Two practical man-in-the-middle attacks on Bluetooth secure simple pairing and countermeasures

We propose two new Man-In-The-Middle (MITM) attacks on Bluetooth Secure Simple Pairing (SSP). The attacks are based on the falsification of information sent during the input/output capabilities exchange and also the fact that the security of the protocol is likely to be limited by the capabilities of the least powerful or the least secure device type. In addition, we devise countermeasures that render the attacks impractical, as well as improvements to the existing Bluetooth SSP in order to make it more secure. Moreover, we provide a comparative analysis of the existing MITM attacks on Bluetooth.

[1]  Keijo Haataja,et al.  Security Threats and Countermeasures in Bluetooth-Enabled Systems , 2009 .

[2]  Oktay Üreten,et al.  Bayesian detection of radio transmitter turn-on transients , 1999, NSIP.

[3]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[4]  Damon McCoy,et al.  Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting , 2006, USENIX Security Symposium.

[5]  Michel Barbeau,et al.  Detecting Impersonation Attacks in Future Wireless and Mobile Networks , 2005, MADNES.

[6]  Oktay Ureten,et al.  Wireless security through RF fingerprinting , 2007, Canadian Journal of Electrical and Computer Engineering.

[7]  K. Haataja,et al.  Practical Man-in-the-Middle Attacks Against Bluetooth Secure Simple Pairing , 2008, 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing.

[8]  K. Hypponen,et al.  Man-In-The-Middle attacks on bluetooth: a comparative analysis, a novel attack, and countermeasures , 2008, 2008 3rd International Symposium on Communications, Control and Signal Processing.

[9]  Markus Jakobsson,et al.  Security Weaknesses in Bluetooth , 2001, CT-RSA.

[10]  Keijo Haataja New efficient intrusion detection and prevention system for Bluetooth networks , 2008, MOBILWARE.

[11]  K. Hypponen,et al.  “Nino” man-in-the-middle attack on bluetooth secure simple pairing , 2007, 2007 3rd IEEE/IFIP International Conference in Central Asia on Internet.

[12]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[13]  Michel Barbeau,et al.  Detecting rogue devices in bluetooth networks using radio frequency fingerprinting , 2006, Communications and Computer Networks.

[14]  Andrea Bittau,et al.  BlueSniff: Eve Meets Alice and Bluetooth , 2007, WOOT.

[15]  Dennis Kügler,et al.  "Man in the Middle" Attacks on Bluetooth , 2003, Financial Cryptography.

[16]  M. Ufuk Çaglayan,et al.  Relay Attacks on Bluetooth Authentication and Solutions , 2004, ISCIS.

[17]  N. Asokan,et al.  Security Associations in Personal Networks: A Comparative Analysis , 2007, ESAS.