Da-Zhi Sun,Yi Mu,Willy Susilo

DOI: https://doi.org/10.1007/s00779-017-1081-6

2017-09-26

Personal and Ubiquitous Computing

Abstract:Bluetooth devices are widely employed in the home network systems. It is important to secure the home members’ Bluetooth devices, because they always store and transmit personal sensitive information. In the Bluetooth standard, Secure Simple Pairing (SSP) is an essential security mechanism for Bluetooth devices. We examine the security of SSP in the recent Bluetooth standard V5.0. The passkey entry association model in SSP is analyzed under the man-in-the-middle (MITM) attacks. Our contribution is twofold. (1) We demonstrate that the passkey entry association model is vulnerable to the MITM attack, once the host reuses the passkey. (2) An improved passkey entry protocol is therefore designed to fix the reusing passkey defect in the passkey entry association model. The improved passkey entry protocol can be easily adapted to the Bluetooth standard, because it only uses the basic cryptographic components existed in the Bluetooth standard. Our research results are beneficial to the security enhancement of Bluetooth devices in the home network systems.

computer science, information systems,telecommunications

Weirong Cui,Chenglie Du,Jinchao Chen

DOI: https://doi.org/10.1007/s11276-017-1588-9

IF: 2.701

2017-01-01

Wireless Networks

Abstract:Wireless device-to-device (D2D) communication, which enables direct communication between co-located devices without Internet access, is becoming common. Simultaneously, security issues have become technical barriers to D2D communication due to its open-air nature and lack of centralized control. Automatically establishing the secure association between wireless devices that do not share a prior trust remains an open and challenging problem. Recent work has proposed to extract shared keys from the similar ambient radio signals of two co-located wireless devices. Using such methods, information reconciliation based on error-correcting techniques is implemented to make two co-located devices extract the same bitstreams as the shared keys from their similar ambient radio environment. However, due to the bounded capability of the error-correcting code, existing methods can only work effectively in a very short distance range. In this paper, we propose a novel solution, called proximity-based secure pairing (PSP), which allows two wireless devices in physical proximity to automatically authenticate each other and obtain shared keys according to the channel state information of the WiFi signals. In contrast to existing methods, PSP is built on private set intersection computation rather than information reconciliation, which makes it effective over a wider distance range while ensuring security and efficiency. We provide a thorough security analysis and performance evaluation of PSP and demonstrate its advantages in terms of security, efficiency and usability over state-of-the-art methods.

Ruixue Sun,Zhiguo Shi,Rongxing Lu,Jian Qiao,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/WCSP.2012.6542795

2012-01-01

Abstract:The 60 GHz ultra-high-speed Wireless Personal Area Network (WPAN) has received considerable attention in recent years. Information security, which ensures secure communication within the network, is of particular importance. In this paper, we propose an efficient lightweight key management scheme for 60 GHz WPAN, which deploys secure encryption algorithms and one-way hash function to achieve efficient key exchange and updating managements. Detailed security analysis has shown its security provisions. In addition, performance evaluation is also provided to demonstrate its efficiency in terms of session key distribution and group key updating.

K. Saravanan,L. Vijayanand,R. K. Negesh

DOI: https://doi.org/10.48550/arXiv.1203.4649

2012-03-21

Cryptography and Security

Abstract:As an interconnection technology, Bluetooth has to address all traditional security problems, well known from the distributed networks. Moreover, as Bluetooth networks are formed by the radio links, there are also additional security aspects whose impact is yet not well understood. In this paper, we propose a novel Man-In-The-Middle (MITM) attack against Bluetooth enabled mobile phone that support Simple Secure Pairing(SSP). From the literature it was proved that the SSP association models such as Numeric comparison, Just works and passkey Entry are not more secure. Here we propose the Out Of Band (OOB) channeling with enhanced security than the previous methods.

Dongkun Hou,Jie Zhang,Ka Lok Man

DOI: https://doi.org/10.1109/trustcom50675.2020.00224

2020-01-01

Abstract:Bluetooth wireless technology is widely deployed in consumer electronics such as mobile phones, headsets, medical wearables and so on. Security is a significant concern of users, since such devices collect and store personal data. Security schemes are provided in the Bluetooth Core Specification version 5.0, but they cannot resist the emerging side-channel attacks which can leak long-term secrets through physical manners. In this paper, the security of Bluetooth under side-channel attacks is studied. Specifically, we improved the security of Secure Simple Pairing (SSP) protocol in Bluetooth 5.0 by developing two leakage-resilient methods to resist side-channel attacks. The leakage-resilient SSP protocols are designed using exponent splitting and multiplicative mask leakage-resilient methods respectively to prevent the long-term secrets from being leaked to side-channel attackers. Prototypes of the new and original protocols are realized, and we simulate a set of experiences to evaluate and compare their performance. We find the increased computation cost of the new protocols is slight and acceptable.

