CN106028319A - Method and device for resisting illegal connection attack in slave Bluetooth device - Google Patents
Method and device for resisting illegal connection attack in slave Bluetooth device Download PDFInfo
- Publication number
- CN106028319A CN106028319A CN201610563344.2A CN201610563344A CN106028319A CN 106028319 A CN106028319 A CN 106028319A CN 201610563344 A CN201610563344 A CN 201610563344A CN 106028319 A CN106028319 A CN 106028319A
- Authority
- CN
- China
- Prior art keywords
- bluetooth equipment
- main bluetooth
- slave
- illegal
- main
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a method and device for resisting an illegal connection attack in a slave Bluetooth device. The method provided by the invention comprises the steps of setting the value of the switch parameter of the slave Bluetooth device to be the fact that the identity of a master Bluetooth device is illegal when the slave Bluetooth device is connected with any one master Bluetooth device, starting a timer, and carrying out identity authentication on the master Bluetooth device; setting the value of the switch parameter to be the fact that the identity of the master Bluetooth device is legal when it is determined that the master Bluetooth device is legal through the identity authentication; or otherwise cancelling the connection with the master Bluetooth device; immediately detecting the value of the switch parameter after a set period is over according to the timer, when the value of the switch parameter is the fact that the identity of the master Bluetooth device is illegal, cancelling the connection with the master Bluetooth device; and when the master Bluetooth device accesses the data in the slave Bluetooth device, if the value of the switch parameter is the fact that the identity of the master Bluetooth device is legal, allowing the access, otherwise cancelling the connection with the master Bluetooth device.
Description
Technical field
The present invention relates to field of information security technology, particularly a kind of at slave Bluetooth equipment
Resist the method and apparatus that illegal connection is attacked.
Background technology
Low-power consumption bluetooth, also known as BLE (Bluetooth Low Energy).It is being in connection shape
In a pair BLE equipment of state, necessarily having one is Master (leading role's color), and another is Slave
(from role).Before entering connection status, Slave is always in broadcast message, and Master sweeps
It can be initiated connection request after retouching the broadcast message of Slave, and accept at Slave
After request, both sides establish a connection.
Slave refuses nobody for connection request, and any one scans Slave broadcast
BLE Master equipment can initiate connection request to Slave, as long as Slave receives connection and asks
Ask and will be immediately subjected to.As it is shown in figure 1, be the connection status schematic diagram of low-power consumption bluetooth equipment,
Because a slave can only connect a master, if so in an illegal master connection
Slave, the most legal master just cannot connect this slave, thus the most just cannot be with this
Individual slave realizes bluetooth communication.Illegal master and slave connect during this period of time in legal
Master cannot set up with slave always and connect, and more cannot communicate with.Constitute and refuse
Service attack absolutely.
Want to allow legal master have an opportunity to connect slave, slave must be made to reenter broadcast
State, at present conventional way is slave power-off to be re-powered, or make slave away from
Illegal master.
But at present conventional method, due to it cannot be guaranteed that legal master can the very first time with
In slave connection, it is thus possible to need, frequently by slave power-off be powered back up, to cause user
Experience Degree is poor.It is additionally, since slave and can not record illegal master, therefore cannot be avoided same
The repeatedly connection of illegal master.
Summary of the invention
In order to solve the problems referred to above at least in part, the present invention provides a kind of at slave Bluetooth equipment
Resist the method and apparatus that illegal connection is attacked, it is possible to ensure to be connected by illegal master as slave
Afterwards, need not power-off or away from slave being made automatically to disconnect within the shortest time again
With the connection of illegal master, and illegal master can be carried out record, with more quickly
Disconnect same illegal master with slave repeat be connected, to legal master with again with slave
Set up the chance of legal connection.
For achieving the above object, according to an aspect of the invention, it is provided one is blue in subordinate
Tooth equipment resists the method that illegal connection is attacked.
A kind of slave Bluetooth equipment resist illegal connection attack method, including: when described from
When genus bluetooth equipment is connected with arbitrary main bluetooth equipment, the switch of described slave Bluetooth equipment is joined
The value of number is set to " main bluetooth equipment identity is illegal ", starts intervalometer, and performs this
The authentication of main bluetooth equipment;Wherein, described main bluetooth equipment is determined when described authentication
Legal, then the value of described switch parameter is set to " main bluetooth equipment identity is legal ", otherwise
Disconnect the connection with this main bluetooth equipment;Wherein, according to described intervalometer, in the time set
The value of described switch parameter it is immediately checked for, when the value of described switch parameter is " main bluetooth after Qi Maning
Equipment identities is illegal ", then disconnect the connection with this main bluetooth equipment;Wherein, as described master
Bluetooth equipment accesses the data in described slave Bluetooth equipment, if the value of described switch parameter is
" main bluetooth equipment identity is legal ", then allow to access, otherwise disconnect and this main bluetooth equipment
Connect.
