A CRYPTOGRAPHIC ANALYSIS OF BLUETOOTH'S HUMAN-MACHINE AUTHENTICATED KEY EXCHANGE PROTOCOLS
Loading...
Authors
Troncoso, Michael E.
Subjects
Bluetooth
Authenticated Key Exchange
Cyborg Protocols
secure connections
Secure Simple Pairing Numeric Comparison
Passkey Entry
computational analysis
formal analysis
Tamarin
Authenticated Key Exchange
Cyborg Protocols
secure connections
Secure Simple Pairing Numeric Comparison
Passkey Entry
computational analysis
formal analysis
Tamarin
Advisors
Stanica, Pantelimon
Hale, Britta
Date of Issue
2020-09
Date
Sep-20
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
As Bluetooth is firmly ensconced as one of the leading standardizations for wireless communication, it becomes imperative to rigorously quantify its security. To forward this quantification, we conduct a comprehensive analysis of Bluetooth's user-mediated authenticated key exchanges, Numeric Comparison and Passkey Entry, in both the computational and formal cryptographic settings. Due to the reliance on intertwined human and machine functions in the specification of these cyborg protocols, new attack vectors arise for hostile actors to exploit. Consequently, we model a realistic adversary, one not only with access to both the user-to-device interfaces and device-to-device communication channels simultaneously, but also with the capability to compromise device display and input mechanisms. Our analysis shows that while Numeric Comparison and Initiator/Responder-Generated Passkey Entry achieve at least basic levels of security in our model, User-Generated Passkey Entry is insecure in the model. Furthermore, the categories of attacks depicted herein function as a blueprint for the compromise of other protocols with an active user component. To rectify the issues discovered by our analysis, we present the provably secure Dual Passkey Entry protocol with the Secure Hash Modification for addition to the Bluetooth standardization. Dual Passkey Entry demonstrates that full CYBORG security is a realistic and achievable goal with limited change to defined protocols.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Applied Mathematics (MA)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. distribution is unlimited
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States