Enhancing Security of Bluetooth Secure Connections via Deferrable Authentication
20
Microsoft Research335 тыс
Следующее
2 дня – 461:03:32Популярные
22.12.22 – 1 41952:53
25.01.22 – 10817:03Опубликовано 9 декабря 2024, 19:00
Speakers: Olga Sanina
Host: Kim Laine
The Bluetooth protocol for wireless connection between devices comes with several security measures toprotect confidentiality and integrity of data. At the heart of these security protocols lies the SecureSimple Pairing, wherewith the devices can negotiate a shared key before communicating sensitivedata. Despite the good intentions, the Bluetooth security protocol has repeatedly been shown tobe vulnerable, especially with regard to active attacks on the Secure Simple Pairing. In the talk, we present a mechanism to limit active attacks on the Secure Connections protocol (the more secure version of the Secure Simple Pairing protocol), without infringing on the current Bluetooth protocol stack specification. The idea is to run an authentication protocol, like a classical challenge-response step for certified keys, within the existing infrastructure, even at a later, more convenient point in time. Not only does this authentication step ensure freshness of future encryption keys, but an interesting feature is that it—a posteriori—also guarantees security of previously derived encryption keys. This approach prevents a large set of known attacks on the Bluetooth protocol.
Host: Kim Laine
The Bluetooth protocol for wireless connection between devices comes with several security measures toprotect confidentiality and integrity of data. At the heart of these security protocols lies the SecureSimple Pairing, wherewith the devices can negotiate a shared key before communicating sensitivedata. Despite the good intentions, the Bluetooth security protocol has repeatedly been shown tobe vulnerable, especially with regard to active attacks on the Secure Simple Pairing. In the talk, we present a mechanism to limit active attacks on the Secure Connections protocol (the more secure version of the Secure Simple Pairing protocol), without infringing on the current Bluetooth protocol stack specification. The idea is to run an authentication protocol, like a classical challenge-response step for certified keys, within the existing infrastructure, even at a later, more convenient point in time. Not only does this authentication step ensure freshness of future encryption keys, but an interesting feature is that it—a posteriori—also guarantees security of previously derived encryption keys. This approach prevents a large set of known attacks on the Bluetooth protocol.
Свежие видео
1 день – 1 4813:19
2 дня – 1 2280:57
7 дней – 1 6070:26
11 дней – 34 0030:20
12 дней – 3 1190:33Случайные видео
91 день – 1 3420:42
112 дней – 15 4621:26
222 дня – 25 5570:29
230 дней – 11 93410:08
08.05.21 – 4 796 55127:48
01.06.09 – 28 2531:01:49
5 дней – 031:44
5 дней – 2 9610:17
5 дней – 3 4530:22
8 дней – 5503:17
9 дней – 9350:30
9 дней – 2 9230:17
8 часов – 112 0902:53
18 часов – 8 3290:36