Alternatively, check that the value of described switch parameter sends Interruption by described intervalometer
Triggering, wherein after the time of described setting expires, described intervalometer sends described timing immediately
Interrupt.
Alternatively, the time of described setting be hardware capabilities according to described slave Bluetooth equipment and
Product demand is arranged.
Alternatively, described switch parameter does not has label, and can not be by main Bluetooth device operation.
Alternatively, described authentication includes: slave Bluetooth equipment generates random number, and should
Random number is sent to main bluetooth equipment;Described main bluetooth equipment use oneself private key to described with
Machine number is digitally signed, and described digital signature is sent to described slave Bluetooth equipment;Institute
Stating slave Bluetooth equipment uses the PKI of described main bluetooth equipment to test described digital signature
Card, if it is possible to restore described random number, then described in certification, main bluetooth equipment identity is legal,
Otherwise described in certification, main bluetooth equipment identity is illegal.
Alternatively, also include: by making described random number the most random and long enough, and/or
By using symmetric encipherment algorithm that random number and digital signature thereof are encrypted, do not conform to resist
The eavesdropping to identification authentication data of the main bluetooth equipment of method.
Alternatively, also include: by arranging blacklist, blue with described subordinate before preserving
The illegal main bluetooth equipment of identity that tooth equipment connected so that illegal main bluetooth equipment
Can directly disconnect after being again coupled to described slave Bluetooth equipment.
According to a further aspect in the invention, it is provided that a kind of resisting at slave Bluetooth equipment illegally connects
Connect the device of attack.
A kind of resist the device that illegal connection is attacked at slave Bluetooth equipment, including: memorizer and
Processor, wherein, described memory store instruction;Described processor performs described instruction and is used for:
When described slave Bluetooth equipment is connected with arbitrary main bluetooth equipment, described slave Bluetooth equipment
The value of switch parameter be set to " main bluetooth equipment identity is illegal ", start intervalometer, and
Perform the authentication to this main bluetooth equipment;Wherein, described master is determined when described authentication
Bluetooth equipment is legal, then the value of described switch parameter is set to " main bluetooth equipment identity is legal ",
Otherwise disconnect the connection with this main bluetooth equipment;Wherein, according to described intervalometer, set
The value of described switch parameter it is immediately checked for, when the value of described switch parameter is " main after time is expired
Bluetooth equipment identity is illegal ", then disconnect the connection with this main bluetooth equipment;Wherein, institute is worked as
State main bluetooth equipment and access the data in described slave Bluetooth equipment, if described switch parameter
Value is " main bluetooth equipment identity is legal ", then allow to access, and otherwise disconnects and setting with this main bluetooth
Standby connection.
Alternatively, described processor checks that the value of described switch parameter is sent by described intervalometer
Interruption triggers, and wherein after the time of described setting expires, described intervalometer is sent out immediately
Go out described Interruption.
Alternatively, the time of described setting be hardware capabilities according to described slave Bluetooth equipment and
Product demand is arranged.
Alternatively, described switch parameter does not has label, and can not be by main Bluetooth device operation.
Alternatively, described processor carries out described authentication and includes: slave Bluetooth equipment generates
Random number, and this random number is sent to main bluetooth equipment;Described main bluetooth equipment uses oneself
Private key described random number is digitally signed, and described digital signature is sent to described from
Belong to bluetooth equipment;Described slave Bluetooth equipment uses described main bluetooth equipment to described digital signature
PKI verify, if it is possible to restore described random number, then described in certification, main bluetooth sets
Standby identity is legal, and otherwise described in certification, main bluetooth equipment identity is illegal.
Alternatively, described processor is additionally operable to: by making described random number the most random and foot
Enough long, and/or by using symmetric encipherment algorithm that random number and digital signature thereof are encrypted,
To resist the eavesdropping to identification authentication data of the illegal main bluetooth equipment.
Alternatively, described processor is additionally operable to: by arranging blacklist, for preserve before with
The illegal main bluetooth equipment of identity that described slave Bluetooth equipment connected so that illegal
Main bluetooth equipment can directly disconnect after being again coupled to described slave Bluetooth equipment.
