Paper 2021/1597

Cryptographic Analysis of the Bluetooth Secure Connection Protocol Suite

Marc Fischlin, Technische Universität Darmstadt
Olga Sanina, Technische Universität Darmstadt
Abstract

We give a cryptographic analysis of the Bluetooth Secure Connections Protocol Suite. Bluetooth supports several subprotocols, such as Numeric Comparison, Passkey Entry, and Just Works, in order to match the devices' different input/output capabilities. Previous analyses (e.g., Lindell, CT-RSA'09, or Troncoso and Hale, NDSS'21) often considered (and confirmed) the security of single subprotocols only. Recent practically verified attacks, however, such as the Method Confusion Attack (von Tschirschnitz et al., S&P'21) against Bluetooth's authentication and key secrecy property, often exploit the bad interplay of different subprotocols. Even worse, some of these attacks demonstrate that one cannot prove the Bluetooth protocol suite to be a secure authenticated key exchange protocol. We therefore aim at the best we can hope for and show that the protocol still matches the common key secrecy requirements of a key exchange protocol if one assumes a trust-on-first-use (TOFU) relationship. This means that the adversary needs to mount an active attack during the initial connection, otherwise the subsequent reconnections remain secure. Investigating the cryptographic strength of the Bluetooth protocol, we also look into the privacy mechanism of address randomization in Bluetooth (which is only available in the Low Energy version). We show that the cryptography indeed provides a decent level of address privacy, although this does not rule out identification of devices via other means, such as physical characteristics.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A minor revision of an IACR publication in ASIACRYPT 2021
DOI
10.1007/978-3-030-92075-3_24
Keywords
BluetoothKey ExchangeTrust On First Use (TOFU)PrivacySecure Connections
Contact author(s)
marc fischlin @ cryptoplexity de
olga sanina @ cryptoplexity de
History
2024-08-15: revised
2021-12-09: received
See all versions
Short URL
https://ia.cr/2021/1597
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1597,
      author = {Marc Fischlin and Olga Sanina},
      title = {Cryptographic Analysis of the Bluetooth Secure Connection Protocol Suite},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1597},
      year = {2021},
      doi = {10.1007/978-3-030-92075-3_24},
      url = {https://eprint.iacr.org/2021/1597}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.