Security analysis of Bluetooth Secure Simple Pairing protocols with extended threat model. (February 2023)
- Record Type:
- Journal Article
- Title:
- Security analysis of Bluetooth Secure Simple Pairing protocols with extended threat model. (February 2023)
- Main Title:
- Security analysis of Bluetooth Secure Simple Pairing protocols with extended threat model
- Authors:
- Yin, Haotian
- Abstract:
- Abstract: Today, Bluetooth technology has become the primary means of short-distance. In the Bluetooth protocol stack, the Secure Simple Pairing (SSP) specifies three methods to provide authentication, Out-of-Band, Numeric Comparison, and Passkey Entry. All three schemes require extra or additional channel assistance in addition to the Bluetooth wireless channel during the authentication process. At the same time, attacks against the Bluetooth pairing protocol have gradually increased, and some attacks (e.g., Tap'n Ghost) targeting those extra channels have attracted the attention of the Bluetooth Association. Current attacks place new demands on Bluetooth SSP security and thus require new models to formalize these threats. Troncoso and Hale proposed the CYBORG model to address this challenge by modeling the channel between users and devices in detail and defining rich attacker capabilities and freshness rules. They also proposed an improved Passkey Entry protocol, Dual-Passkey Entry. However, the CYBORG model does not cover current attacks and threats as they claim, and it only focused on the Passkey Entry protocol. We formalized the threat models to clarify and bridge the gaps in the protocol design and practical requirements of the original CYBORG model. Attackers of Confidential- and Authenticated-extra channels are designed to deal with the settings in threats and protocol requirements. The analysis results show weaknesses and insecurities of SSP protocols. GraphicalAbstract: Today, Bluetooth technology has become the primary means of short-distance. In the Bluetooth protocol stack, the Secure Simple Pairing (SSP) specifies three methods to provide authentication, Out-of-Band, Numeric Comparison, and Passkey Entry. All three schemes require extra or additional channel assistance in addition to the Bluetooth wireless channel during the authentication process. At the same time, attacks against the Bluetooth pairing protocol have gradually increased, and some attacks (e.g., Tap'n Ghost) targeting those extra channels have attracted the attention of the Bluetooth Association. Current attacks place new demands on Bluetooth SSP security and thus require new models to formalize these threats. Troncoso and Hale proposed the CYBORG model to address this challenge by modeling the channel between users and devices in detail and defining rich attacker capabilities and freshness rules. They also proposed an improved Passkey Entry protocol, Dual-Passkey Entry. However, the CYBORG model does not cover current attacks and threats as they claim, and it only focused on the Passkey Entry protocol. We formalized the threat models to clarify and bridge the gaps in the protocol design and practical requirements of the original CYBORG model. Attackers of Confidential- and Authenticated-extra channels are designed to deal with the settings in threats and protocol requirements. The analysis results show weaknesses and insecurities of SSP protocols. Graphical abstract: Highlights: We extracted the most potent attack model from the original CYBORG model. We defined attackers against authenticated-extra channels. We designed a new security model for pairing protocols. We performed security analyses on Bluetooth SSP, and they had some weaknesses. … (more)
- Is Part Of:
- Journal of information security and applications. Volume 72(2023)
- Journal:
- Journal of information security and applications
- Issue:
- Volume 72(2023)
- Issue Display:
- Volume 72, Issue 2023 (2023)
- Year:
- 2023
- Volume:
- 72
- Issue:
- 2023
- Issue Sort Value:
- 2023-0072-2023-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-02
- Subjects:
- Bluetooth -- Authentication -- Secure Simple Pairing -- Security model -- Out of band channel
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.jisa.2022.103385 ↗
- Languages:
- English
- ISSNs:
- 2214-2126
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 25621.xml