According to technical scheme, by for slave Bluetooth equipment insertion switch parameter switch
The identity identifying main bluetooth equipment is the most legal, and recognizes by main bluetooth equipment is carried out identity
Demonstrate,prove to revise the value of switch parameter, and determine according to the value of switch parameter and be to maintain or disconnected
Open and the connection of main bluetooth equipment, it is possible to ensure after slave is connected by illegal master, no
With power-off again or away from, at most set short time expire after make slave from dynamic circuit breaker at once
Open and the connection of illegal master.Meanwhile, the authentication to main bluetooth equipment is encrypted,
Illegal master passively eavesdropping identification authentication data can be resisted, improve bluetooth equipment and connect
Safety.It addition, illegal master can be carried out record by the way of arranging blacklist,
With disconnect more quickly same illegal master with slave repeat be connected, thus give legal
Master again to set up the legal chance being connected with slave.
Accompanying drawing explanation
Accompanying drawing is used for being more fully understood that the present invention, does not constitute inappropriate limitation of the present invention.Wherein:
Fig. 1 is the connection status schematic diagram of low-power consumption bluetooth equipment;
Fig. 2 be according to embodiments of the present invention slave Bluetooth equipment resist illegal connection attack
The key step schematic diagram of method;
Fig. 3 is the authentication procedures schematic diagram of the embodiment of the present invention;
Fig. 4 be according to embodiments of the present invention slave Bluetooth equipment resist illegal connection attack
The main modular schematic diagram of device.
Detailed description of the invention
Below in conjunction with accompanying drawing, the one exemplary embodiment of the present invention is explained, including this
The various details of bright embodiment are to help understanding, it should they are thought the most exemplary.
Therefore, those of ordinary skill in the art are it should be appreciated that can do the embodiments described herein
Go out various changes and modifications, without departing from scope and spirit of the present invention.Equally, in order to clearly
Chu, with simple and clear, eliminates the description to known function and structure in description below.
Fig. 2 be according to embodiments of the present invention slave Bluetooth equipment resist illegal connection attack
The key step schematic diagram of method.According to embodiments of the invention, the present invention mainly can include
Two parts content: one is the authentication to main bluetooth equipment;Two is the knot according to authentication
Fruit determines whether to disconnect the connection with main bluetooth equipment.As in figure 2 it is shown, the present invention in subordinate
Bluetooth equipment is resisted the method for illegal connection attack and is mainly included steps S21 and step
S22。
Step S21: when slave Bluetooth equipment is connected with arbitrary main bluetooth equipment, slave Bluetooth
The value of the switch parameter of equipment is set to " main bluetooth equipment identity is illegal ", and to start fixed simultaneously
Time device, and perform the authentication to this main bluetooth equipment;
Step S22: when authentication determines that main bluetooth equipment is legal, then the value of switch parameter is set
It is set to " main bluetooth equipment identity is legal ", otherwise disconnects the connection with this main bluetooth equipment;Root
According to intervalometer, after the time set expires, it is immediately checked for the value of switch parameter, works as switch parameter
Value be " main bluetooth equipment identity is illegal ", then disconnect and the connection of this main bluetooth equipment;
Data in main bluetooth equipment accesses slave Bluetooth equipment, if the value of switch parameter is " main
Bluetooth equipment identity is legal ", then allow to access, otherwise disconnect the connection with this main bluetooth equipment.
On slave Bluetooth equipment slave, service a service, this service are at least set
At least to include no matter characteristic characteristic that can write write (is write with
Response or write without response).The most main bluetooth equipment master can
Write the data of slave, slave can be controlled.Of course, if slave equipment wants to allow master
If reading the data of oneself, then an Indication Characteristics should be set under service
Indication characteristic or notification characteristic notification characteristic.
In the present invention, introduce a switch parameter switch for slave Bluetooth equipment slave to be used for
The identity recording main bluetooth equipment master is the most legal.This switch parameter switch does not has label,
And can not be by main Bluetooth device operation.Owing to switch data do not work out label Tag, therefore lead
It cannot be addressed by bluetooth equipment master, the most just cannot read and write these data.Wherein.This
In bright slave equipment, the mode of data storage will be in rear detailed description.
