טכניון מכון טכנולוגי לישראל
הטכניון מכון טכנולוגי לישראל - בית הספר ללימודי מוסמכים  
M.Sc Thesis
M.Sc StudentKeidar Tal
SubjectSecurity in Bluetooth Networks - an Improved Unit Key
Generation Scheme
DepartmentDepartment of Electrical Engineering
Supervisor Professor Emeritus Adrian Segall


Abstract

Bluetooth is a standard for short-range wireless networks. Bluetooth networks are generated “ad-hoc” to connect several small devices to each other such as mobile phones, PDAs and headsets. They are also used to connect such small devices to stationary service providers in public places such as vending machines, turnstiles and information kiosks. The information that is communicated over the Bluetooth network is sometimes sensitive and requires means of information security.

The Bluetooth specification indeed deals with the need for information security, and provides a set of security algorithms in the Bluetooth core (“Baseband”) level. It also provides additional means for security mechanisms in the application level (which are not discussed in this paper). The core (“Baseband”) security scheme enables two Bluetooth devices to generate and exchange secret keys, and then use those keys for device identity authentication and message encryption. The initial secure communication between two devices is typically based on a “PIN code” that is punched-in by the user into both devices.

There are several known weaknesses in the Bluetooth security scheme that, under certain conditions, compromise the level of information security that is provided. Some improvements over the existing security scheme may resolve several of those known weaknesses.


This work addresses the security scheme in Bluetooth. The different mechanisms and protocols are described. The work also addresses several of the known weaknesses in the security scheme. The work analyses one of the known weaknesses, with regard to the use of “unit keys”, and suggests an improvement to overcome this weakness, with minimal impact on the rest of the security scheme and with no significant addition of logic functions.