The Specification of the Bluetooth System (hereafter referred to as the Bluetooth specification) defines a short range wireless communication system. The system uses frequency hopping spread spectrum technology in the unlicensed Industrial, Scientific, and Medical (ISM) 2.4 GHz short-range radio frequency band. Bluetooth is primarily designed for low power short range communications, typically using low-cost transceiver microchips embedded in devices. Devices may be assigned a class based upon the maximum permitted power, which defines an effective transmission range. Class 1 devices have a range of approximately 1 m, class 2 devices have a range of approximately 10 m, and class 3 devices have a range of approximately 100 m. As Bluetooth is a radio frequency based system, communications between devices need not be line of sight. Version 1.2 of the specification provides for data rates of 1 MBit/s and version 2.0+EDR provides for a data rate of 3 MBit/s. Version 2.1 of the specification was adopted on Jul. 26, 2007 and includes Simple Secure Pairing to increase security during pairing. Version 3.0+HS was adopted on Apr. 21, 2009 and includes high speed data transfers of up to 24 Mbit/s through use of a Bluetooth negotiated IEEE 802.11 link. Version 4.0 was adopted on Jun. 3, 2010, and includes support for Bluetooth low energy (BLE, previously known as Wibree). Devices which implement the Bluetooth specification will be referred to as Bluetooth enabled devices.
Bluetooth devices are assigned a unique Bluetooth Device Address (BD_ADDR) which is a 48 bit address assigned from the IEEE Registration Authority. The address is comprised of three fields—the lower address part consisting of 24 bits (LAP), the upper address part consisting of 8 bits (UAP), and the non-significant address part consisting of 16 bits (NAP). The LAP is company assigned, and the UAP and NAP form a company ID. There are 64 contiguous LAP values reserved for inquiry operations.
All Bluetooth transmissions over the physical channel begin with an access code based upon the LAP of a device address or an inquiry address. The device access code (DAC) is used during paging. Only the Bluetooth device address is required to set up a connection. To establish new connections a paging procedure is used in which a device makes a page scan using the Bluetooth device address of the target. The Bluetooth device address may be obtained from user interactions, or via an Inquiry procedure, in which a device asks for the Bluetooth device addresses of all nearby devices (additional information is also provided). Individual devices can choose whether or not to respond to Inquiry requests.
To enable the establishment of a secure connection between two Bluetooth devices, the Bluetooth specification defines Security Mode 3 which is a link level security mode. A bond is created between the devices by creating, exchanging and storing a common link key (K) which is associated with the Bluetooth Device Address of the other device and such devices are said to be bonded or paired. The common link key is used in authentication procedures during the establishment of a secure connection between the two devices, and is also used to generate an encryption key for encrypting data sent over the connection.
The Bluetooth specification defines a pairing procedure (LMP-Pairing, also known as simple pairing) which may be performed for the purpose of generating and storing the link key for later use (this is known as bonding), or as part of the procedure for establishing a secure connection between two devices. The pairing procedure involves creating an initialisation key Kinit in both devices, using this to create a combined link key KAB, and then mutually authenticating the generated combined link key before allowing establishment of a secure connection.
Generation of initialisation is performed by the first device (A) sending a 128 bit random number (IN_RAND) to the second device (B). Each device then creates an initialisation key Kinit using the Bluetooth Device Address of the first device (BD_ADDRA), the random number generated by the first device (IN_RAND) and a (typically 4 digit) PIN code known to both devices. After the generation of the initialisation key, a combined link key (KAB) is generated. Both devices choose a 128 bit random number (LK_RANDA, LK_RANDB) which is bitwise xor'ed with the initialisation key Kinit and then sent to the other device. Each device then extracts the other device's random number and a common link key is created based on (LK_RANDA, LK_RANDB, BD_ADDRA, BD_ADDRB). Finally, a mutual authentication step is performed.
In a mutual authentication step, a first device chooses a 128 bit random number (AU_RANDA) as a challenge and sends it to the second device. The second device creates a 32 bit word SRES′A using (AU_RANDA, BD_ADDRB, KAB) which is sent back to A. A makes its own calculation of SRESA using the same input, and compares the two numbers. If SRESA and SRES′A agree, the process is repeated but with the roles of A and B switched (i.e. B initiates and A responds). This mutual authentication procedure is also used by two paired devices when they are establishing any future secure connections (in which case a link key already exists and does not have to be regenerated).
A problem with the pairing procedure is that if a third party eavesdrops on the whole pairing procedure, they can perform brute force calculations through the space of all available PINs and obtain the link key. For example a four digit pin can be cracked in 63 milliseconds using a 3 GHz Pentium IV processor. Version 2.1 of the Specification defines Secure Simple Pairing to provide passive eavesdropping protection through the use of public key cryptography system. Devices exchange public keys, and use one of 4 protocols to exchange information which is used to generate a shared key. A link key is then calculated from the derived shared key and publicly exchanged data. This makes the task of obtaining the link key a considerably more difficult problem than previously, but in most cases it is still susceptible to a “Man in the Middle” attack.
Whether pairing is performed according to the more secure Version 2.1 specification, or earlier less secure versions, a problem exists that either device can control when a new link key is generated. In some situations in which devices are issued to users, it may be desirable that pairing of devices is performed in a controlled or supervised situation, and that further unauthorised (re)pairing is prevented. The present applicant has addressed the issue of establishing a secure Bluetooth connection in Singaporean Patent Number 2008057382, the entire content of which is hereby incorporated by reference.
Whilst this approach provides secure bonding between the two devices, and prevents tampering of the link, this does not provide secure access control to the devices, or even guarantee that the devices are issued to appropriate personnel, for example if the user and issuer collude, or if a user inappropriately obtains the secret key allowing him to self-issue a pair of devices. Other more general wireless communication arrangements and protocols may also suffer from this disadvantage. There is thus a need to provide secure access control systems between two apparatus.