When slave Bluetooth equipment slave begins to power up and runs, will switch initial value arrange
Become " Master identity is illegal ".Similarly, when slave is connected with arbitrary master, also
Immediately the value of switch can be arranged to " Master identity is illegal ", enable immediately meanwhile
One intervalometer, and perform this master is carried out the program of authentication.
According to embodiments of the invention, master is carried out authentication and mainly can include following
Step:
Slave Bluetooth equipment generates random number, and this random number is sent to main bluetooth equipment;
Described main bluetooth equipment uses the private key of oneself to be digitally signed described random number, and
Described digital signature is sent to described slave Bluetooth equipment;
Described digital signature is used the PKI of described main bluetooth equipment to enter by described slave Bluetooth equipment
Row checking, if it is possible to restore described random number, then main bluetooth equipment identity described in certification is closed
Method, otherwise described in certification, main bluetooth equipment identity is illegal.
Fig. 3 is the authentication procedures schematic diagram of the embodiment of the present invention.As it is shown on figure 3, when having
Master with slave sets up after being connected, and pressure master is carried out authentication by slave.Recognize
Card process is as follows:
1, slave equipment end generates random number random, and is sent to by random number random
Master, it is to note that the most immediately random number random is sent to once after enabling intervalometer
Master is to carry out authentication;
2, master uses the private key priv_key of oneself to be digitally signed random, and
Digital signature is sent to slave;
3, digital signature is used the PKI pub_key of master to verify by slave;
4 if able to restore random, then illustrates that master identity is legal, if also
Former do not go out random, then illustrate that master identity is illegal.
If the identity of certification master is legal, the value of switch is set to " Master identity conjunction
Method ";If the identity of certification master is illegal, then keep initial value " the Master body of switch
Part is illegal " constant.
When determining whether to disconnect the connection with main bluetooth equipment according to the result of authentication, main
If the value according to global variable switch is carried out.
As it was previously stated, after authentication, if the value of switch is " Master identity is legal "
Time, by keeping the connection of slave and this master, if the value of switch is " Master identity
Illegal " time, will be switched off the connection with master.
After slave is connected with arbitrary master, enable an intervalometer immediately.Can not be timely
In the case of determining that the identity of master is the most legal, utilize intervalometer according to the time set
Whether time_x expires the connection deciding whether to disconnect slave and master.Owing to entering
The when of row authentication, it may appear that network delay or master malice delay turnaround time etc.
Situation, causes can not completing authentication in time.In order to ensure safety, in the time set
When expiring, the connection of possible illegal master is disconnected, hence with intervalometer according to setting
Time time_x by may illegal master connection disconnect.
The time of above-mentioned setting is the hardware capabilities according to described slave Bluetooth equipment and product demand
Arrange.
According to embodiments of the invention, check that the value of described switch parameter can be by described timing
Device sends Interruption and triggers, wherein after the time of described setting expires, and described intervalometer
Send described Interruption immediately.Such as: intervalometer can be set time_x (such as: 1 second)
An Interruption is sent time expired, in the process function of the Interruption to this intervalometer,
Master authentication result to be checked:
(if switch==Master identity is legal)
Do not perform any operation
Otherwise
Disconnect and the connection of illegal Master.
It addition, after master with slave is connected, although authentication does not also carry out or has opened
In the case of beginning but being not fully complete, can also be for main bluetooth equipment master and access slave Bluetooth equipment
The fact that data in slave disconnect the connection of slave and master, thus prevent may be non-
The master of method obtains the data of slave.When main bluetooth equipment master accesses slave Bluetooth equipment
Data in slave, if the value of switch parameter switch is " main bluetooth equipment identity is legal ",
Then allow to access, otherwise turn off and the connection of this main bluetooth equipment.It is to say, utilize
Global variable switch protects other data in slave.Protected mode is as follows:
(if switch==Master identity is legal)
Data in Slave allow to access
Otherwise
Disconnect and the connection of illegal Master.
Take above scheme, after slave with master is connected, if master is illegal
If master, the time time_x (such as 1 second) up to set expires, and slave equipment is just
Can actively disconnect and the connection of master.If master has access slave before time_x expires
The action of data in equipment, then slave equipment will be directly resulted in and this master disconnects;
If master authentication failure before time_x expires, authentication authorization and accounting result is that master is illegal,
The most also can directly result in slave equipment and illegal master disconnects.
Therefore, if be not fully complete the authentication to master when time_x expires, then disconnect
Connection with this master;If master does not carry out authentication directly accesses the data of slave,
Then can directly be disconnected the connection with this master;If to the result of master authentication being
This master is illegal, the most directly disconnects the connection with this master.
