近十年來,藍牙無線通訊技術發展迅速且持續進化,隨著科技成長快速與成本降 低,使藍牙已廣泛普及於一般生活之中,藍牙具有效率高、基本安全、低成本、省電、
操作簡單等優點,可傳送語音與數據資料,應用的領域除了行動電話與免持聽筒外,逐 漸延伸到電玩、醫療、汽車、影音領域,未來更可能使用在金融付款領域。
現有藍牙 V2.0 之前的安全協定中,許多資訊是以明文傳遞,使惡意的第三者得以 取得驗證值,由此可進行離線字典攻擊,找出正確的 PIN 值以假冒藍牙裝置通過鑑別,
也可推導出通訊的加密金鑰,進而監聽傳送的資料。本研究改善的部份為:(1)在記憶 體資源有限環境下,維持原有的藍牙安全性並提升其配對的效率;(2)在裝置記憶體足 夠的情況,避免惡意的第三者取得驗證值來進行離線字典攻擊,以提升藍牙協定的安全 性,保障資訊傳輸上的安全。
此外,Bluetooth SIG 在 2007 提出 V2.1 新安全協定-Secure Simple Pairing 雖然能夠 解決上述問題,但藉由使用者目視比對數字碼以達成身分鑑別並避免中間人攻擊。然 而,因為使用者的操作失誤可能產生安全的問題。因此我們也提出輕便改善機制,沿用 使用者熟悉的鑑別方式-在雙方設備輸入相同的 PIN 以取代目視比對,避免了上述的問 題,並有效地提升運作效率,讓藍牙技術可以安心地被應用於安全需求較高之應用上。
參考文獻
1. Lemos, R.,“安全缺口仍是藍牙的痛”,CNET 新聞專區,2004。存取日期 2007 年 10 月 2 日,取自:http://taiwan.cnet.com/news/comms/0,2000062978,20089087,00.htm 2. 余瑞琁,“全球 Bluetooth 晶片市場規模”,工研院 IEK-ITIS 計畫,民 94 年。 年。存取日期 97 年 5 月 20 日,取自:http://www.chinaecnet.com/big5/xsj/xsj022421.asp 8. 粘添壽,“電腦網路與連結技術”,全華圖書,民 95 年。
11. “Bluetooth Core Specification v2.0 + EDR”,Bluetooth SIG, 2002, Retrieved Apr. 2007, from
14. “IEEE 802.15,” The Wireless Personal Area Network Working Group, from http://www.ieee802.org/15/
15. “ROLLPAY System Security Overview rev1,”ROLLCOMM, 2008, Retrieved Mar. 1,
2008, from
http://www.rollcomm.com/downloads/ROLLPAY_System_Security_Overview_rev1.pdf 16. Bandyopadhyay, S., Majumdar, A., Ghosh, O., Chatterjee S., and Chattopadhyay, S., “A
Proposal for Improvement in Service-Level Security Architecture of Bluetooth,” Department of Computer Science and Engineering, University of Calcutta, 2003.
17. Bluetooth SIG., “Bluetooth Protocol Architecture,” Bluetooth SIG Whitepaper, 1999,
Retrieved Feb. 5, 2007, from
http://www.bluetooth.com/NR/rdonlyres/7F6DEA50-05CC-4A8D-B87B-F5AA02AD78 EF/0/Protocol_Architecture.pdf
18. Bluetooth SIG., “Bluetooth Security White Paper,” Bluetooth SIG Whitepaper, 2004,
Retrieved Feb. 5, 2007, from
http://www.bluetooth.com/Bluetooth/Technology/Building/Research/
19. Bluetooth SIG, “Bluetooth specifications 2.1+EDR,” Bluetooth SIG Technical
Specifications, 2007, Retrieved Sep. 5, 2007, from
http://www.bluetooth.com/Bluetooth/Technology/Building/Specifications/Default.htm.
20. Bluetooth SIG,“SimplePairing WhitepaperVersion V10r00,” Bluetooth SIG Whitepaper, 2006, Retrieved Feb. 5, 2007, from http://bluetooth.com/nr/rdonlyres/0a0b3f36-d15f-4470-85a6-f2ccfa26f70f/0/simplepairin g_wp_v10r00.pdf.
21. Buennemeyer, T. K., Nelson, T. M., Gora, M. A., Marchany, R. C., and Tront, J.G.,
“Battery Polling and Trace Determination for Bluetooth Attack Detection in Mobile Devices,”The 2007 IEEE Workshop on Information Assurance, 2007.
