Secure authorization, access control and data integrity in Bluetooth
This article was originally published as: Nguyen, L, Safavi-Naini, R, Susilo, W & Wysocki, T, Secure authorization, access control and data integrity in Bluetooth, 10th IEEE International Conference on Networks (ICON 2002), 27-30 August 2002, 428-433. Copyright IEEE 2002.
The Bluetooth standard has a provision for mutual authentication of connecting devices but not their actual users and allows access control during connection setup only. We propose a user authorization and pairing (UAP) application, that has the ability to perform authentication and authorization of users using role based model. The pairing procedure, which exchanges link key between devices, is also performed as a part of the user authorization process. The integrity of the message is guaranteed by using message authentication codes. We also extend an attack on a short PIN during the pairing procedure for devices compliant with the Bluetooth specification version 1.1.
L. Nguyen, R. Safavi-Naini, W. Susilo, and T. A. Wysocki. " Secure authorization, access control and data integrity in Bluetooth" Faculty of Informatics - Papers. Aug. 2002.
Available at: http://works.bepress.com/twysocki/5