EP1329060A2 - Procede et appareil pour assurer la securite des utilisateurs d'appareils de type bluetooth?tm - Google Patents

Procede et appareil pour assurer la securite des utilisateurs d'appareils de type bluetooth?tm

Info

Publication number
EP1329060A2
EP1329060A2 EP01966311A EP01966311A EP1329060A2 EP 1329060 A2 EP1329060 A2 EP 1329060A2 EP 01966311 A EP01966311 A EP 01966311A EP 01966311 A EP01966311 A EP 01966311A EP 1329060 A2 EP1329060 A2 EP 1329060A2
Authority
EP
European Patent Office
Prior art keywords
devices
random number
seed
computing
session
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP01966311A
Other languages
German (de)
English (en)
Inventor
Bjorn Markus Jakobsson
Susanne Gudrun Wetzel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alcatel Lucent SAS
Original Assignee
Lucent Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/851,098 external-priority patent/US6574455B2/en
Priority claimed from US09/851,233 external-priority patent/US6981157B2/en
Application filed by Lucent Technologies Inc filed Critical Lucent Technologies Inc
Publication of EP1329060A2 publication Critical patent/EP1329060A2/fr
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B1/00Details of transmission systems, not covered by a single one of groups H04B3/00 - H04B13/00; Details of transmission systems not characterised by the medium used for transmission
    • H04B1/69Spread spectrum techniques
    • H04B1/713Spread spectrum techniques using frequency hopping
    • H04B1/7143Arrangements for generation of hop patterns
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K1/00Secret communication
    • H04K1/003Secret communication by varying carrier frequency at or within predetermined or random intervals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/80Jamming or countermeasure characterized by its function
    • H04K3/82Jamming or countermeasure characterized by its function related to preventing surveillance, interception or detection
    • H04K3/827Jamming or countermeasure characterized by its function related to preventing surveillance, interception or detection using characteristics of target signal or of transmission, e.g. using direct sequence spread spectrum or fast frequency hopping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K2203/00Jamming of communication; Countermeasures
    • H04K2203/10Jamming or countermeasure used for a particular application
    • H04K2203/18Jamming or countermeasure used for a particular application for wireless local area networks or WLAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/35Network arrangements, protocols or services for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • This invention relates to wireless communication on a small local area network (LAN), and more particularly, to local wireless communication between devices operating in accordance with the BluetoothTM standard.
  • Bluetooth is a recently proposed standard for local wireless communication of mobile or potentially mobile devices, such as cellular phones, wireless headsets, computers, printers, cars, and turn-stiles, allowing such devices in the proximity of each other to communicate with each other (see, e.g., httpJ/www.bluetooth.com; "Specification of the Bluetooth System", Core, Specification Volume 1 , v.1.1 , February 22, 2001 ; and “Specification of the Bluetooth System", Profiles, Specification Volume 2, v.1.1 , February 22,
  • a small wireless LAN known as a piconet
  • all Bluetooth-enabled devices within a set of such devices communicate with a master device within the set, which is selected as the master when the piconet is established.
  • the master device controls the other slave devices within the set, determining which device transmits and which device receives at any given instant.
  • the slave devices on each wireless LAN need to be within approximately 30 feet of the master device for communication to proceed. Since a Bluetooth- enabled device might be within the range of more than one piconet, protection is incorporated to enable a receiving device to discriminate between messages it should properly act on from another device within its own piconet, and messages it should ignore from a device on another piconet that is outside the set.
  • each message sent by a device includes a network descriptor. All messages between the master device and any of the slave devices on the same piconet then contain that same descriptor so when any device on another piconet "hears" a message with a different network descriptor, it knows to ignore it.
  • the network descriptor used on each piconet is a channel access code (CAC) that is determined as a function of a device identifier, a so-called 48-bit Bluetooth Address (BD_ADDR), that is associated with the master in the LAN, each Bluetooth device having a unique BD_ADDR stored in its memory.
  • CAC channel access code
  • BD_ADDR so-called 48-bit Bluetooth Address
  • a CAC is computed as a deterministic function of its BD_ADDR, which CAC is then used as the network descriptor for all messages sent over the piconet between the master and any slave devices within the defines set.
  • the slaves upon learning the BD_ADDR of the master, are able to compute that same CAC using the known deterministic function, thereby knowing which messages to listen for and what network descriptor to use in communicating messages back to the slave.
