1. Publications
  2. BLUFFS: Bluetooth forward and future secrecy attacks and defenses
print

BLUFFS: Bluetooth forward and future secrecy attacks and defenses

Antonioli, Daniele
CCS 2023, ACM SIGSAC Conference on Computer and Communications Security, 26-30 November 2023, Copenhagen, Danemark

Bluetooth is a pervasive technology for wireless communication. Billions of devices use it in sensitive applications and to exchange private data. The security of Bluetooth depends on the Bluetooth standard and its two security mechanisms: pairing and session establishment. No prior work, including the standard itself, analyzed the future and forward secrecy guarantees of these mechanisms, e.g., if Bluetooth pairing and session establishment defend past and future sessions when the adversary compromises the current. To address this gap, we present six novel attacks, defined as the BLUFFS attacks, breaking Bluetooth sessions' forward and future secrecy. Our attacks enable device impersonation and machine-in-the-middle across sessions by only compromising one session key. The attacks exploit two novel vulnerabilities that we uncover in the Bluetooth standard related to unilateral and repeatable session key derivation. As the attacks affect Bluetooth at the architectural level, they are effective regardless of the victim's hardware and software details (e.g., chip, stack, version, and security mode).

We also release BLUFFS, a low-cost toolkit to perform and automatically check the effectiveness of our attacks. The toolkit employs seven original patches to manipulate and monitor Bluetooth session key derivation by dynamically patching a closed-source Bluetooth firmware that we reverse-engineered. We show that our attacks have a critical and large-scale impact on the Bluetooth ecosystem, by evaluating them on seventeen diverse Bluetooth chips (eighteen devices) from popular hardware and software vendors and supporting the most popular Bluetooth versions. Motivated by our empirical findings, we develop and successfully test an enhanced key derivation function for Bluetooth that stops by-design our six attacks and their four root causes. We show how to effectively integrate our fix into the Bluetooth standard and discuss alternative implementation-level mitigations. We responsibly disclosed our contributions to the Bluetooth SIG.


Detail
Document
DOI
BIBTEX
Type:
Conference
City:
Copenhagen
Date:
2023-11-26
Department:
Digital Security
Eurecom Ref:
7516
Copyright:
© ACM, 2023. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CCS 2023, ACM SIGSAC Conference on Computer and Communications Security, 26-30 November 2023, Copenhagen, Danemark https://doi.org/10.1145/3576915.3623066
See also:
ANTONIOLI Daniele
PERMALINK : https://www.eurecom.fr/publication/7516