Ang Gao,Wei Wei,Xiangrong Xiao

DOI: https://doi.org/10.3923/itj.2010.740.748

2010-01-01

Information Technology Journal

Abstract:Wireless Sensor Networks (WSNs) are often deployed in hostile environments, thus being subjected to great security risks. Secure authentication between the two participating entities is of typical defense against data modified and fabricated by an adversary. In this study, considering environment and dynamic topology having a significant impact on the communication radius of sensor, we proposed a secure Multi-hop authentication scheme: the data message source is verified with keys derived from multiple one-way hash sub-chains related to communication radius of node, while offering greater resilience against node compromised by designing the hash chain length which guarantees that sub-chains are picked with the low probability of overlap between two or more sensors. Compared to existing solution, the proposed method greatly alleviates extra memory space taken and lower energy consumption extends the network lifetime benefiting from the distributed strategy. © 2010 Asian Network for Scientific Information.

Chandranshu Gupta,Gaurav Varshney

DOI: https://doi.org/10.1016/j.comcom.2023.01.001

2022-04-29

Abstract:Bluetooth Low Energy (BLE) devices have become very popular because of their Low energy consumption and hence a prolonged battery life. They are being used in smart wearable devices, smart home automation system, beacons and many more areas. BLE uses pairing mechanisms to achieve a level of peer entity authentication as well as encryption. Although, there are a set of pairing mechanisms available but BLE devices having no keyboard or display mechanism (and hence using the Just Works pairing) are still vulnerable. In this paper, we propose and implement, a light-weight digital certificate based authentication mechanism for the BLE devices making use of Just Works model. The proposed model is an add-on to the already existing pairing mechanism and therefore can be easily incorporated in the existing BLE stack. To counter the existing Man-in-The-Middle attack scenario in Just Works pairing (device spoofing), our proposed model allows the client and peripheral to make use of the popular Public Key Infrastructure (PKI) to establish peer entity authentication and a secure cryptographic tunnel for communication. We have also developed a lightweight BLE profiled digital certificate containing the bare minimum fields required for resource constrained devices, which significantly reduces the memory (about 90\% reduction) and energy consumption. We have experimentally evaluated the energy consumption of the device using the proposed pairing mechanism to demonstrate that the model can be easily deployed with less changes to the power requirements of the chips. The model has been formally verified using automatic verification tool for protocol testing.

Cryptography and Security

Shuo Chen,Maode Ma,Zhenxing Luo

DOI: https://doi.org/10.1002/sec.1407

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:The Internet has made the world smaller while there is still a gap between the cyber world and our physical world. In the future cyber-physical system (CPS), all objects in cyber world and physical world would be connected, and the concepts of cyber world and physical world will no longer exist. The speed of information transmitting and processing will be faster, the abilities of controlling facilities and handling events will be more powerful, and our lives will be better. In the CPS, machine to machine (M2M) communication is in charge of data collecting and transmitting, which utilizes both wireless and wired systems to monitor physical or environmental conditions and exchange the information among different systems without direct human intervention. As a part of CPS, M2M communication is considerably important while being fragile at the same time because M2M communication still faces lots of security threats that are not only from outside but also from inside. In traditional M2M communication, the M2M service provider (MSP) is always assumed to be trusted. However, the MSP could be compromised in real world. In that case, the previous security solutions would fail because the most confidential materials are kept in the MSP by the conventional solutions. How to protect the entire system from the compromised MSP is one important problem the paper intends to solve. In addition, the communication bandwidth and energy resource for the M2M devices are precious. Another issue the paper is addressing is the design of efficient security schemes being able to save both energy and communication bandwidth. In this paper, an authentication scheme applying authenticated identity-based cryptography without key-escrow mechanism has been proposed. In the proposed scheme, only partial secrets instead of full secrets are stored in the MSP, which could prevent the compromised MSP from endangering the whole system. The authenticated encryption property of the proposed scheme could leave out the work of signature generation, transmission, and verification so as to save the computation and communication resource of the whole system. The security analysis with Burrows-Abadi-Needham logic (BAN Logic) and Simple Promela Interpreter (SPIN) shows that the proposed scheme is well designed and could withstand Man-in-the-Middle attacks, impersonation attacks, replay attacks, DoS attacks, and compromised attacks. Copyright (c) 2016 John Wiley & Sons, Ltd.

