Abstract
Despite many good (secure) key agreement protocols based on public-key cryptography exist, secure associations between two wireless devices are often established using symmetric-key cryptography for cost reasons. The consequence is that common daily used security protocols such as Bluetooth pairing are insecure in the sense that an adversary can easily extract the main private key from the protocol communications. Nevertheless, we show that a feature in the Bluetooth standard provides a pragmatic and costless protocol that can eventually repair privateless associations, thanks to mobility. This proves (in the random oracle model) the pragmatic security of the Bluetooth pairing protocol when repairing is used.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Specification of the Bluetooth System. Core System Package. Bluetooth Specification version 1.2 vol. 2 (2003)
Specification of the Bluetooth System. Bluetooth Specification version 2.0 (2004)
Abdalla, M., Chevassut, O., Pointcheval, D.: One-time verifier-based encrypted key exchange. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 47–64. Springer, Heidelberg (2005)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution: the Three Party Case. In: Proceedings of the 27th ACM Symposium on Theory of Computing, Las Vegas, Nevada,U.S.A, pp. 57–66. ACM Press, New York (1995)
Bellare, M., Rogaway, P.: The AuthA Protocol for Password-Based Authenticated Key Exchange. In: Contribution to the IEEE P1363 study group for Future PKC Standards (2002), Available from http://grouper.ieee.org/groups/1363/
Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: IEEE symposium on Research in Security and Privacy, Oakland, California, USA, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)
Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and reduced SHA-1. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)
Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
ÄŒagalj, M., ÄŒapkun, S., Hubaux, J.-P.: Key Agreement in Peer-to-Peer Wireless Networks. The Proceedings of the IEEE, late (2005) (to appear)
Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22, 644–654 (1976)
Gehrmann, C., Mitchell, C., Nyberg, K.: Manual Authentication for Wireless Devices. RSA Cryptobytes 7, 29–37 (2004)
Gehrmann, C., Nyberg, K.: Security in Personal Area Networks. In: Mitchell, C. (ed.) Security for Mobility, pp. 191–230. IEE (2004)
Hoepman, J.-H.: The ephemeral pairing problem. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 212–226. Springer, Heidelberg (2004)
Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)
Jakobsson, M., Wetzel, S.: Security weaknesses in bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 176–191. Springer, Heidelberg (2001)
MacKenzie, P.: The PAK Suite: Protocols for Password-Authenticated Key Exchange. Technical report No. 2002-46. DIMACS Center, Rutgers University (2002), Available from http://dimacs.rutgers.edu/TechnicalReports/abstracts/2002/2002-46.html
Merkle, R.C.: Secure Communications over Insecure Channels. Communication of the ACM 21, 294–299 (1978)
Pasini, S., Vaudenay, S.: An optimal non-interactive message authentication protocol. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 280–294. Springer, Heidelberg (2006)
Rivest, R.L.: The MD5 Message Digest Algorithm. RFCÂ 1321 (1992)
Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)
Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis for Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)
Wang, X., Yu, H., Yin, Y.L.: Efficient collision search attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Wu, T.: The Secure Remote Password Protocol. In: Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pp. 97–111. The Internet Society, San Diego (1998)
Wu, T.: The SRP Authentication and Key Exchange System. In: RFCÂ 2945 standard track, The Internet Society, San Diego (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vaudenay, S. (2005). On Bluetooth Repairing: Key Agreement Based on Symmetric-Key Cryptography. In: Feng, D., Lin, D., Yung, M. (eds) Information Security and Cryptology. CISC 2005. Lecture Notes in Computer Science, vol 3822. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599548_1
Download citation
DOI: https://doi.org/10.1007/11599548_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30855-3
Online ISBN: 978-3-540-32424-9
eBook Packages: Computer ScienceComputer Science (R0)