Improved Pairing Protocol for Bluetooth

  • Dave Singelée
  • Bart Preneel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4104)


The Bluetooth wireless technology realizes a low-cost short-range wireless voice- and data-connection through radio propagation. Bluetooth also has a security architecture. In this paper, we focus on the key agreement protocol, which is the most critical part of this security architecture. Several security flaws have been identified within the Bluetooth protocols: an attacker can track users by monitoring the Bluetooth hardware address, all keys depend on a low-entropy shared secret (the PIN), there are some very easy to perform Denial of Service attacks. We propose a new initialization mechanism for the key agreement protocol of Bluetooth. This improved pairing protocol can be easily extended so that it will not only solve the dependency of the keys on the PIN, but also the location privacy problem and an important Denial of Service attack. Our solution is user friendly and energy-efficient, two essential features for Wireless Personal Area Networks (WPAN).


Bluetooth security pairing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bluetooth Special Interest Group,
  2. 2.
    IEEE 802.15, the Wireless Personal Area Network Working Group,
  3. 3.
    Haartsen, J., Naghshineh, M., Inouye, J., Joeressen, O., Allen, W.: Bluetooth: Visions, Goals and Architecture. In: ACM Mobile Computing and Communications Review, pp. 38–45 (1998)Google Scholar
  4. 4.
    Bluetooth Specification,
  5. 5.
    Lamm, G., Falauto, G., Estrada, J., Gadiyaram, J.: Security Attacks against Bluetooth Wireless Networks. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, U.S. Military Academy, West Point, NY, pp. 265–272 (June 2001)Google Scholar
  6. 6.
    Singelée, D., Preneel, B.: Security Overview of Bluetooth. COSIC Internal Report (2004)Google Scholar
  7. 7.
    Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, p. 176. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    DEF CON. Computer Underground Hackers Convention,
  9. 9.
    Cheung, H.: The Bluesniper Rifle, 2004. http://www.tomsnetworking. com/Sections-article106.php.
  10. 10.
    Shaked, Y., Wool, A.: Cracking the Bluetooth PIN. In: Proceedings of the 3rd International Conference on Mobile Systems, Applications, and Services (MobiSys 2005), pp. 39–50. ACM, New York (2005)CrossRefGoogle Scholar
  11. 11.
    Hodjat, A., Verbauwhede, I.: The Energy Cost of Secrets in Ad–Hoc Networks. In: Proceedings of the IEEE Workshop on Wireless Communications and Networking (CAS 2002) (2002)Google Scholar
  12. 12.
    Candolin, C.: Security Issues for Wearable Computing and Bluetooth Technology (2000),
  13. 13.
    De Cannière, C., Johansson, T., Preneel, B.: Cryptanalysis of the Bluetooth Stream Cipher. In: COSIC Internal Report (2001)Google Scholar
  14. 14.
    Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Fluhrer, S.R., Lucks, S.: Analysis of the E0 Encryption System. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 38–48. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Golić, J.D., Bagini, V., Morgari, G.: Linear Cryptanalysis of Bluetooth Stream Cipher. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 238–255. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Hermelin, M., Nyberg, K.: Correlation Properties of the Bluetooth Combiner Generator. In: Song, J.S. (ed.) ICISC 1999. LNCS, vol. 1787, pp. 17–29. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  18. 18.
    Armknecht, F., Lano, J., Preneel, B.: Extending the Resynchronization Attack. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 19–38. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Lu, Y., Meier, W., Vaudenay, S.: The Conditional Correlation Attack: A Practical Attack on Bluetooth Encryption. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 97–117. Springer, Heidelberg (2005)Google Scholar
  20. 20.
    Hoepman, J.-H.: The Ephemeral Pairing Problem. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 212–226. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Hoepman, J.H.: Ephemeral Pairing on Anonymous Networks. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 101–116. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Menezes, A.J.: Elliptic Curve Public Key Cryptosystems. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  23. 23.
    Gehrmann, C., Nyberg, K.: Security in Personal Area Networks. In: Security for Mobility, pp. 191–230. IEEE, Los Alamitos (2004)Google Scholar
  24. 24.
    Gehrmann, C., Mitchell, C., Nyberg, K.: Manual Authentication for Wireless Devices. RSA Cryptobytes 7(1), 29–37 (2004)Google Scholar
  25. 25.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar
  26. 26.
    New European Schemes for Signatures, Integrity, and Encryption,
  27. 27.
    Potlapally, N., Ravi, S., Raghunathan, A., Jha, N.: Analyzing the Energy Consumption of Security Protocols. In: Proceedings of the 2003 International Symposium on Low Power Electronics and Design (ISLPED 2003), pp. 30–35. ACM, New York (2003)CrossRefGoogle Scholar
  28. 28.
    Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory, 644–654 (1976)Google Scholar
  29. 29.
    National Security Agency. The Case for Elliptic Curve Cryptography,
  30. 30.
    Balfanz, D., Smetters, D., Stewart, P., Wong, H.: Talking to Strangers: Authentication in Adhoc Wireless Networks. In: Proceedings of the Network and Distributed System Security Symposium (NDSS 2002), The Internet Society (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Dave Singelée
    • 1
  • Bart Preneel
    • 1
  1. 1.ESAT-COSICK.U. LeuvenBelgium

Personalised recommendations