Two-party secure connection in Bluetooth-enabled devices.

Secure Simple Pairing, a Bluetooth-pairing protocol, suffers from passive off-line and active online-guessing attack. These assaults are a direct result of the shortcomings in Bluetooth specification. Bluetooth technology uses the principles of device inquiry and inquiry scan. Scanning devices listen in on known frequencies for devices that are actively inquiring. If two Bluetooth devices know absolutely nothing about each other, one must run an inquiry to try to discover the other. One device sends out the inquiry request, and any device listening for such a request will respond with its address, and possibly its name, Input/Output capability and other information. Before connection, each device knows the address, their name, their capability, Quality-of-Service, etc. During pairing, Man-In-The-Middle attacker may capture all the information of connecting devices and impersonate them. This paper introduces the security augmentation in Bluetooth pairing by postponing exchange of Input-Output capability and other information like Quality-of-Service until it is essentially required and by casing the link key with a pair of Elliptic Curve Diffie-Hellman keys. Consequently, this leads to increased pairing time. Yet, we overlooked the increased pairing time, as the proposed Bluetooth-pairing protocol improves security by strengthening the link key. [ABSTRACT FROM PUBLISHER]