Bluetooth is a recently proposed standard for local wireless communication of mobile or potentially mobile devices, such as cellular phones, wireless headsets, computers, printers, cars, and turn-stiles, allowing such devices in the proximity of each other to communicate with each other (see, e.g., http://www.bluetooth.com; “Specification of the Bluetooth System”, Core, Specification Volume 1, v.1.1, Feb. 22, 2001; and “Specification of the Bluetooth System”, Profiles, Specification Volume 2, v.1.1, Feb. 22, 2001. The standard promises a variety of improvements over current functionality, such as hands-free communication and effortless synchronization. It therefore allows for new types of designs, such as phones connected to wireless headsets; phones connected to the emergency system of cars; computers connected to printers without costly and unsightly cords; and phones connected to digital wallets, turn-stiles and merchant establishments.
On a small wireless LAN, known as a piconet, all Bluetooth-enabled devices within a set of such devices communicate with a master device within the set, which is selected as the master when the piconet is established. The master device controls the other slave devices within the set, determining which device transmits and which device receives at any given instant. The slave devices on each wireless LAN need to be within approximately 30 feet of the master device for communication to proceed. Since a Bluetooth-enabled device might be within the range of more than one piconet, protection is incorporated to enable a receiving device to discriminate between messages it should properly act on from another device within its own piconet, and messages it should ignore from a device on another piconet that is outside the set. In order to prevent such interference, the prior art Bluetooth standard requires that each message sent by a device include a network descriptor. All messages between the master device and any of the slave devices on the same piconet then contain that same descriptor so when any device on another piconet “hears” a message with a different network descriptor, it knows to ignore it. The network descriptor used on each piconet is a channel access code (CAC) that is determined as a function of a device identifier, a so-called 48-bit Bluetooth Address (BD_ADDR), that is associated with the master in the LAN, each Bluetooth device having a unique BD_ADDR stored in its memory. Thus, when a device is designated as a master upon formation of a piconet, a CAC is computed as a deterministic function of its BD_ADDR, which CAC is then used as the network descriptor for all messages sent over the piconet between the master and any slave devices within the defines set. The slaves, upon learning the BD_ADDR of the master, are able to compute that same CAC using the known deterministic function, thereby knowing which messages to listen for and what network descriptor to use in communicating messages back to the slave.
The problem with this arrangement is that the privacy of an individual using a Bluetooth device can be attacked. For example, if a user having a master Bluetooth-enabled cellular phone, a slave Bluetooth-enabled wireless headphone, and a slave Bluetooth-enabled CD player were to enter an area in which an intentional eavesdropper equipped with a receiver was located, that individual could learn the network descriptor associated with that user's cellular phone by detecting and “examining” the network descriptor used in the messages to and from that master. That eavesdropper could thereafter track the physical location of that user by “listening” in various locations for messages containing that same network descriptor. Thus, for example, if the network descriptor associated with a political figure's cell phone is determined, a visit by that person to what might be a politically embarrassing location could be tracked by eavesdropping receivers at that location. Further, if the network descriptors associated with the Bluetooth devices of multiple individuals were determined, subsequent meetings of those individuals could be tracked by the coincidence of location and time of multiple messages containing network descriptors associated with these individuals. In addition to these privacy issues, various security issues are present once a user's network descriptor is compromised. Specifically, once the network descriptor is determined, the intentional eavesdropper could inject messages into the piconet in a manner that receiving devices within the piconet would assume to be originating from within the piconet from a valid device. This is referred to as an authentication problem since the authenticity of the messages cannot be guaranteed.
A solution to these security problems is the subject of the invention in our afore-noted co-pending patent application. That invention substantially impedes an eavesdropper from tracking the user of a Bluetooth-enabled device who detects and then listens for a network descriptor in the messages being sent to and from the device.
A user of such a Bluetooth-enabled device may still, however, be subject to attack by a computer-powerful eavesdropper who is able to track the user by detecting the channel hopping sequence used by the device. In accordance with the Bluetooth standards, message packets that are sent between two devices are not transmitted within a same single frequency band. Rather, within a message timeslot the message is transmitted in one-of-N bands, where N, in the United States, is equal to 79. At the beginning of a next message timeslot the carrier frequency “hops” to a different frequency. The sequence of frequencies used, known as a channel hopping sequence, is a pseudo-random pattern that is computed as a known function of a universal time parameter and the BD_ADDR of the master device operating on the piconet. This enables the master and slave devices that are communicating with each to know on which frequency band to transmit and receive at any given time. Since, as previously noted, BD_ADDR is a 48-bit word, there are 248 different BD_ADDRs, which each produce an associated hopping sequence. Since the function that is used to compute the hopping sequence needs to be known, a strong attacker, i.e., one with significant computational power, could determine the hopping sequence associated with each possible BD_ADDR. Thus, for each BD_ADDR, such a computer-strong eavesdropper would be able to determine in which frequency bands in successive timeslots signal energy would be expected to be present if the device is communicating. The eavesdropper could then listen for the presence of signal energy in plural message timeslots in one or more frequency bands. By comparing the resulting frequency band/message timeslot pattern to the set of hopping patterns associated with each possible BD_ADDR, different BD_ADDRs could be successively excluded as possibilities until only a single BD_ADDR remains that could have generated the detected pattern. Once the computer-strong eavesdropper has so identified the BD_ADDR of the user's Bluetooth-enabled device, that user can thereafter be tracked by listening for that hopping pattern in one or more frequency bands over plural timeslots as that device is used and moved by the user from location to location. Specifically, the eavesdropper only needs to determine whether the hopping sequence being used by a Bluetooth-enabled device that is proximate to and being received by one of his own eavesdropping receivers is the hopping sequence associated with the BD_ADDR of the device being tracked. If the hopping sequence is recognized, then the eavesdropper knows that the device and its user are within the locus of that receiver. Further, once the eavesdropper determines the master's BD_ADDR, the eavesdropper could inject messages into the piconet on which the master is transmitting in the manner described above.
A more secure method of communication that eliminates the above-described problems is thus needed.