136 |
Bluetooth Security |
The exchange of fixed addresses is only allowed to occur once encryption has been enabled for the connection to ensure that the anonymity is not compromised. Still, there is an anonymity risk with allowing usage of fixed addresses at all. However, this is the compromise that must be taken in order to have a reasonable trade-off between anonymity and user convenience requirements.
8.8 Pairing example
Finally, we give an example of how the presented anonymity modes work when two devices not previously known to each other connect and are paired with each other. We assume that the users of the devices have put their devices in private pairable mode and hence that the devices trust each other and will, in addition to creating a shared link key, exchange alias and private addresses. The main steps related to the connection and pairing procedure are illustrated in Figure 8.5. Below, we explain the procedure step by step.
1.The host that is hosting device A, sets the device in anonymous mode using a dedicated command.
2.Host A requires authentication and encryption for any devices that the host connects to or is connected with.
3.Device A searches for a new device using the Bluetooth inquiry procedure. A new Bluetooth device, here called device B, is discovered. Device A receives the active BD_ADDR_B from device B.
4.Device A pages device B using BD_ADDR_B.
5.During the connection setup, device A requires authentication. Since no link key is available, a manual pairing where the users enter a passkey must be performed.
6.Host A requests a pass-key from the user. The user enters the pass-key, which is transferred to the link manager through the HCI.
7.The link manager of device A sends a random number to the link manager of device B. The random number is used to calculate an initialization key.
8.The link manager of device B requests a pass-key from the user through the HCI. The user enters the pass-key, which is returned to the link manager.
9.The link manager of device B calculates the initialization key and return an accept LM PDU to device A.
Providing Anonymity |
137 |
|
|
Host A |
|
HC/LM-A |
|
HC/LM-B |
|
Host B |
|
master |
|
slave |
|
||
|
|
|
|
|
||
|
|
|
|
|
|
|
5
13
17
1Enable the anonymous mode
2Enable authentication and encryption
|
|
|
|
|
|
3 Inquiry |
|
|
|
|
|
|
|
||
4 |
Unit A pages on BD_ADDR_B and authentication is required |
|
|||||||||||||
No link key available |
|
|
|
|
|
|
|
|
|
|
|
||||
=> pass-key is required |
|
|
|
|
|
|
|
|
|
|
|||||
6 |
Pass-key request |
|
|
|
LMP in rand |
|
|
|
|
|
|
|
|||
|
and returned |
|
|
7 |
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
(rand_nr) |
|
|
|
|
8 |
Pass-key |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
LMP accepted |
|
|
|
|
|
requested |
|
||
|
|
|
|
|
|
9 |
|
|
|
and returned |
|
||||
|
|
|
|
|
|
(opcode) |
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10 |
|
LMP comb key |
|
|
|
|
|
|
||
|
|
|
|
|
|
(rand nr) |
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LMP_comb_key |
|
11 |
|
|
|
|
|
|||
|
|
|
|
|
(rand_nr) |
|
|
|
|
|
|
||||
|
|
|
|
|
|
||||||||||
|
12 |
Authentication and switching on encryption |
|
||||||||||||
Request for |
|
|
|
14 |
|
LMP fixed address |
|
Allow private |
|
||||||
exchange of fixed |
|
|
|
(BD_ADDR_FIXED_A) |
15 |
|
|||||||||
|
|
|
|
|
|
|
|
|
|
pairing? |
|
||||
|
|
|
|
|
|
|
|
|
|
|
|||||
addresses |
|
|
|
LMP fixed address |
|
16 |
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
(BD_ADDR_FIXED_B) |
|
|
|
|
|
|||||
Request for |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LMP_alias_address |
|
|
|
||||||||
exchange of alias |
18 |
|
Request alias |
|
|||||||||||
(BD_ADDR_alias) |
|
|
|
19 |
|
||||||||||
addresses |
|
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
LMP_alias_address 20 |
|
address |
|
||||||
|
|
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
(BD_ADDR_alias) |
|
|
|
|
|
|
|
||
Figure 8.5 Message sequence for pairing with a trusted device.
10.Device A generates a random number that is used to calculate a combination key. The random number is sent encrypted with the initialization key to device B.
138 |
Bluetooth Security |
11.Device B receives the random number, generates its own random number, which is returned to device A encrypted with the initialization key. Both devices decrypt the received random values and calculate the secret combination key.
12.A mutual authentication is performed and the devices switch to encrypted mode.
13.Since device A is in private pairable mode, the host requests that a fixed address shall be exchanged.
14.The link manager of device A sends the fixed address, BD_ADDRfixed_A, to device B.
15.The link manager of device B receives the fixed address from A. Next, it asks the host if exchange of private information is allowed or not; that is, the host will tell whether or not device A is a trusted device that shall receive the fixed address. The host is in private pairable mode. Hence, it accepts fixed addresses to be exchanged.
16.The link manager of device B sends the fixed address, BD_ADDRfixed_B, to device B.
17.Next, the host of device A requests alias addresses to be exchanged and generates an alias that should be used when device B identifies device
A.
18.The link manager of device A sends the alias address,
BD_ADDR_alias_A, to device B.
19.Device B receives the alias address. The link manager sends the received alias address to the host through the HCI and asks the host for an alias to return. Either the host chooses to use the same alias (symmetric alias) or a different alias (asymmetric alias) is used.
20.The link manager of device B returns the alias address for device B,
BD_ADDR_alias_B, to device A.
References
[1]IEEE, IEEE Standard for Local and Metropolitan Area Networks: Overview and Architecture, IEEE Std. 802-2001, 2002.
[2]Bluetooth Special Interest Group, Specification of the Bluetooth System, Version 1.2, Core System Package, November 2003.