The Bluetooth standard has a provision for mutual authentication of connecting devices but not their actual users and allows access control during connection setup only. We propose a user authorization and pairing (UAP) application, that has the ability to perform authentication and authorization of users using role based model. The pairing procedure, which exchanges link key between devices, is also performed as a part of the user authorization process. The integrity of the message is guaranteed by using message authentication codes. We also extend an attack on a short PIN during the pairing procedure for devices compliant with the Bluetooth specification version 1.1.
Available at: http://works.bepress.com/twysocki/5/