An enhanced method for the existing Bluetooth pairing protocol to avoid impersonation attacks
As the use of the Bluetooth technology in wireless technologies such as computers, cell phones, personal digital assistants (PDAs), printers, digital cameras, PC peripherals, and headphones, among others, has enormously increased during this decade, it has also increased the need of employing a more secure and robust pairing protocol that protects the transfer of information between Bluetooth devices. ^ The existing Bluetooth pairing protocol starts when a Bluetooth device is set to be in discoverable mode and it is found by another device. After this step is completed, it initiates the pairing procedure by sharing some important device information, then by connecting to the other device and exchanging several link keys, and finally, by authenticating the connecting device in order to make sure is a trusted peer. However, through this document it is shown that this existing Bluetooth pairing protocol has still some security flaws that have caused impersonation attacks. ^ The impersonation attack is a big concern in Bluetooth security due that, in most of the cases, it directly allows the access to relevant information, such as private, confidential or even classified, and this attack is reached just by creating a connection which is fully formed from a Bluetooth pairing with a false device credentials. ^ Due to the concern for this type of attack, this document focuses on the implementation of an additional step on the existing Bluetooth pairing and authentication process, which enhances the Bluetooth security and also avoids the impersonation attack. This additional step was added just after the final authentication stage that a Bluetooth device commonly performs, and it is based on the use of Digital Certificates and a Certificate Authority in order to ensure that the identity of the connecting device can be trusted. Moreover, this additional authentication method is also based on three security levels, which are divided by the type of device to be connected, the application of this Bluetooth device, and the capabilities to connect to internet in order to verify the Digital Certificate that is going to be used for authentication. ^
Engineering, Electronics and Electrical
Mendoza, Patricia A, "An enhanced method for the existing Bluetooth pairing protocol to avoid impersonation attacks" (2009). ETD Collection for University of Texas, El Paso. AAI1468953.