Enhancement of bluetooth securityauthentication using hash-based messageauthentication code (HMAC) algorithm
2014
Recently, Bluetooth technology is widely used by
organizations and individuals to provide wireless personal area
network (WPAN). This is because the radio frequency (RF)
waves can easily penetrate obstacles and can propagate without
direct line-of-sight (LoS). These two characteristics have led to
replace wired communication by wireless systems. However,
there are serious security challenges associated with wireless
communication systems because they are easier to eavesdrop,
disrupt and jam than the wired systems. Bluetooth technology
started with a form of pairing called legacy pairing prior to any
communication. However, due to the serious security issues found
in the legacy pairing, a secure and simple pairing called SPP was
announced with Bluetooth 2.1 and later since 2007. SPP has
solved the main security issue which is the weaknesses of the PIN
code in the legacy pairing, however it has been found with some
vulnerabilities such as eavesdropping and man-in-the-middle
(MITM) attacks. Since the discovery of these vulnerabilities,
some enhancements have been proposed to the Bluetooth
Specification Interest Group (SIG) which is the regulatory body
of Bluetooth technology; nevertheless, some proposed
enhancements are ineffective or are not yet implemented by
Manufacturers. Therefore, an improvement of the security
authentication in Bluetooth connection is highly required to
overcome the existing drawbacks. This proposed protocol uses
Hash-based Message Authentication Code (HMAC) algorithm
with Secure Hash Algorithm (SHA-256). The implementation of
this proposal is based on the Arduino Integrated Development
Environment (IDE) as software and a Bluetooth (BT) Shield
connected to an Arduino Uno R3 boards as hardware. The result
was verified on a Graphical User Interface (GUI) built in
Microsoft Visual Studio 2010 with C sharp as default
environment. It has shown that the proposed scheme works
perfectly with the used hardware and software. In addition, the
protocol thwarts the passive and active eavesdropping attacks
which exist during SSP. These attacks are defeated by avoiding
the exchange of passwords and public keys in plain text between
the Master and the Slave. Therefore, this protocol is expected to
be implemented by the SIG to enhance the security in Bluetooth
connection.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
0
References
0
Citations
NaN
KQI