Enhancing the Security of Numeric Comparison Secure Simple Pairing in Bluetooth 5.0

Abstract

Bluetooth wireless technology is widely deployed in consumer electronics such as mobile phones, headsets, medical wearables and so on. Security is a significant concern of users, since such devices collect and store personal data. Security schemes are provided in the Bluetooth Core Specification version 5.0, but they cannot resist the emerging side-channel attacks which can leak long-term secrets through physical manners. In this paper, the security of Bluetooth under side-channel attacks is studied. Specifically, we improved the security of Secure Simple Pairing (SSP) protocol in Bluetooth 5.0 by developing two leakage-resilient methods to resist side-channel attacks. The leakage-resilient SSP protocols are designed using exponent splitting and multiplicative mask leakage-resilient methods respectively to prevent the long-term secrets from being leaked to side-channel attackers. Prototypes of the new and original protocols are realized, and we simulate a set of experiences to evaluate and compare their performance. We find the increased computation cost of the new protocols is slight and acceptable.