As an open standard for the short-range radio frequency communications, Bluetooth is suitable for Mobile Crowdsensing Systems (MCS). However, the massive deployment of personal Bluetooth-enabled devices also raises privacy concerns on their wielders. Hence, we investigate the privacy of the unilateral authentication protocol according to the recent Bluetooth standard v5.2. The contributions of the paper are twofold. (1) We demonstrate that the unilateral authentication protocol suffers from privacy weakness. That is, the attacker is able to identify the target Bluetooth-enabled device once he observed the device’s previous transmitted messages during the protocol run. More importantly, we analyze the privacy threat of the Bluetooth MCS, when the attacker exploits the proposed privacy weakness under the typical Internet of Things (IoT) scenarios. (2) An improved unilateral authentication protocol is therefore devised to repair the weakness. Under our formal privacy model, the improved protocol provably solves the traceability problem of the original protocol in the Bluetooth standard. Additionally, the improved protocol can be easily adapted to the Bluetooth standards because it merely employs the basic cryptographic components available in the standard specifications. In addition, we also suggest and evaluate two countermeasures, which do not need to modify the original protocol.

中文翻译：

---

用于移动人群感知的单边蓝牙认证协议的隐私增强

作为短距离射频通信的开放标准，蓝牙适用于移动人群感应系统（MCS）。然而，个人蓝牙设备的大规模部署也引起了其使用者的隐私问题。因此，我们根据最近的蓝牙标准 v5.2 调查单边认证协议的隐私。这篇论文的贡献是双重的。(1) 我们证明单边认证协议存在隐私弱点。也就是说，攻击者一旦在协议运行期间观察到设备先前传输的消息，就能够识别目标启用蓝牙的设备。更重要的是，当攻击者在典型的物联网 (IoT) 场景下利用所提出的隐私弱点时，我们分析了蓝牙 MCS 的隐私威胁。(2) 因此设计了改进的单边认证协议来修复弱点。在我们正式的隐私模型下，改进后的协议可证明解决了蓝牙标准中原始协议的可追溯性问题。此外，改进后的协议可以轻松适应蓝牙标准，因为它仅采用标准规范中可用的基本加密组件。此外，我们还提出并评估了两种不需要修改原始协议的对策。改进后的协议可以轻松适应蓝牙标准，因为它仅采用标准规范中可用的基本加密组件。此外，我们还提出并评估了两种不需要修改原始协议的对策。改进后的协议可以轻松适应蓝牙标准，因为它仅采用标准规范中可用的基本加密组件。此外，我们还提出并评估了两种不需要修改原始协议的对策。