当前位置:
X-MOL 学术
›
ACM Trans. Priv. Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy
ACM Transactions on Privacy and Security ( IF 3.0 ) Pub Date : 2020-07-04 , DOI: 10.1145/3394497 Daniele Antonioli 1 , Nils Ole Tippenhauer 2 , Kasper Rasmussen 3
ACM Transactions on Privacy and Security ( IF 3.0 ) Pub Date : 2020-07-04 , DOI: 10.1145/3394497 Daniele Antonioli 1 , Nils Ole Tippenhauer 2 , Kasper Rasmussen 3
Affiliation
Bluetooth (BR/EDR) and Bluetooth Low Energy (BLE) are pervasive wireless technologies specified in the Bluetooth standard. The standard includes key negotiation protocols used to generate long-term keys (during pairing) and session keys (during secure connection establishment). In this work, we demonstrate that the key negotiation protocols of Bluetooth and BLE are vulnerable to standard-compliant entropy downgrade attacks. In particular, we show how an attacker can downgrade the entropy of any Bluetooth session key to 1 byte, and of any BLE long-term key and session key to 7 bytes. Such low entropy values enable the attacker to brute-force Bluetooth long-term keys and BLE long-term and session keys, and to break all the security guarantees promised by Bluetooth and BLE. As a result of our attacks, an attacker can decrypt all the ciphertext and inject valid ciphertext in any Bluetooth and BLE network. Our key negotiation downgrade attacks are conducted remotely, do not require access to the victims’ devices, and are stealthy to the victims. As the attacks are standard-compliant, they are effective regardless of the usage of the strongest Bluetooth and BLE security modes (including Secure Connections), the Bluetooth version, and the implementation details of the devices used by the victims. We successfully attack 38 Bluetooth devices (32 unique Bluetooth chips) and 19 BLE devices from different vendors, using all the major versions of the Bluetooth standard. Finally, we present effective legacy compliant and non-legacy compliant countermeasures to mitigate our key negotiation downgrade attacks.
中文翻译:
蓝牙和低功耗蓝牙的关键协商降级攻击
蓝牙 (BR/EDR) 和蓝牙低功耗 (BLE) 是蓝牙标准中指定的普遍无线技术。该标准包括用于生成长期密钥(在配对期间)和会话密钥(在安全连接建立期间)的密钥协商协议。在这项工作中,我们证明了蓝牙和 BLE 的关键协商协议容易受到符合标准的熵降级攻击。特别是,我们展示了攻击者如何将任何蓝牙会话密钥的熵降级为 1 个字节,并将任何 BLE 长期密钥和会话密钥的熵降级为 7 个字节。如此低的熵值使攻击者能够暴力破解蓝牙长期密钥和 BLE 长期密钥和会话密钥,并破坏蓝牙和 BLE 承诺的所有安全保证。由于我们的攻击,攻击者可以解密所有密文并在任何蓝牙和 BLE 网络中注入有效密文。我们的关键协商降级攻击是远程进行的,不需要访问受害者的设备,并且对受害者来说是隐秘的。由于攻击符合标准,因此无论使用最强的蓝牙和 BLE 安全模式(包括安全连接)、蓝牙版本以及受害者使用的设备的实现细节如何,它们都是有效的。我们使用蓝牙标准的所有主要版本成功地攻击了来自不同供应商的 38 个蓝牙设备(32 个独特的蓝牙芯片)和 19 个 BLE 设备。最后,我们提出了有效的旧版兼容和非旧版兼容对策,以减轻我们的关键协商降级攻击。
更新日期:2020-07-04
中文翻译:
蓝牙和低功耗蓝牙的关键协商降级攻击
蓝牙 (BR/EDR) 和蓝牙低功耗 (BLE) 是蓝牙标准中指定的普遍无线技术。该标准包括用于生成长期密钥(在配对期间)和会话密钥(在安全连接建立期间)的密钥协商协议。在这项工作中,我们证明了蓝牙和 BLE 的关键协商协议容易受到符合标准的熵降级攻击。特别是,我们展示了攻击者如何将任何蓝牙会话密钥的熵降级为 1 个字节,并将任何 BLE 长期密钥和会话密钥的熵降级为 7 个字节。如此低的熵值使攻击者能够暴力破解蓝牙长期密钥和 BLE 长期密钥和会话密钥,并破坏蓝牙和 BLE 承诺的所有安全保证。由于我们的攻击,攻击者可以解密所有密文并在任何蓝牙和 BLE 网络中注入有效密文。我们的关键协商降级攻击是远程进行的,不需要访问受害者的设备,并且对受害者来说是隐秘的。由于攻击符合标准,因此无论使用最强的蓝牙和 BLE 安全模式(包括安全连接)、蓝牙版本以及受害者使用的设备的实现细节如何,它们都是有效的。我们使用蓝牙标准的所有主要版本成功地攻击了来自不同供应商的 38 个蓝牙设备(32 个独特的蓝牙芯片)和 19 个 BLE 设备。最后,我们提出了有效的旧版兼容和非旧版兼容对策,以减轻我们的关键协商降级攻击。
京公网安备 11010802027423号