This invention relates to wireless communication on a small local area network (LAN), and more particularly, to local wireless communication between devices operating in accordance with the Bluetooth(trademark) standard.
Bluetooth is a recently proposed standard for local wireless communication of mobile or potentially mobile devices, such as cellular phones, wireless headsets, computers, printers, cars, and turn-stiles, allowing such devices in the proximity of each other to communicate with each other (see, e.g., http://www.bluetooth.com; xe2x80x9cSpecification of the Bluetooth Systemxe2x80x9d, Core, Specification Volume 1, v.1.1, Feb. 22, 2001; and xe2x80x9cSpecification of the Bluetooth Systemxe2x80x9d, Profiles, Specification Volume 2, v.1.1, Feb. 22, 2001. The standard promises a variety of improvements over current functionality, such as hands-free communication and effortless synchronization. It therefore allows for new types of designs, such as phones connected to wireless headsets; phones connected to the emergency system of cars; computers connected to printers without costly and unsightly cords; and phones connected to digital wallets, turn-stiles and merchant establishments.
On a small wireless LAN, known as a piconet, all Bluetooth-enabled devices within a set of such devices communicate with a master device within the set, which is selected as the master when the piconet is established. The master device controls the other slave devices within the set, determining which device transmits and which device receives at any given instant. The slave devices on each wireless LAN need to be within approximately 30 feet of the master device for communication to proceed. Since a Bluetooth-enabled device might be within the range of more than one piconet, protection is incorporated to enable a receiving device to discriminate between messages it should properly act on from another device within its own piconet, and messages it should ignore from a device on another piconet that is outside the set. In order to prevent such interference, the prior art Bluetooth standard requires that each message sent by a device include a network descriptor. All messages between the master device and any of the slave devices on the same piconet then contain that same descriptor so when any device on another piconet xe2x80x9chearsxe2x80x9d a message with a different network descriptor, it knows to ignore it. The network descriptor used on each piconet is a channel access code (CAC) that is determined as a function of a device identifier, a so-called 48-bit Bluetooth Address (BD_ADDR), that is associated with the master in the LAN, each Bluetooth device having a unique BD_ADDR stored in its memory. Thus, when a device is designated as a master upon formation of a piconet, a CAC is computed as a deterministic function of its BD_ADDR, which CAC is then used as the network descriptor for all messages sent over the piconet between the master and any slave devices within the defines set. The slaves, upon learning the BD_ADDR of the master, are able to compute that same CAC using the known deterministic function, thereby knowing which messages to listen for and what network descriptor to use in communicating messages back to the slave.
The problem with this arrangement is that the privacy of an individual using a Bluetooth device can be attacked. For example, if a user having a master Bluetooth-enabled cellular phone, a slave Bluetooth-enabled wireless headphone, and a slave Bluetooth-enabled CD player were to enter an area in which an intentional eavesdropper equipped with a receiver was located, that individual could learn the network descriptor associated with that user""s cellular phone by detecting and xe2x80x9cexaminingxe2x80x9d the network descriptor used in the messages to and from that master. That eavesdropper could thereafter track the physical location of that user by xe2x80x9clisteningxe2x80x9d in various locations for messages containing that same network descriptor. Thus, for example, if the network descriptor associated with a political figure""s cell phone was determined, then eavesdropping receivers could track visits by that figure to what might be politically embarrassing locations. Further, if the network descriptors associated with the Bluetooth devices of multiple individuals were determined, subsequent meetings of those individuals could be tracked by the coincidence of location and time of multiple messages containing network descriptors associated with these individuals. In addition to these privacy issues, various security issues are present once a user""s network descriptor is compromised. Specifically, once the network descriptor is determined, the intentional eavesdropper could inject messages into the piconet in a manner that receiving devices within the piconet would assume to be originating from within the piconet from a valid device. This is referred to as an authentication problem since the authenticity of the messages cannot be guaranteed.
A more secure method of communication that eliminates the above-described problems is thus needed.
In accordance with the present invention, rather than associating a fixed network descriptor with each device within a defined set, the network descriptor associated with a device within the set is modified over time to prevent an eavesdropper using a device outside the defined set from associating the network descriptor with a particular user.
In a first embodiment of the invention, the network descriptor is changed from session to session, where a session is defined to be the duration of one event such as one phone conversation, listening to one CD, or printing one job on a printer. In this embodiment, when a session starts and communication between a master and slave begins, the master selects a random number, a so-called seed, which is sent along with the master""s BD_ADDR to the slave. Both the master and the slave then compute a network descriptor, the CAC, as a function of both that random number and the master""s BD_ADDR. When a new session begins, the master selects a new random number, a new seed, which is sent to the slave, and which is then used by both the master and the slave to compute a new CAC, which is then used as the network descriptor for this new session. An eavesdropper, thus, will be unable to determine that the network descriptors, the CACs, which are used for both of the sessions, are generated by the same BD_ADDR, and will be unable to track the user by listening for messages containing a particular network descriptor.
A second embodiment of the present invention provides a finer-grained solution to the security problem. In this embodiment, rather than recalculating the CAC on a session-driven basis alone, when a session begins, the master transmits to the slave a time parameter together with its BD_ADDR and its chosen random number, the random number and the time parameter together forming the seed, where the time parameter is a value associated with the master""s internal clock. The master and the slave thus both compute the CAC for the session as a function of the master""s BD_ADDR, the random number, and the time parameter. Rather than maintaining that same CAC throughout the duration of the session as in the first embodiment, the CAC is periodically recomputed throughout the session by both the master and slave using the then current time parameter. Thus, if a session has a long duration, the network descriptor does not remain static and open to attack.
As a modification to both the first and second embodiments, the CAC computed at the beginning of a session is computed as a function of a combination of the master""s BD_ADDR and the new random number and at least one previous random number, in addition to, depending upon the embodiment, the time parameter. Thus, in the first embodiment, when an attacker is present at the beginning of a session and learns of both the master""s BD_ADDR and the currently selected random number, he will be unable to determine the network descriptor without also having been present at the beginning of the previous sessions.