Abstract
Bluetooth low energy devices are very popular in wireless personal area networks. According to the Bluetooth standard specifications, the low energy secure simple pairing (LESSP) protocol is the process by which the pairing devices negotiate the authenticated secret key. To violate the user privacy, the adversary can perhaps link the runs of the LESSP protocol to the targeted device, which usually relates to the specially appointed user. Hence, we investigate deep into the privacy of the LESSP protocol. Our main contributions are threefold: (1) We demonstrate that the LESSP protocol suffers from privacy vulnerability. That is, an adversary without any secret key is able to identify the targeted device by the LESSP protocol. (2) An improvement is therefore proposed to repair the privacy vulnerability in the LESSP protocol. (3) We develop a formal privacy model to evaluate the privacy vulnerabilities in the LESSP protocol and its improved versions. We further prove that our improvement on the LESSP protocol is private under the privacy model. In addition, the performance evaluation shows that our improvement is as efficient as the LESSP protocol. Our research results are beneficial to the privacy enhancement of Bluetooth systems in wireless personal area networks.
Highlights
Due to the development of ubiquitous computing, more and more people carry networking devices, e.g., laptops, smartphones, tablets, and smart watches
Our main contributions are threefold: (1) We demonstrate that the low energy secure simple pairing (LESSP) protocol suffers from privacy vulnerability, that is, an adversary without any secret key can identify the targeted device, when the targeted device runs the LESSP protocol
We further prove that our improvement on the LESSP protocol is private under our privacy model
Summary
Due to the development of ubiquitous computing, more and more people carry networking devices, e.g., laptops, smartphones, tablets, and smart watches. Bluetooth LE devices have flourished in various person-related fields such as wireless personal area networks. These devices may incur severe privacy threats to the users, that is, the adversary. Consider the scenario where the user connects his the adversary can identify the user’s identity with his malicious device, because the Bluetooth LE smartphone to his nearby laptop via the Bluetooth LE channel. Thechannel user’s isexposed identity identify user’s identity with signal his malicious device, because the Bluetooth LE susceptible cantobe further used as a clue to disclose more sensitive personal information such as medical radio signal interception.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have