A Novel Bluetooth Man-In-The-Middle Attack Based On SSP using OOB Association model

As an interconnection technology, Bluetooth has to address all traditional security problems, well known from the distributed networks. Moreover, as Bluetooth networks are formed by the radio links, there are also additional security aspects whose impact is yet not well understood. In this paper, we propose a novel Man-In-The-Middle (MITM) attack against Bluetooth enabled mobile phone that support Simple Secure Pairing(SSP). From the literature it was proved that the SSP association models such as Numeric comparison, Just works and passkey Entry are not more secure. Here we propose the Out Of Band (OOB) channeling with enhanced security than the previous methods.

[1]  K. Hypponen,et al.  Man-In-The-Middle attacks on bluetooth: a comparative analysis, a novel attack, and countermeasures , 2008, 2008 3rd International Symposium on Communications, Control and Signal Processing.

[2]  Markus Jakobsson,et al.  Security Weaknesses in Bluetooth , 2001, CT-RSA.

[3]  William Stallings,et al.  Cryptography and network security , 1998 .

[4]  Dennis Kügler,et al.  "Man in the Middle" Attacks on Bluetooth , 2003, Financial Cryptography.

[5]  K. Hypponen,et al.  “Nino” man-in-the-middle attack on bluetooth secure simple pairing , 2007, 2007 3rd IEEE/IFIP International Conference in Central Asia on Internet.

[6]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[7]  Keijo Haataja New practical attack against Bluetooth security using efficient implementations of security analysis tools , 2007 .