22. Candolin, C., “Security Issues for Wearable Computing and BluetoothTechnology,” Retrieved Feb 5, 2007, from http://www.cs.hut.fi/Opinnot/Tik-86.174/btwearable.pdf
23. Chen,J.J.,and Adams,C.,“Short-range Wireless Technologies with Mobile Payments Systems,”ICEC '04 International Conference on Electronic Commerce, ACM, 2004.
24. Foley, M., “We’re exponential,” Signature, Retrieved Mar. 1, 2008, from 2007, from http://www.trifinite.org/Downloads/BlueSnarf_CeBIT2004.pdf
28. Herfurt, M., “Bluetooone” , Trifinite_Stuff, Retrieved Feb. 5, 2007, from http://trifinite.org/trifinite_stuff_bluetooone.html
29. Hypponen, K., and Haataja, K.,“Man-in-The-Middle Attack on Bluetooth secure simple pairing,” The 3rd IEEE/IFIP International Conference in Central Asia on Internet, Tashkent Uzbekistan, IEEE, 2007.
30. Jakobsson, M., and Wetzel, S., “Security Weaknesses in Bluetooth,” Topics in Cryptology , Vol. 2020, 2001, pp. 176-191.
31. Janssens,S.,“Preliminary study: BLUETOOTH SECURIT,”Jan.2005.
32. Kitsos, P., Sklavos, N., Papadomanolakis, K., and Koufopavlou, O., “Hardware Implementation ofBluetooth Security,”The IEEE CS and IEEE Communications Society, IEEE, 2003.
33. Kotadia,M.,“NokiaadmitsmultipleBluetooth security holes,”ZDNET,2004,Retrieved
Sep. 5, 2007, from
http://news.zdnet.co.uk/communications/0,1000000085,39145886,00.htm.
34. Kui, M., and Xiuying, C., “Research of Bluetooth Security Manager,” The IEEE International Conference, Neural Networks & Signal Processing, IEEE, 2003.
35. Kwan,M.,“Pay TollBoothswith Bluetooth Phones,”Mobile Magazine, 2007, Retrieved Sep. 5, 2007, from http://www.mobilemag.com/content/100/354/C13271/.
36. Labiod H., Afifi, H., and Santis, C. D., “Wi-Fi, Bluetooth, Zigbee and Wimax,” Netherlands, Springer, 2007.
37. Laurie,A.,and Laurie,B.,“Bluetooth,”The Bunker, 2004, Retrieved Feb. 5, 2007, from conference on Mobile systems, applications, and services, ACM, 2005.
40. Singelee, D., and Preneel, B., “Improved pairing protocol for Bluetooth,” AD-HOC,
Mobile, and Wireless Networks, Vol.4104, 2006, pp. 252-265.
41. Smeets, B., Gehrmann, C., and Persson, J., “Bluetooth Security,” Congress, United States of America, 2004.
42. Suri,P.,and Rani,S.,“Security Manager- Key to Restrictthe Attacksin Bluetooth,” Journal of Computer Science, 2007.
43. Taibi, F., and Othman, M., “A Proposed Bluetooth Service-level Security,” The International Conference on Information Technology and Multimedia at UNITEN, 2001.
44. Tan,L.,“SymantecwarnsusersoverBluetooth security,”CNET News, 2007, Retrieved Sep. 21, 2007, from
http://www.news.com/Symantec-warns-users-over-Bluetooth-security/2100-1029_3-620 9361.html.
45. Uzun, E., Karvonen, K., and Asokan, N.,“002:Usability AnalysisofSecurePairing Methods,”Nokia Research Center Technical Reports, 2007, Retrieved May 28, 2007, from http://research.nokia.com/tr/NRC-TR-2007-002.pdf.
46. Vaudenay, S., “On Bluetooth Repairing: Key Agreement based on Symmetric-Key Cryptography,” The First SKLOIS Conference on Information Security and Cryptology, 2005.
47. Wong, F. L., Stajano, F., and Clulow, J., “Repairing theBluetooth pairing protocol,” University of Cambridge Computer Laboratory, 2005.
48. Wong, F. L.,and Stajano,F.,“Location Privacy in Bluetooth,”Security and Privacy in Ad-hoc and Sensor Networks, 2005.
49. Zhang,Z.,and Liu,P.,“Application ofBluetooth Technology in Ambulatory Wireless MedicalMonitoring,”The 4th International Conference on Microwave and Millimeter Wave Technology Proceedings, IEEE, 2004.