On the security of password-based pairing protocol in Bluetooth

摘要

Bluetooth is a popular wireless communication technique, providing connection between portable or stationary devices in close range. A procedure called pairing needs to be performed when two devices intend to connect with each other in order to form a trusted pair and generate secret keys to protect the link. There are several modes of Bluetooth pairing, and password-based is the most convenient and prevalent way. In this paper, we discover a potential vulnerability in the password-based pairing protocol of the latest Bluetooth v4.0 proposed in 2010, which makes password guessing possible. To cope with the problem, a new scheme is proposed which can mitigate the network threats, and is compatible with the hardware of legacy Bluetooth devices. Note that our modification does not affect Bluetooth users' custom. This makes it a suitable replacement for the new Bluetooth pairing protocol.