If completing authentication before time_x expires and authentication result being that master is legal, that
This master can normally access data.In this case, timing when time_x expires has been arrived
Device can still send Interruption.Now, interrupt processing function checks the value of switch, this value
Should be " Master identity is legal ".
According to technical scheme, attack to preferably resist illegal connection, it is also possible to
Take below scheme:
Scheme 1, resist and passively eavesdrop to obtain identification authentication data
By making described random number the most random and long enough, and/or by using symmetric cryptography
Random number and digital signature thereof are encrypted by algorithm, to resist illegal main bluetooth equipment pair
The eavesdropping of identification authentication data.
In conjunction with Fig. 3, if there being illegal master eavesdropping to obtain < random, the number of legal master
Word signature priv_key (random) > data pair, and set up list.The most once it is eavesdropped again
After random, although it cannot calculate digital signature priv_key (random), but
By acquisition digital signature priv_key (random) of tabling look-up, thus legal identity can be pretended to be.For
Resist this attack, can take two kinds of measures:
Measure one: the generation of random number random to be tried one's best at random, and long enough, so occurs
The probability of random number collision is close to 0;
Measure two:<random, digital signature priv_key (random)>data can be transmitted into
Row symmetric cryptography, uses the symmetric key that master and slave shares, and uses symmetry algorithm to carry out
Encryption and decryption.
Scheme 2, blacklist system can be set up
By arranging blacklist, the body being connected with described slave Bluetooth equipment before preserving
The illegal main bluetooth equipment of part so that illegal main bluetooth equipment sets with described slave Bluetooth
Can directly disconnect for after being again coupled to.
Because comprise the physical address mac address of master in a connection request, so right
In being disconnected the master connected by slave equipment, can preserve a illegal in slave
The physical address mac address list of master.So another as the master in blacklist
In secondary reconnect after slave, slave need not verify the identity of this master, directly breaks
Open the connection with it.So, can disconnect more quickly and the connection of illegal master.
Data storage format in of the present invention slave equipment is explained below.
The organizational form that data in slave equipment can be taked is shown in Table 1.
Table 1
Communication mode | Storage mode | Data name |
TLV | Value | Name |
Switch_ value | Switch | |
TLV_1 | Property_1_ value | property_1 |
TLV_2 | Property_2_ value | property_2 |
TLV_3 | Property_3_ value | property_3 |
TLV_4 | Property_4_ value | property_4 |
…… | …… | …… |
TLV_n | Property_n_ value | property_n |
Wherein, name represents the title of data, and value represents the value of data.
Wherein, switch is in the present invention switch parameter arranged for slave, property_x
(x=1,2 ..., n) it is the data that slave and master can communicate.The present invention adopts
The communication mode encoded by label length value TLV (Tag+Length+Value), make slave and
Master carries out data communication.
Wherein, the form of each label length value TLV coding is as shown in table 2.
Table 2
Tag ID | Length | Value |
2Byte | 1Byte | x Byte |
Wherein, label Tag is the Tag that data Property_x that present communications is to be operated are corresponding,
Can number flexibly;Length Length is the length of Value, namely data Property_x_ value
Corresponding length;Value Value is that the Property_x of current operation is in this communication process
Value.
As can be seen from Table 1, data switch are not work out label Tag value, such master
Just switch cannot be addressed, thus these data cannot be read and write, that is switch cannot be revised
Value.Thereby may be ensured that the objective correctness of the value of switch.
Fig. 4 be according to embodiments of the present invention slave Bluetooth equipment resist illegal connection attack
The main modular schematic diagram of device.As shown in Figure 4, the resisting at slave Bluetooth equipment of the present invention
The device 40 that illegal connection is attacked mainly includes memorizer 41 and processor 42.
Wherein, memorizer 41 storage instruction;Processor 42 performs described instruction and is used for: work as institute
State slave Bluetooth equipment when being connected with arbitrary main bluetooth equipment, opening of described slave Bluetooth equipment
The value of related parameter is set to " main bluetooth equipment identity is illegal ", starts intervalometer, and performs
Authentication to this main bluetooth equipment;Wherein, described main bluetooth is determined when described authentication
Equipment is legal, then the value of described switch parameter is set to " main bluetooth equipment identity is legal ",
Otherwise disconnect the connection with this main bluetooth equipment;Wherein, according to described intervalometer, set
The value of described switch parameter it is immediately checked for, when the value of described switch parameter is " main after time is expired
Bluetooth equipment identity is illegal ", then disconnect the connection with this main bluetooth equipment;Wherein, institute is worked as
State main bluetooth equipment and access the data in described slave Bluetooth equipment, if described switch parameter
Value is " main bluetooth equipment identity is legal ", then allow to access, and otherwise disconnects and setting with this main bluetooth
Standby connection.