Chien-Ming Chen,King-Hang Wang,Tsu-Yang Wu,Jeng-Shyang Pan,Hung-Min Sun

DOI: https://doi.org/10.1109/tifs.2013.2270106

IF: 7.231

2013-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The man-in-the-middle (MITM) attack is the major threat for handheld devices to agree on a session key in which they do not share any prior secret in advance, even if these devices are physically located in the same place. Apart from insecurely typing passwords into handheld devices or comparing long hexadecimal keys displayed on the devices' screens, many other human-verifiable protocols have been proposed in the literature to solve the problem. Unfortunately, most of these schemes are unscalable to more users. Even when there are only three entities attempting to agree on a session key, these protocols need to be rerun three times. In this paper, we present a bipartite and a tripartite authentication protocol using a temporary confidential channel. Besides, we further extend the system into a transitive authentication protocol that allows multiple handheld devices to establish a conference key securely and efficiently. In addition, we provide a formal proof to our protocol to demonstrate our scheme is indeed secure. We also implement the prototype of the system on a mobile phone with satisfying performance.

Sai Swaroop Madugula,Ruizhong Wei

DOI: https://doi.org/10.48550/arXiv.2101.09381

2021-01-23

Abstract:In this paper, we propose a simple enhancement for the passkey entry protocol in the authentication stage 1 of Secure Simple Pairing using preexisting cryptographic hash functions and random integer generation present in the protocol. The new protocol is more secure and efficient than previous known protocols. Our research mainly focuses on strengthening the passkey entry protocol and protecting the devices against passive eavesdropping and active Man-in-the-middle (MITM) attacks in both Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (Bluetooth LE). This method can be used for any device which uses the passkey entry protocol.

Cryptography and Security

Yue Zhang,Jian Weng,Rajib Dey,Yier Jin,Zhiqiang Lin,Xinwen Fu

DOI: https://doi.org/10.48550/arXiv.1908.10497

2019-09-11

Abstract:To defeat security threats such as man-in-the-middle (MITM) attacks, Bluetooth Low Energy (BLE) 4.2 and 5.x introduce the Secure Connections Only mode, under which a BLE device accepts only secure paring protocols including Passkey Entry and Numeric Comparison from an initiator, e.g., an Android mobile. However, the BLE specification does not explicitly require the Secure Connection Only mode of the initiator. Taking the Android's BLE programming framework for example, we found that it cannot enforce secure pairing, invalidating the security protection provided by the Secure Connection Only mode. The same problem applies to Apple iOS too. Specifically, we examine the life cycle of a BLE pairing process in Android and identify four severe design flaws. These design flaws can be exploited by attackers to perform downgrading attacks, forcing the BLE pairing protocols to run in the insecure mode without the users' awareness. To validate our findings, we selected and tested 18 popular BLE commercial products and our experimental results proved that downgrading attacks and MITM attacks were all possible to these products. All 3501 BLE apps from Androzoo are also subject to these attacks. For defense, we have designed and implemented a prototype of the Secure Connection Only mode on Android 8 through the Android Open Source Project (AOSP). We have reported the identified BLE pairing vulnerabilities to Bluetooth Special Interest Group (SIG), Google, Apple, Texas Instruments (TI) and all of them are actively addressing this issue. Google rated the reported security flaw a High Severity.

Cryptography and Security

Jun Zhou,Zhenfu Cao,Xiaolei Dong,Naixue Xiong,Athanasios V. Vasilakos

DOI: https://doi.org/10.1016/j.ins.2014.09.003

IF: 8.1

2015-01-01

Information Sciences

Abstract:Cloud-assisted wireless body area networks (WBANs) significantly facilitate efficient patient treatment of high quality, unfortunately in the meanwhile greatly challenge the patient’s data confidentiality and privacy. The existing work mainly focused on the traditional scenario where patients securely stay indoors. In this paper, we consider a more practical situation of cloud-assisted WBANs in m-healthcare social networks where patients traverse among blocks outdoors and WBANs are more vulnerable to sophisticated attacks including even node compromise attack. To solve the problem, a secure and privacy-preserving key management scheme resilient to both time-based and location-based mobile attacks is proposed by the cooperation of the mobile patients in the same social group for both hierarchical and distributed environment. It also protects patient’s identity privacy, sensor deployment privacy and location privacy by exploiting the blinding technique and embedding human body’s symmetric structure into Blom’s symmetric key mechanism with modified proactive secret sharing. Especially, the computationally-intensive privacy-preserving key material updating is outsourced to the cloud server and the unchanged pairwise keys after key material updating dramatically saves the resources for energy-constrained WBANs. Finally, the security analysis and simulation results show our scheme far outperforms the previous ones in terms of resisting mobile attacks and storage, computation and communication overhead.

