Security and Privacy Protection for Bluetooth

• Main Authors: Jian-Ren Peng, 彭建仁
• Other Authors: Tzu-Chang Yeh
• Format: Others
• Language: zh-TW
• Published: 2008
• Online Access: http://ndltd.ncl.edu.tw/handle/65814659365191496151

碩士 === 明新科技大學 === 資訊管理研究所 === 96 === Bluetooth, a short range wireless communication standard, has made possible a number of digital devices totally free from being bonded to wires and cables. It’s application which used to serve mostly cell phones and headsets has widely extended to PCs and PDAs. Given the data transferred has come to a greater degree of sensitivity, security issues involving Bluetooth transmission have raised many concerns. However, during the authentication and key exchange process of Bluetooth communication, a lot of information is transferred in plaintext, which allows a malicious third party to spoof the legal Bluetooth device to make it through the authentication, or to deduce the encryption key to eavesdrop the transferring data. The revised version of standard, Bluetooth V2.1, came forth in 2007 with a new security mechanism, Secure Simple Pairing, which seemly eradicated the problems legacy pairing had missed out such as spoofing attacks and eavesdropping attacks. However, as authentication is done by visual confirming on displayed 6-digit numbers to avoid man-in-the-middle attacks, there are quite a few instances of user error that will result in security and privacy breaches. This paper will introduce and analyze the security mechanism of Bluetooth first, then discuss the security drawbacks on this mechanism, and finally an improved scheme is proposed that could be applied in high security demanding applications.