Page 494 - From GMS to LTE
P. 494
480 From GSM to LTE-Advanced Pro and 5G
The Passkey protocol: Here, a passkey (PIN) is used for authentication and, hence,
this pairing option looks identical to the classic Bluetooth pairing method. Unlike in the
classic pairing method, the PIN is not used as shown before, but instead private/public
keys and random numbers are used during the pairing process. At the end of the pairing
process, an acknowledgment for each bit of the PIN is generated, which is referred to as
‘commitment’ in the standard. The input parameters for the commitment algorithm on
both sides are the public key, a different random number on each side and the current
bit of the PIN. In the first step, both devices exchange the commitment for one bit.
Subsequently, device A sends the random number used for the calculation so that device
B can verify the commitment with a reverse algorithm. If the commitment is success-
fully verified, device B then sends its own random number to device A so that it also can
verify the commitment. For the next bit, the procedure is performed in the reverse
direction. An attacker in the middle cannot forge the commitments, as a bit of the PIN
can only be reverse engineered from the commitment verification exchanges once the
second random number has been sent. As the commitments are alternating, an attacker
could only get one bit from each side before they would have to send a commitment.
They are unable to do so, however, as they are not in the possession of the PIN.
The Out‐of‐Band protocol: Finally, Bluetooth 2.1 specifies a method to partly or fully
perform authentication via a channel that is independent from the Bluetooth air inter-
face. In practice, this method has been defined for use with Near Field Communication
(NFC). During the authentication process, the devices have to be held very close to each
other, a situation which prevents MITM attacks, as the attacker could potentially inter-
cept the pairing process but would not be able to insert itself in the middle. The Bluetooth
standard supports active NFC chips that can transmit and receive and also passive NFC
chips that can transmit only when energy is induced via their antenna. This is necessary,
as some devices such as headsets might not have space for an additional antenna. In such
a case, the passive NFC chip could be put into the user manual of the device or on the
packaging. During the pairing process, the Bluetooth device with an active NFC chip is
held close to the passive NFC chip. The passive NFC chip then transmits all necessary
information to perform a secure pairing without user interaction.
The NFC method is also suitable for use when an action is to be performed when two
devices are held close to each other. A practical example is when the user would like to
print pictures stored on a mobile device. The user holds the device that contains the
pictures close to the printer. Both devices can then detect each other over the NFC
interface and a connection is automatically established.
7.5.3 Authentication
Once the initial pairing of the two devices has been performed successfully, the link key
can be used for mutual authentication during every connection request. Authentication
is performed using a challenge/response procedure, which is similar to procedures of
systems such as Global System for Mobile Communications (GSM), General Packet
Radio Service (GPRS) and Universal Mobile Telecommunications System (UMTS). For
the Bluetooth authentication procedure, three parameters are necessary:
a random number;
●
the Bluetooth address of the device initiating the authentication procedure;
●
the 128‐bit link key which has been created during the pairing procedure.
●