Processor 42 checks that the value of described switch parameter sends Interruption by described intervalometer
Triggering, wherein after the time of described setting expires, described intervalometer sends described timing immediately
Interrupt.
In the present invention, the time of described setting is the hardware capabilities according to described slave Bluetooth equipment
With product demand setting.
Described switch parameter does not has label, and can not be by main Bluetooth device operation.
According to technical scheme, processor 42 carries out described authentication and includes: subordinate
Bluetooth equipment generates random number, and this random number is sent to main bluetooth equipment;Described main bluetooth
Equipment uses the private key of oneself to be digitally signed described random number, and by described digital signature
It is sent to described slave Bluetooth equipment;Described slave Bluetooth equipment uses institute to described digital signature
The PKI stating main bluetooth equipment is verified, if it is possible to restore described random number, then certification
Described main bluetooth equipment identity is legal, and otherwise described in certification, main bluetooth equipment identity is illegal.
Processor 42 can be also used for: by making described random number the most random and long enough,
And/or by using symmetric encipherment algorithm random number and digital signature thereof to be encrypted, to resist
The eavesdropping to identification authentication data of the illegal main bluetooth equipment.
Processor 42 can be also used for: by arranging blacklist, for preserve before with described from
Belong to the illegal main bluetooth equipment of identity that bluetooth equipment connected so that illegal main bluetooth
Equipment can directly disconnect after being again coupled to described slave Bluetooth equipment.
Technical scheme according to embodiments of the present invention, by joining for slave Bluetooth equipment insertion switch
The identity that number switch identifies main bluetooth equipment is the most legal, and by main bluetooth equipment is entered
Row authentication is to revise the value of switch parameter, and determines it is to protect according to the value of switch parameter
Hold and be also off and the connection of main bluetooth equipment, it is possible to ensure to be connected by illegal master as slave
Afterwards, need not again power-off or away from, at most set short time expire after make slave immediately
Automatically the connection with illegal master is disconnected.Meanwhile, the authentication to main bluetooth equipment is carried out
Encryption, can resist illegal master passively eavesdropping identification authentication data, improves bluetooth and sets
The standby safety connected.It addition, illegal master can be entered by the way of arranging blacklist
Row record, with disconnect more quickly same illegal master with slave repeat be connected, thus give
Legal master again to set up the legal chance being connected with slave.
Above-mentioned detailed description of the invention, is not intended that limiting the scope of the invention.This area
Technical staff, it is to be understood that depend on that design requires and other factors, can occur various
The amendment of various kinds, combination, sub-portfolio and replacement.Any within the spirit and principles in the present invention
Amendment, equivalent and the improvement etc. made, within should be included in scope.
Claims (14)
1. the method resisting illegal connection attack at slave Bluetooth equipment, it is characterised in that
Including:
When described slave Bluetooth equipment is connected with arbitrary main bluetooth equipment, described slave Bluetooth
The value of the switch parameter of equipment is set to " main bluetooth equipment identity is illegal ", starts intervalometer,
And perform the authentication to this main bluetooth equipment;
Wherein, determine that described main bluetooth equipment is legal, then described switch when described authentication
The value of parameter is set to " main bluetooth equipment identity is legal ", otherwise disconnects and this main bluetooth equipment
Connection;
Wherein, according to described intervalometer, after the time set expires, it is immediately checked for described switch
The value of parameter, when the value of described switch parameter is " main bluetooth equipment identity is illegal ", then breaks
Open and the connection of this main bluetooth equipment;
Wherein, the data in described main bluetooth equipment accesses described slave Bluetooth equipment, if
The value of described switch parameter is " main bluetooth equipment identity is legal ", then allow to access, otherwise break
Open and the connection of this main bluetooth equipment.
Method the most according to claim 1, it is characterised in that check described switch parameter
Value send Interruption by described intervalometer and trigger, wherein when phase time of described setting
Man Hou, described intervalometer sends described Interruption immediately.
Method the most according to claim 1, it is characterised in that the time of described setting is
Hardware capabilities according to described slave Bluetooth equipment and product demand are arranged.
