To Discuss Of The Security Mechanism In Bluetooth

With the rapid development of mobile communication and internet,many new technologies and standards are occur.Bluetooth is a wireless communication standard among those,which can enable the data and voice device to connect each other and communicate.Now many Bluetooth productions such as Bluetooth mobile cell,Bluetooth earphone and Bluetooth printer have been produced,the security of this production is cared by consumer.This paper first introduce the new technology Bluetooth,then discuss the security of Bluetooth at link layer including the management of link key(classify,generate and transfer),pairing,authentication and encryption.At last discuss the security hole in Bluetooth such as initialization key,unit key,authentication and Bluetooth device address and the methods to solve the problem.The initialisation key is the first security gate in Bluetooth security system,if the initialisation key is got by attacker,the attacker will get the common link key by continue listening the communication.If the common link key is known by others,the two device is no secret before he.The third party can not only listen the two device's communication but also assert him one party to authenticate the other.Pairing at place where less people here will reduce the attack.To use long PIN managed by Diffie-Hellman key exchange algorithm will also reduce the attack.Unit key is a semi-permanent key,once the unit key is produced it may be used many time and seldom changed.The unit key is easy got by paired device and attacked by it. We may solve this by change the attribute of the unit key,let it changeable.This will increase the security of unit key but need no more space. Because authentication is apart from data transpoart later and the authentication has no time stamp or nonce,when received information the Bluetooth device doesn't tell from the information is new or out of date.So authentication is easy attacked by so called middle man.We may solve this by introduce time idea at authentication.One is operate the Bluetooth device address and Bluetooth clock and take the value as Bluetooth device,the other is start a timer at authentication.Because the Bluetooth device address is unique,the Bluetooth device is relate to its user,the user's secrect is not saft.We may solve this by change the Bluetooth device address.