Browse > Article
http://dx.doi.org/10.3745/KTCCS.2016.5.12.481

MITM Attack on Bluetooth Pairing in Passkey Entry Mode and Its Countermeasure  

Lee, Jearyong (고려대학교 정보보호대학원 금융보안학과)
Choi, Wonsuk (고려대학교 정보보호대학원 정보보호학과)
Lee, DongHoon (고려대학교 정보보호대학원)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.5, no.12, 2016 , pp. 481-490 More about this Journal
Abstract
Bluetooth utilizes a symmetric key that is exchanged at the first pairing to establish a secure channel. There are four authentication modes which enables device authentication, Just work, Passkey Entry, Out of Band, and Numeric Comparison. Up to now, Just work has been considered as the authentication mode that is vulnerable to Man-In-The-Middle (MITM) Attack. In addition, it is possible to intentionally change any authentication mode to Just work mode, in order to succeed in MITM Attack under Just work mode. However, this kind of attacks have just worked under the assumption that users should not notice that authentication mode was changed. In this paper, We analyze the specification of Secure Simple Pairing, LE Legacy Pairing and LE Secure Connection Pairing. When using Passkey Entry mode on each approach, it seems the MITM attack is possible. Also it offers Passkey Entry MITM attack that does not require assumptions about the user's fault, because it isn't change verification process of the authentication mode unlike traditional attacks. We implement the proposed MITM attacks. Also we presents a scenario in which an attack can be exploited and a countermeasure.
Keywords
Bluetooth; Pairing; Passkey Entry; MITM; IO Capability Exchange;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Wikipedia, Bluetooth [Internet], https://en.wikipedia.org/wiki/Bluetooth.
2 Tae-ho Kim, iot-wi-fi-bluetooth-z-wave [Internet], http://goodnirvana.blogspot.kr/2015/09/iot-wi-fi-bluetooth-z-wave.html.
3 Nextdaily, Bluetooth 4.0 [Internet], http://www.nextdaily.co.kr/news/article.html?id=20100616800003.
4 Bluetooth SIG Proprietary, BLUETOOTH SPECIFICATION Version 4.2, Vol.1, Part A, p.85, 2014.
5 Bluetooth SIG Proprietary, BLUETOOTH SPECIFICATION Version 4.2, Vol.1, Part A, pp.88-89, 2014.
6 Haataja, Keijo, and Pekka Toivanen, "Two practical man-in-the-middle attacks on bluetooth secure simple pairing and countermeasures," IEEE Transactions on Wireless Communications, Vol.9, Iss.1, pp.384-392, 2010.   DOI
7 Haataja Keijo, and Pekka Toivanen, "Practical man-in-themiddle attacks against bluetooth secure simple pairing," 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing, IEEE, 2008.
8 Dong-Hoon Lee, "A First Course in Modern Cryptography," seoul: Irun Inc., pp.450-452, 2012.
9 John Hering, blue snifer rifle [Internet], http://www.smallnetbuilder.com/wireless/wireless-howto/24256-howtobluesniperpt1.
10 Bluetooth Special Interest Group (SIG), Official Linux Bluetooth protocol stack [Internet], http://www.bluez.org/.
11 Barnickel, Johannes, Jian Wang, and Ulrike Meyer. "Implementing an attack on bluetooth 2.1+ secure simple pairing in passkey entry mode," 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE, 2012.