Method the most according to claim 1, it is characterised in that described switch parameter does not has
Label, and can not be by main Bluetooth device operation.
Method the most according to claim 1, it is characterised in that described authentication includes:
Slave Bluetooth equipment generates random number, and this random number is sent to main bluetooth equipment;
Described main bluetooth equipment uses the private key of oneself to be digitally signed described random number, and
Described digital signature is sent to described slave Bluetooth equipment;
Described digital signature is used the PKI of described main bluetooth equipment to enter by described slave Bluetooth equipment
Row checking, if it is possible to restore described random number, then main bluetooth equipment identity described in certification is closed
Method, otherwise described in certification, main bluetooth equipment identity is illegal.
Method the most according to claim 5, it is characterised in that also include:
By making described random number the most random and long enough, and/or by using symmetric cryptography
Random number and digital signature thereof are encrypted by algorithm, to resist illegal main bluetooth equipment pair
The eavesdropping of identification authentication data.
Method the most according to claim 1, it is characterised in that also include:
By arranging blacklist, the body being connected with described slave Bluetooth equipment before preserving
The illegal main bluetooth equipment of part so that illegal main bluetooth equipment sets with described slave Bluetooth
Can directly disconnect for after being again coupled to.
8. the device resisting illegal connection attack at slave Bluetooth equipment, it is characterised in that
Including:
Memorizer and processor, wherein,
Described memory store instruction;
Described processor performs described instruction and is used for:
When described slave Bluetooth equipment is connected with arbitrary main bluetooth equipment, described slave Bluetooth
The value of the switch parameter of equipment is set to " main bluetooth equipment identity is illegal ", starts intervalometer,
And perform the authentication to this main bluetooth equipment;
Wherein, determine that described main bluetooth equipment is legal, then described switch when described authentication
The value of parameter is set to " main bluetooth equipment identity is legal ", otherwise disconnects and this main bluetooth equipment
Connection;
Wherein, according to described intervalometer, after the time set expires, it is immediately checked for described switch
The value of parameter, when the value of described switch parameter is " main bluetooth equipment identity is illegal ", then breaks
Open and the connection of this main bluetooth equipment;
Wherein, the data in described main bluetooth equipment accesses described slave Bluetooth equipment, if
The value of described switch parameter is " main bluetooth equipment identity is legal ", then allow to access, otherwise break
Open and the connection of this main bluetooth equipment.
Device the most according to claim 8, it is characterised in that described processor checks institute
State the value of switch parameter to send Interruption by described intervalometer and trigger, wherein set when described
After the fixed time expires, described intervalometer sends described Interruption immediately.
Device the most according to claim 8, it is characterised in that the time of described setting is
Hardware capabilities according to described slave Bluetooth equipment and product demand are arranged.
11. devices according to claim 8, it is characterised in that described switch parameter does not has
Label, and can not be by main Bluetooth device operation.
12. devices according to claim 8, it is characterised in that described processor carries out institute
State authentication to include:
Slave Bluetooth equipment generates random number, and this random number is sent to main bluetooth equipment;
Described main bluetooth equipment uses the private key of oneself to be digitally signed described random number, and
Described digital signature is sent to described slave Bluetooth equipment;
Described digital signature is used the PKI of described main bluetooth equipment to enter by described slave Bluetooth equipment
Row checking, if it is possible to restore described random number, then main bluetooth equipment identity described in certification is closed
Method, otherwise described in certification, main bluetooth equipment identity is illegal.
13. devices according to claim 12, it is characterised in that described processor is also used
In:
By making described random number the most random and long enough, and/or by using symmetric cryptography
Random number and digital signature thereof are encrypted by algorithm, to resist illegal main bluetooth equipment pair
The eavesdropping of identification authentication data.
