Security Of Secure Simple Pairing In Bluetooth Standard V5.1 Against Mass Surveillance

Bluetooth low energy technology,as the basic component of the Internet of things,has become an indispensable wireless connection of intelligent applications.It has been widely deployed in the wireless personal area network.According to Bluetooth standard specifications,the low energy secure simple pairing(LESSP)protocol is the process by which the pairing devices negotiate the authenticated secret keys,which aims to provide users with a secure,private and low energy wireless pairing means.The essence of mass surveillance is algorithm substitution attack(ASA).The ASA against the LESSP protocol refers to the process in which the attacker uses the malicious algorithm with trapdoor to replace the random number selection operation in the standard LESSP protocol,so as to disclose the private key of the device.For the above surveillance problem,the main contributions of this paper are as follows:(1)This paper proposes an ASA scheme for LESSP protocol.For this ASA scheme,this paper designs key extractable and undetectable evaluation models to formally prove that the attack proposed in this paper has key extractability and undetectability.(2)In view of the above surveillance vulnerabilities,we propose corresponding improvement,and develop a surveillance model to evaluate it.In addition,we extend above idea to the privacy security of LESSP protocol.And then,we evaluate the security performance and protocol efficiency of the standard LESSP protocol and our improvement.The security results show that our improvement can not only resist the traditional passive eavesdropping and man-in-the-middle attacks,but also resist the privacy attacks caused by the reuse of public key and the ASA proposed in this paper.The performance evaluation shows that our improvement is as efficient as the LESSP protocol.(3)In order to provide stronger security,it is necessary to integrate our improvement in the home automation and entertainment(HAE)system.We elaborate the principles of our improvement applied in HAE scene from the perspective of surveillance,which can solve the authorization,privacy and confidentiality problems in HAE systems.We analyze and design three typical HAE cases of intelligent lock,intelligent wearable device and intelligent nursing system.Our research results are not only beneficial to the confidentiality of Bluetooth systems in wireless personal area networks,but also enhancing the security of HAE system in which the Bluetooth access is available.