Inshil Doh,Jiyoung Lim,Shi Li,Kijoon Chae

DOI: https://doi.org/10.2298/csis130922065d

2014-01-01

Computer Science and Information Systems

Abstract:In the ubiquitous environment, more and more devices are deployed in our daily life, and need to communicate with one another. M2M (Machine-to-Machine) communication is considered to be one of the major issues in future networks. M2M is expected to bring various benefits in wireless communications when it is interconnected with cellular networks. Considering the characteristics of cellular M2M networks, traditional security solutions are not proper to be applied to cellular M2M networks because the M2M network itself is vulnerable to various attacks. We consider security aspects for cellular M2M communications and propose a key management mechanism including the pairwise key and group key establishment. Our proposal could provide reliability and efficiency for the cellular M2M communication network in the secure manner.

Wenlong Shen,Yu Cheng,Bo Yin,Jin Du,Xianghui Cao

DOI: https://doi.org/10.1109/tvt.2021.3116619

IF: 6.8

2021-01-01

IEEE Transactions on Vehicular Technology

Abstract:Key establishment is one fundamental issue in wireless security. The widely used Diffie-Hellman key exchange is vulnerable to the man-in-the-middle (MITM) attack due to its lack of mutual authentication. This paper presents a novel in-band solution for defending the MITM attack during the key establishment process for wireless devices. Our solution is based on the insight that an attacker inevitably affects the link layer behavior of the wireless channel, and this behavior change introduced by the attacker can be detected by legitimate users. Specifically, we propose a key exchange protocol and its corresponding channel access mechanism for the protocol message transmission, in which the Diffie-Hellman parameter is transmitted multiple times in a row without being interrupted by other data transmissions on the same channel. The proposed key exchange protocol forces the MITM attacker to cause multiple packet collisions consecutively at the receiver side, which can then be monitored by the proposed detection algorithm. The performance of the proposed solution is validated through both analysis and simulations and the results show that the proposed solution is secure against the MITM attack and can achieve a low false positive ratio. The proposed solution is in-band, and can be implemented on off-the-shelf wireless devices.

Cn Yang,Ht Teng,Ts Chen

2004-01-01

Abstract:Motivated by the reused unit key problem described in Bluetooth security white paper, we herein propose a method to modify the usage of the unit key, which is a common secret key established in Bluetooth pairing communication session. The reused problem causes the disclosure of confidential information due to the same unit key of other devices that has been authenticated or paired before. Bluetooth Security Expert Group (BSEG) recommends that using combination keys as link keys would be more appropriate than using unit keys for authentication and encryption. However, it is not a good choice for those devices with limited memory to store a lot of combination keys. Therefore, we propose a method based on one-way hash function to modify the usage of unit keys. It makes unit keys unique as well as combination keys in each pairing communication such that no malicious users are able to eavesdrop with the reused unit keys. Besides, no additional memory space will be required to store keys.

Feng Xu,Yuqi Zhu,Hongxu Ma,Bin Cai

DOI: https://doi.org/10.1080/10798587.2012.10643269

2012-01-01

Intelligent Automation & Soft Computing

Abstract:This paper studies the proper threat of mobile Ad Hoc network, and proposes a threshold authentication scheme without the trusted center based on bilinear pairings. The cost of storage and computational capacity, requiring of each node, can be effectively reduced and security problems such as inner nodes attack, passive attack can be solved. Compared with the existent protocol, this scheme is faster in generating certificate and has lower complexity of computing.