14. devices according to claim 8, it is characterised in that described processor is additionally operable to:
By arranging blacklist, the body being connected with described slave Bluetooth equipment before preserving
The illegal main bluetooth equipment of part so that illegal main bluetooth equipment sets with described slave Bluetooth
Can directly disconnect for after being again coupled to.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610563344.2A CN106028319B (en) | 2016-07-18 | 2016-07-18 | A kind of method and apparatus for resisting illegal connection attack in slave Bluetooth equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610563344.2A CN106028319B (en) | 2016-07-18 | 2016-07-18 | A kind of method and apparatus for resisting illegal connection attack in slave Bluetooth equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106028319A true CN106028319A (en) | 2016-10-12 |
CN106028319B CN106028319B (en) | 2019-06-04 |
Family
ID=57118443
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610563344.2A Active CN106028319B (en) | 2016-07-18 | 2016-07-18 | A kind of method and apparatus for resisting illegal connection attack in slave Bluetooth equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106028319B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107105398A (en) * | 2017-05-25 | 2017-08-29 | 北京京东尚科信息技术有限公司 | A kind of method and apparatus of communication |
CN110505609A (en) * | 2018-09-19 | 2019-11-26 | 深圳市文鼎创数据科技有限公司 | A kind of bluetooth exchange method, bluetooth interactive device and terminal device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105187369A (en) * | 2015-06-05 | 2015-12-23 | 杭州华三通信技术有限公司 | Data access method and data access device |
CN105430603A (en) * | 2015-12-03 | 2016-03-23 | 北京握奇智能科技有限公司 | Secure connection method and system for Bluetooth equipment |
CN105610832A (en) * | 2015-12-30 | 2016-05-25 | 北京华大智宝电子系统有限公司 | Bluetooth device pairing method and Bluetooth device |
CN105722013A (en) * | 2016-02-02 | 2016-06-29 | 深圳市文鼎创数据科技有限公司 | Bluetooth pairing method and device |
-
2016
- 2016-07-18 CN CN201610563344.2A patent/CN106028319B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105187369A (en) * | 2015-06-05 | 2015-12-23 | 杭州华三通信技术有限公司 | Data access method and data access device |
CN105430603A (en) * | 2015-12-03 | 2016-03-23 | 北京握奇智能科技有限公司 | Secure connection method and system for Bluetooth equipment |
CN105610832A (en) * | 2015-12-30 | 2016-05-25 | 北京华大智宝电子系统有限公司 | Bluetooth device pairing method and Bluetooth device |
CN105722013A (en) * | 2016-02-02 | 2016-06-29 | 深圳市文鼎创数据科技有限公司 | Bluetooth pairing method and device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107105398A (en) * | 2017-05-25 | 2017-08-29 | 北京京东尚科信息技术有限公司 | A kind of method and apparatus of communication |
CN110505609A (en) * | 2018-09-19 | 2019-11-26 | 深圳市文鼎创数据科技有限公司 | A kind of bluetooth exchange method, bluetooth interactive device and terminal device |
Also Published As
Publication number | Publication date |
---|---|
CN106028319B (en) | 2019-06-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11335144B2 (en) | Method for unlocking intelligent lock, mobile terminal, intelligent lock and server | |
CN111209334B (en) | Power terminal data security management method based on block chain | |
US9107069B2 (en) | Addressable radio device | |
CN100590639C (en) | System and method for managing multiple smart card sessions | |
CN104539420B (en) | A kind of safety key managing method of general Intelligent hardware | |
CN111355684B (en) | Internet of things data transmission method, device and system, electronic equipment and medium | |
CN103795541B (en) | Secure communication method of electricity information acquisition system of 230M wireless private network channel | |
KR101410764B1 (en) | Apparatus and method for remotely deleting important information | |
CN109905869A (en) | Data transmission method between a kind of charging equipment and smart machine | |
CN104980449B (en) | The safety certifying method and system of network request | |
CN101296136B (en) | Method and system for information distribution of server information, and management device | |
CN109729000B (en) | Instant messaging method and device | |
CN104539517A (en) | Chatting method and system based on intelligent terminal local server | |
GB2494550A (en) | Dynamic address allocation to a radio device | |
CN103595529B (en) | The changing method of a kind of one-pass key and realize device | |
CN106028319A (en) | Method and device for resisting illegal connection attack in slave Bluetooth device | |
CN102957704A (en) | Method, device and system for determining MITM (Man-In-The-Middle) attack | |
US20130227173A1 (en) | Information notification apparatus, method, and program product | |
CN109743319A (en) | A kind of credible starting of network type private server and method for safe operation | |
CN109104385A (en) | A kind of method and apparatus preventing MACSEC exit passageway failure | |
CN103188084B (en) | Method, system and the broadcasting server of a kind of broadcasting user picture | |
CN103501298B (en) | A kind of non-interrupting service escalation process ensures the method and apparatus that link does not stop | |
CN112350823B (en) | CAN FD communication method between vehicle-mounted controllers | |
WO2020140926A1 (en) | Key generation method, terminal device and network device | |
CN103634292A (en) | Method and system for communication information transmission |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |