Cracking the Bluetooth PIN

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Cracking the Bluetooth PIN

Full text

Pdf (224 KB)

Source

International Conference On Mobile Systems, Applications And Services archive
Proceedings of the 3rd international conference on Mobile systems, applications, and services table of contents

Seattle, Washington

SESSION: Shake 'em, but don't crack 'em table of contents

Pages: 39 - 50

Year of Publication: 2005

ISBN:1-931971-31-5

Authors

Yaniv Shaked	Tel Aviv University, Israel
Avishai Wool	Tel Aviv University, Israel

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing
USENIX: USENIX Association

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 15, Downloads (12 Months): 164, Citation Count: 14

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1067170.1067176 What is a DOI?

ABSTRACT

This paper describes the implementation of an attack on the Bluetooth security mechanism. Specifically, we describe a passive attack, in which an attacker can find the PIN used during the pairing process. We then describe the cracking speed we can achieve through three optimizations methods. Our fastest optimization employs an algebraic representation of a central cryptographic primitive (SAFER+) used in Bluetooth. Our results show that a 4-digit PIN can be cracked in less than 0.3 sec on an old Pentium III 450MHz computer, and in 0.06 sec on a Pentium IV 3Ghz HT computer.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	{Arm02} Frederik Armknecht. A linearization attack on the Bluetooth key stream generator. Cryptology ePrint Archive, report 2002/191, available from http://eprint.iacr.org/2002/191/, 2002.
	2	{Blu03}Specification of the Bluetooth system, v.1.2. Core specification, available from http://www.bluetooth.org/spec, 2003.
	3	{Blu04} Bluejackq. http://www.bluejackq.com/ 2004.
	4	Scott R. Fluhrer , Stefan Lucks, Analysis of the E0 Encryption System, Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography, p.38-48, August 16-17, 2001
	5	{Flu02} Scott R. Fluhrer. Improved key recovery of level 1 of the Bluetooth encryption system. Cryptology ePrint Archive, report 2002/068, available from http://eprint.iacr.org/2002/068/, 2002.
	6	Miia Hermelin , Kaisa Nyberg, Correlation Properties of the Bluetooth Combiner Generator, Proceedings of the Second International Conference on Information Security and Cryptology, p.17-29, December 09-10, 1999
	7	Markus Jakobsson , Susanne Wetzel, Security Weaknesses in Bluetooth, Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA, p.176-191, April 08-12, 2001
	8	Matthias Krause, BDD-Based Cryptanalysis of Keystream Generators, Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology, p.222-237, May 02, 2002
	9	{Lau03} Adam Laurie. Serious flaws in Bluetooth security lead to disclosure of personal data. http://www.bluestumbler.org, 2003.
	10	{LV04} Y. Lu and S. Vaudenay. Faster correlation attack on Bluetooth keystream generator EO. In Advances in Cryptology - CRYPTO'04, LNCS 3152, pages 407--425. Springer-Verlag, 2004.
	11	{LW05} Ophir Levy and Avishai Wool. A uniform framework for cryptanalysis of the Bluetooth E0 cipher. Cryptology ePrint Archive, Report 2005/107, 2005. http://eprint.iacr.org/2005/107
	12	{MKK98} J. L. Massey, G. H. Khachatrian, and M. K. Kuregian. SAFER+. In Proc. First Advanced Encryption Standard Candidate Conference. National Institute of Standards and Technology (NIST), 1998.
	13	{Reh03} Gregory Rehm. 802.11b homebrew WiFi antenna shootout. http://www.turnpoint.net/wireless/has.html, 2003.
	14	{Whi03} Ollie Whitehouse. War nibbling: Bluetooth insecurity. http://www.atstakw.com/research/reports/acrobat/atstake_war_nibbling.pd%f, 2003.
	15	{Whi04} Ollie Whitehouse. Bluetooth: Red fang, blue fang. CanSecWest/core04. Available from http://www.consecwest.com/csw04/CSW04- Whitehouse.pdf, April 2004. Vancouver, CA.

CITED BY 14

	Jing Su , Kelvin K. W. Chan , Andrew G. Miklas , Kenneth Po , Ali Akhavan , Stefan Saroiu , Eyal de Lara , Ashvin Goel, A preliminary investigation of worm infections in a bluetooth environment, Proceedings of the 4th ACM workshop on Recurring malcode, November 03-03, 2006, Alexandria, Virginia, USA
	Samer Fayssal , Youssif Alnashif , Byoung Kim , Salim Hariri, A proactive wireless self-protection system, Proceedings of the 5th international conference on Pervasive services, July 06-10, 2008, Sorrento, Italy
	Keijo M. J. Haataja, New efficient intrusion detection and prevention system for Bluetooth networks, Proceedings of the 1st international conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications, February 13-15, 2008, Innsbruck, Austria
	Dominic Spill , Andrea Bittau, BlueSniff: eve meets alice and bluetooth, Proceedings of the first conference on First USENIX Workshop on Offensive Technologies, p.5-5, August 06, 2007, Boston, MA
	Manish Kumar , M. Hanumanthappa , Bhavanam Lakshma Reddy, Security issues in m-government, International Journal of Electronic Security and Digital Forensics, v.1 n.4, p.401-412, November 2008
	Gianluca Lax , Giuseppe M. Sarné, CellTrust: a reputation model for C2C commerce, Electronic Commerce Research, v.8 n.4, p.193-216, December 2008
	Luca Carettoni , Claudio Merloni , Stefano Zanero, Studying Bluetooth Malware Propagation: The BlueBag Project, IEEE Security and Privacy, v.5 n.2, p.17-25, March 2007
	Rene Mayrhofer , Hans Gellersen, Spontaneous mobile device authentication based on sensor data, Information Security Tech. Report, v.13 n.3, p.136-150, August, 2008
	Alfred Loo, Technical opinion Security threats of smart phones and Bluetooth, Communications of the ACM, v.52 n.3, March 2009
	Adin Scannell , Alexander Varshavsky , Anthony LaMarca , Eyal De Lara, Proximity-based authentication of mobile devices, International Journal of Security and Networks, v.4 n.1/2, p.4-16, February 2009
	Ileana Buhan , Bas Boom , Jeroen Doumen , Pieter H. Hartel , Raymond N. J. Veldhuis, Secure pairing with biometrics, International Journal of Security and Networks, v.4 n.1/2, p.27-42, February 2009
	Dennis K. Nilsson , Ulf E. Larson , Erland Jonsson, Auxiliary channel Diffie-Hellman encrypted key-exchange authentication, Proceedings of the 5th International ICST Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness, July 28-31, 2008, Hong Kong
	Francesco Chiti , Romano Fantacci , Giovanni Collodi , Gianfranco Manes , Luca Bencini , David Lund , Bassem Ammar , Ioannis Katsaros , Alistair Doswald , Stephan Robert , Peter Sollberger, Supporting distributed applications for swarm of robots within smart environments: the way of EU project DustBot, Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly, June 21-24, 2009, Leipzig, Germany
	Y. M. Huang , M. Y. Hsieh , H. C. Chao , S. H. Hung , J. H. Park, Pervasive, secure access to a hierarchical sensor-based healthcare monitoring architecture in wireless heterogeneous networks, IEEE Journal on Selected Areas in Communications, v.27 n.4, p.400-411, May 2009