Dennis Heinze,Jiska Classen,Felix Rohrbach

DOI: https://doi.org/10.1145/3395351.3399343

2020-05-15

Abstract:Device pairing in large Internet of Things (IoT) deployments is a challenge for device manufacturers and users. Bluetooth offers a comparably smooth trust on first use pairing experience. Bluetooth, though, is well-known for security flaws in the pairing process. In this paper, we analyze how Apple improves the security of Bluetooth pairing while still maintaining its usability and specification compliance. The proprietary protocol that resides on top of Bluetooth is called MagicPairing. It enables the user to pair a device once with Apple's ecosystem and then seamlessly use it with all their other Apple devices. We analyze both, the security properties provided by this protocol, as well as its implementations. In general, MagicPairing could be adapted by other IoT vendors to improve Bluetooth security. Even though the overall protocol is well-designed, we identified multiple vulnerabilities within Apple's implementations with over-the-air and in-process fuzzing.

Cryptography and Security,Networking and Internet Architecture

Muhammad Adil,Mian Ahmad Jan,Spyridon Mastorakis,Houbing Song,Muhammad Mohsin Jadoon,Safia Abbas,Ahmed Farouk

DOI: https://doi.org/10.48550/arXiv.2105.07711

2021-05-17

Abstract:Cyber-Physical Systems (CPS) connected in the form of Internet of Things (IoT) are vulnerable to various security threats, due to the infrastructure-less deployment of IoT devices. Device-to-Device (D2D) authentication of these networks ensures the integrity, authenticity, and confidentiality of information in the deployed area. The literature suggests different approaches to address security issues in CPS technologies. However, they are mostly based on centralized techniques or specific system deployments with higher cost of computation and communication. It is therefore necessary to develop an effective scheme that can resolve the security problems in CPS technologies of IoT devices. In this paper, a lightweight Hash-MAC-DSDV (Hash Media Access Control Destination Sequence Distance Vector) routing scheme is proposed to resolve authentication issues in CPS technologies, connected in the form of IoT networks. For this purpose, a CPS of IoT devices (multi-WSNs) is developed from the local-chain and public chain, respectively. The proposed scheme ensures D2D authentication by the Hash-MAC-DSDV mutual scheme, where the MAC addresses of individual devices are registered in the first phase and advertised in the network in the second phase. The proposed scheme allows legitimate devices to modify their routing table and unicast the one-way hash authentication mechanism to transfer their captured data from source towards the destination. Our evaluation results demonstrate that Hash- MAC-DSDV outweighs the existing schemes in terms of attack detection, energy consumption and communication metrics.

Cryptography and Security,Networking and Internet Architecture

Jiaqing Mo,Zhongwang Hu,Hang Chen,Wei Shen

DOI: https://doi.org/10.1155/2019/4520685

2019-01-01

Wireless Communications and Mobile Computing

Abstract:Nowadays, due to the rapid development and wide deployment of handheld mobile devices, the mobile users begin to save their resources, access services, and run applications that are stored, deployed, and implemented in cloud computing which has huge storage space and massive computing capability with their mobile devices. However, the wireless channel is insecure and vulnerable to various attacks that pose a great threat to the transmission of sensitive data. Thus, the security mechanism of how the mobile devices and remote cloud server authenticate each other to create a secure session in mobile cloud computing environment has aroused the interest of researchers. In this paper, we propose an efficient and provably secure anonymous two-factor user authentication protocol for the mobile cloud computing environment. The proposed scheme not only provides mutual authentication between mobile devices and cloud computing but also fulfills the known security evaluation criteria. Moreover, utilization of ECC in our scheme reduces the computing cost for mobile devices that are computation capability limited and battery energy limited. In addition, the formal security proof is given to show that the proposed scheme is secure under random oracle model. Security analysis and performance comparisons indicate that the proposed scheme has reasonable computation cost and communication overhead at the mobile client side as well as the server side and is more efficient and more secure than the related competitive works.

Qi Jiang,Xinxin Lian,Chao Yang,Jianfeng Ma,Youliang Tian,Yuanyuan Yang

DOI: https://doi.org/10.1007/s10916-016-0587-1

Abstract:Wireless body area networks (WBANs) have become one of the key components of mobile health (mHealth) which provides 24/7 health monitoring service and greatly improves the quality and efficiency of healthcare. However, users' concern about the security and privacy of their health information has become one of the major obstacles that impede the wide adoption of WBANs. Anonymous and unlinkable authentication is critical to protect the security and privacy of sensitive physiological information in transit from the client to the application provider. We first show that the anonymous authentication scheme of Wang and Zhang based on bilinear pairing is prone to client impersonation attack. Then, we propose an enhanced anonymous authentication scheme to remedy the flaw in Wang and Zhang's scheme. We give the security analysis to demonstrate that the enhanced scheme achieves the desired security features and withstands various known attacks.