Lior Neumann (Technion, Israel)
===============================

Title:
Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack

Abstract:
Bluetooth is a widely deployed platform for wireless communications between mobile devices. It uses authenticated Elliptic Curve Diffie-Hellman for its key exchange. We show that the authentication provided by the Bluetooth pairing protocols is insufficient and does not provide the promised MitM protection. We present a new variant of an Invalid Curve Attack that preserves the x-coordinate of the public keys. The attack compromises the encryption keys of all of the current Bluetooth authenticated pairing protocols, provided both paired devices are vulnerable. Specifically, it successfully compromises the encryption keys of 50% of the Bluetooth pairing attempts, while in the other 50% the pairing of the victims is terminated. Finally, we show that most of the Bluetooth market is vulnerable.

Joint work with Eli Biham.