Comparison-Based Key Exchange and the Security of the Numeric Comparison Mode in Bluetooth v2.1

Lindell, Andrew Y.

doi:10.1007/978-3-642-00862-7_5

Comparison-Based Key Exchange and the Security of the Numeric Comparison Mode in Bluetooth v2.1

Andrew Y. Lindell¹⁷

Conference paper

1292 Accesses
16 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5473))

Abstract

In this paper we study key exchange protocols in a model where the key exchange takes place between devices with limited displays that can be compared by a human user. If the devices display the same value then the human user is convinced that the key exchange terminated successfully and securely, and if they do not then the user knows that it came under attack. The main result of this paper is a rigorous proof that the numeric comparison mode for device pairing in Bluetooth version 2.1 is secure, under appropriate assumptions regarding the cryptographic functions used. Our proof is in the standard model and in particular does not model any of the functions as random oracles. In order to prove our main result, we present formal definitions for key exchange in this model and show our definition to be equivalent to a simpler definition. This is a useful result of independent interest that facilitates an easier security analysis of protocols in this model.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Specification of the Bluetooth system. Covered Core Package version 2.1 + EDR (July 26, 2007)
Google Scholar
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Chapter Google Scholar
Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Chapter Google Scholar
Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution: the Three Party Case. In: The 27th STOC 1995, pp. 57–66 (1995)
Google Scholar
Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Chapter Google Scholar
Di Crescenzo, G., Katz, J., Ostrovsky, R., Smith, A.: Efficient and Non-interactive Non-malleable Commitment. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 40–59. Springer, Heidelberg (2001)
Chapter Google Scholar
Di Crescenzo, G., Ishai, Y., Ostrovsky, R.: Non-Interactive and Non-Malleable Commitment. In: 30th STOC, pp. 141–150 (1998)
Google Scholar
Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22, 644–654 (1976)
Google Scholar
Dolev, D., Dwork, C., Naor, M.: Non-Malleable Cryptography. SIAM Journal on Computing 30(2), 391–437 (2000)
Article MathSciNet MATH Google Scholar
Gehrmann, C., Mitchell, C., Nyberg, K.: Manual Authentication for Wireless Devices. RSA Cryptobytes 7, 29–37 (2004)
Google Scholar
Hoepman, J.H.: The ephemeral pairing problem. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 212–226. Springer, Heidelberg (2004)
Chapter Google Scholar
Hoepman, J.H.: Ephemeral Pairing on Anonymous Networks. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 101–116. Springer, Heidelberg (2005)
Chapter Google Scholar
Laur, S., Nyberg, K.: Efficient Mutual Data Authentication Using Manually Authenticated Strings. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 90–107. Springer, Heidelberg (2006)
Chapter Google Scholar
Lindell, Y.: Comparison-Based Key Exchange and the Security of the Numeric Comparison Mode in Bluetooth v2.1 (full version). ePrint Cryptology Archive, Report 2009/013 (2009)
Google Scholar
Naor, M., Segev, G., Smith, A.: Tight Bounds for Unconditional Authentication Protocols in the Manual Channel and Shared Key Models. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 214–231. Springer, Heidelberg (2006)
Chapter Google Scholar
Vaudenay, S.: Secure Communications over Insecure Channels Based on Short Authenticated Strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Aladdin Knowledge Systems and Bar-Ilan University, Israel
Andrew Y. Lindell

Authors

Andrew Y. Lindell
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Theoretical Computer Science, TU Darmstadt, Hochschulstrasse 10, 64289, Darmstadt, Germany
Marc Fischlin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Lindell, A.Y. (2009). Comparison-Based Key Exchange and the Security of the Numeric Comparison Mode in Bluetooth v2.1. In: Fischlin, M. (eds) Topics in Cryptology – CT-RSA 2009. CT-RSA 2009. Lecture Notes in Computer Science, vol 5473. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00862-7_5

Download citation

DOI: https://doi.org/10.1007/978-3-642-00862-7_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00861-0
Online ISBN: 978-3-642-00862-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics