Usable Security Bluetooth Pairing - PowerPoint PPT Presentation

1 / 7
About This Presentation
Title:

Usable Security Bluetooth Pairing

Description:

... (in perl): reads the sniffer log, and parse it to ... assuming there are 90 ascii characters that can be typed on a mobile phone Assuming random pins It might ... – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 8
Provided by: poly178
Category:

less

Transcript and Presenter's Notes

Title: Usable Security Bluetooth Pairing


1
Usable SecurityBluetooth Pairing
  • Nitesh Saxena
  • Polytechnic University

2
PIN-based Bluetooth Pairing
3
Authentication
1
2
4
(In)Security of PIN-based Pairing
  • Long believed to be insecure for short PINs
  • Why?
  • First to demonstrate this insecurity Shaked and
    Wool Mobisys05

5
Attack Implementation
  • Coded in C on linux platform
  • Given a piece of code for SAFER algorithm,
    implemented the encryption functions E22, E21, E1
  • Hardware for sniffing bluetooth packet analyzer
    with windows software
  • Log Parser (in perl) reads the sniffer log, and
    parse it to grab IN_RAND, RAND_A, RAND_B,
    AU_RAND_A, AU_RAND_B, SRES

6
Timing Measurements of Attack
  • Theoretically O(10L), with decimal digits
  • Assuming the PINs are chosen uniformly at random
  • Empirically, on a PIII 700MHz machine

No. of digits in PIN (L) CPU time (sec)
4 1.294
5 12.915
6 129.657
7 1315.332
7
Timing of Attack
  • ASCII PINs O(90L), assuming there are 90 ascii
    characters that can be typed on a mobile phone
  • Assuming random pins
  • It might actually be safe enough to use 6 digit
    ascii pins.
  • Assuming random pins

Security vs. Usability Tradeoff
Write a Comment
User Comments (0)
About PowerShow.com