Paper 2019/933

Low Entropy Key Negotiation Attacks on Bluetooth and Bluetooth Low Energy

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen

Abstract

The specification of Bluetooth and Bluetooth Low Energy includes dedicated encryption key negotiation protocols used by two parties to agree on the entropy of encryption keys. In this work, we show that an attacker can manipulate the entropy negotiation of Bluetooth and Bluetooth Low Energy to drastically reduce the encryption key space. We call our attack the Key Negotiation Of Bluetooth (KNOB) attack. In the case of Bluetooth, we demonstrate that the entropy can be reduced from 16 to 1 Byte. Such low entropy enables the attacker to easily brute force the negotiated encryption keys, decrypt the eavesdropped ciphertext, and inject valid encrypted messages in real-time. For Bluetooth Low Energy, we show that the entropy can still be downgraded from 16 to 7 Bytes, which reduces the attacker's effort to brute force the keys. We implement and evaluate the KNOB attack on 17 Bluetooth chips (e.g., Intel Broadcom, Apple, and Qualcomm) and 15 Bluetooth Low Energy devices (e.g., Lenovo, Garmin, Samsung, Xiaomi, and Fitbit). Our results demonstrate that all tested devices are vulnerable to the KNOB attack. We discuss legacy and non-legacy compliant countermeasures to neutralize or mitigate the KNOB attack.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
BluetoothBLE
Contact author(s)
antonioli daniele @ gmail com
tippenhauer @ cispa saarland
kasper rasmussen @ cs ox ac uk
History
2019-08-18: received
Short URL
https://ia.cr/2019/933
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/933,
      author = {Daniele Antonioli and Nils Ole Tippenhauer and Kasper Rasmussen},
      title = {Low Entropy Key Negotiation Attacks on Bluetooth and Bluetooth Low Energy},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/933},
      year = {2019},
      url = {https://eprint.iacr.org/2019/933}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.