Cryptography Reference
In-Depth Information
Human user
SECURE
SECURE
Device A
Radio link
Device B
Figure 5.10.
Bluetooth pairing.
random values and their addresses and deduce a combination key which is the XOR
of both LK K keys. This combination key serves as the link key. The overall (typical)
pairing protocol is depicted in Fig. 5.11. If one device has low memory capabilities, it
uses its unit key which is generated once for all as a link key and sends its XOR with
the initialization key to the other device which deduces it (see Fig. 5.12).
Obviously, if an adversary listens to the communication in the pairing and authen-
tication protocols and if the PIN code can be found by exhaustive search, then she can
easily recover the link key. Since the whole security infrastructure is built on the con-
fidentiality of the link key, security is void in this case. However, peer authentication
and key establishment is safe assuming that the pairing is run through a confidential
channel.
Like in GSM, once the setup phase is complete, confidentiality is ensured. A clock-
based stream cipher protects against attempts to delay, swap, or replay a frame, but not
Master
A
Slave
B
user inputs PIN code
pick IN RAND
IN RAND
−−−−−−−−−−−−−−−−−−−→
user inputs PIN code
K
init
=
E22
(
IN RAND
,
PIN
)
K
init
=
E22
(
IN RAND
,
PIN
)
pick LK RAND
A
pick LK RAND
B
C
A
=
LK RAND
A
⊕
K
init
C
B
=
LK RAND
B
⊕
K
init
C
A
−−−−−−−−−−−−−−−−−−−→
C
B
←−−−−−−−−−−−−−−−−−−−
LK RAND
B
=
C
B
⊕
K
init
LK RAND
A
=
C
A
⊕
K
init
compute LK K
A
,
LK K
B
,
K
compute LK K
A
,
LK K
B
,
K
⎛
⎝
⎞
⎠
LK K
A
=
E21
(
LK RAND
A
,
BD ADDR
A
)
LK K
B
=
E21
(
LK RAND
B
,
BD ADDR
B
)
K
=
LK K
A
⊕
LK K
B
Figure 5.11.
A typical pairing protocol in bluetooth.
Search WWH ::
Custom Search