Hardware implementation of bluetooth security

P. Kitsos, N. Sklavos, K. Papadomanolakis, O. Koufopavlou
2003 IEEE pervasive computing  
S ecurity in pervasive computing is a complex issue that has been the subject of negative publicity in recent years due to poor implementations (such as the Wired Equivalent Privacy protocol used by IEEE 802.11). Many low-level protocols are not secure, and the use of more secure high-level protocols is limited by the processing capabilities of mobile devices. Bluetooth could enhance and extend pervasive applications because it is well suited to the power requirements of mobile applications
more » ... the "Bluetooth" sidebar). Furthermore, it offers methods for generating keys, authenticating users, and encrypting data. Most single-chip Bluetooth baseband implementations, which include a low-performance general-purpose processor, implement only the data encryption in hardware. However, in time-critical applications requiring a fast connection and in devices with processing constraints, implementing key generation and authentication in the hardware (rather than software) is also preferable. To improve performance in these applications, we use an efficient implementation of the Safer+ (Secure And Fast Encryption Routine) algorithm, which reduces the resource requirements. PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT PHT Figure 6. A Safer+ single round (PHT stands for the Pseudo-Hadamard Transformation). MUX Key generation (E 22 ) Key generation (E 22 ) Key generation (E 21 ) Key generation (E 21 ) Figure 7. The link-key-generation function unit: unit (K unit ), combination (K AB ), initialization (K init ), and master key production (K Master ). Offset K 128 A r /A r Expansion ACO M U X Clock Reset Encryption_mode Sel Ciphering offset 128 96 48 DE-MUX Output register 128 128 96 32 Signed response K c 96 128 Ciphering offset production Ciphering offset 96 96 Key_type 128 Random number Bluetooth device address Bluetooth device address MUX MUX ADD +16 XOR +16 Figure 8. The E 1 /E 3 (authentication and encryption-key generation) function unit.
doi:10.1109/mprv.2003.1186722 fatcat:n7bzzfazvfdrfdfjivx2h7dcwe