure the home members’ Bluetooth devices, because they always store and transmit personal sensitive information. In the Bluetooth standard, Secure Simple Pairing (SSP) is an essential security mechanism for Bluetooth devices. We examine the security of SSP in the recent Bluetooth standard V5.0. The passkey entry association model in SSP is analyzed under the man-in-the-middle (MITM) attacks. Our contribution is twofold. (1) We demonstrate that the passkey entry association model is vulnerable to the MITM attack, once the host reuses the passkey. (2) An improved passkey entry protocol is therefore designed to fix the reusing passkey defect in the passkey entry association model. The improved passkey entry protocol can be easily adapted to the Bluetooth standard, because it only uses the basic cryptographic components existed in the Bluetooth standard. Our research results are beneficial to the security enhancement of Bluetooth devices in the home network systems.

Authors


  •   Sun, Da-Zhi (external author)
  •   Mu, Yi (external author)
  •   Susilo, Willy

Publication Date


  • 2018

Citation


  • Sun, D., Mu, Y. & Susilo, W. (2018). Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5.0 and its countermeasure. Personal and Ubiquitous Computing, 22 (1), 55-67.

Scopus Eid


  • 2-s2.0-85029906342

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers1/705

Number Of Pages


  • 12

Start Page


  • 55

End Page


  • 67

Volume


  • 22

Issue


  • 1

Place Of Publication


  • United Kingdom