文摘
According to adopted Bluetooth standard specifications, we examine the security of the pairing and link key generation scheme for Security Modes 2 and 3. The contribution is threefold. (1) It is demonstrated that the pairing and link key generation scheme for Security Modes 2 and 3 suffers the known-key attack. That is, the attacker without any long-term secret key is able to impersonate the targeted Bluetooth device at any time, once he obtains a short-term secret key, i.e., the initialization key, in its previous successful run. (2) An improved scheme is therefore proposed to overcome the known-key attack. (3) A security model is also presented to check the improved scheme. The improved scheme provably prevents the known-key attack on the original pairing and link key generation scheme for Security Modes 2 and 3. In addition, the improved scheme is more efficient than the original pairing and link key generation scheme.
