A Cryptographic Analysis of Bluetooths Human-Machine Authenticated Key Exchange Protocols
Abstract
As Bluetooth is firmly ensconced as one of the leading standardizations for wireless communication, it becomes imperative to rigorously quantify its security. To forward this quantification, we conduct a comprehensive analysis of Bluetooths user-mediated authenticated key exchanges, Numeric Comparison and Passkey Entry, in both the computational and formal cryptographic settings. Due to the reliance on intertwined human and machine functions in the specification of these cyborg protocols, new attack vectors arise for hostile actors to exploit. Consequently, we model a realistic adversary, one not only with access to both the user-to-device interfaces and device-to-device communication channels simultaneously, but also with the capability to compromise device display and input mechanisms. Our analysis shows that while Numeric Comparison and Initiator/Responder-Generated Passkey Entry achieve at least basic levels of security in our model, User-Generated Passkey Entry is insecure in the model. Furthermore, the categories of attacks depicted herein function as a blueprint for the compromise of other protocols with an active user component. To rectify the issues discovered by our analysis, we present the provably secure Dual Passkey Entry protocol with the Secure Hash Modification for addition to the Bluetooth standardization. Dual Passkey Entry demonstrates that full CYBORG security is a realistic and achievable goal with limited change to defined protocols.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2020
- Accession Number
- AD1126658
Entities
People
- Michael E. Troncoso
Organizations
- Naval Postgraduate School