  • the problem with this arrangement is that the privacy of an individual using a Bluetooth device can be attacked. For example, if a user having a master Bluetooth-enabled cellular phone, a slave Bluetooth-enabled wireless headphone, and a slave Bluetooth-enabled CD player were to enter an area in which an intentional eavesdropper equipped with a receiver was located, that individual could learn the network descriptor associated with that user's cellular phone by detecting and "examining" the network descriptor used in the messages to and from that master. That eavesdropper could thereafter track the physical location of that user by "listening" in various locations for messages containing that same network descriptor. Thus, for example, if the network descriptor associated with a political figure's cell phone is determined, a visit by that person to what might be a politically embarrassing location could be tracked by eavesdropping receivers at that location.
  • the network descriptors associated with the Bluetooth devices of multiple individuals were determined, subsequent meetings of those individuals could be tracked by the coincidence of location and time of multiple messages containing network descriptors associated with these individuals.
  • various security issues are present once a user's network descriptor is compromised. Specifically, once the network descriptor is determined, the intentional eavesdropper could inject messages into the piconet in a manner that receiving devices within the piconet would assume to be originating from within the piconet from a valid device. This is referred to as an authentication problem since the authenticity of the messages cannot be guaranteed.
  • That invention substantially impedes an eavesdropper from tracking the user of a Bluetooth- enabled device who detects and then listens for a network descriptor in the messages being sent to and from the device.
  • a user of such a Bluetooth-enabled device may still, however, be subject to attack by a computer-powerful eavesdropper who is able to track the user by detecting the channel hopping sequence used by the device.
  • message packets that are sent between two devices are not transmitted within a same single frequency band. Rather, within a message timeslot the message is transmitted in one- of-N bands, where N, in the United States, is equal to 79. At the beginning of a next message timeslot the carrier frequency "hops" to a different frequency.
  • the sequence of frequencies used is a pseudo-random pattern that is computed as a known function of a universal time parameter and the BD_ADDR of the master device operating on the piconet. This enables the master and slave devices that are communicating with each to know on which frequency band to transmit and receive at any given time. Since, as previously noted, BD_ADDR is a 48-bit word, there are 2 48 different BD_ADDRs, which each produce an associated hopping sequence. Since the function that is used to compute the hopping sequence needs to be known, a strong attacker, i.e., one with significant computational power, could determine the hopping sequence associated with each possible BD_ADDR.
  • a computer-strong eavesdropper would be able to determine in which frequency bands in successive timeslots signal energy would be expected to be present if the device is communicating.
  • the eavesdropper could then listen for the presence of signal energy in plural message timeslots in one or more frequency bands.
  • different BD_ADDRs could be successively excluded as possibilities until only a single BD_ADDR remains that could have generated the detected pattern.
  • the computer-strong eavesdropper Once the computer-strong eavesdropper has so identified the BD_ADDR of the user's Bluetooth-enabled device, that user can thereafter be tracked by listening for that hopping pattern in one or more frequency bands over plural timeslots as that device is used and moved by the user from location to location. Specifically, the eavesdropper only needs to determine whether the hopping sequence being used by a Bluetooth- enabled device that is proximate to and being received by one of his own eavesdropping receivers is the hopping sequence associated with the BD_ADDR of the device being tracked. If the hopping sequence is recognized, then the eavesdropper knows that the device and its user are within the locus of that receiver.
  • the hopping sequence used to select the successive frequencies on which multiple devices within a defined set of devices communicate with each other is randomized in a manner that impedes even a computer-strong eavesdropper from associating a detected pattern of frequency hopping with a particular identifier that is associated with one of the devices within the set.
  • the hopping sequence is determined as a known function of a global time parameter, an identifier associated with one of the devices, such as the BD_ADDR of the master on a piconet, and a random number, a so-called seed, such as at least one random number that is known and/or provided to the communicating devices.
  • that random number is periodically changed each time a new session begins, where a session is defined to be the duration of one event such as one phone conversation, listening to one CD, or printing one job on a printer.
  • a session starts and communication between a master and slave begins, the master and/or the slave selects a random number, the seed, which communicated to the devices associated with the session.
  • the master and the slave then compute a hopping sequence as known function of the global time parameter, the master's BD_ADDR, and the random number.
  • the master and slave then use that resultant hopping sequence to determine each next frequency band for transmitting and receiving the successive message packets throughout the duration of the session.
  • a new random number is generated and communicated to the master and slave, which random number is then used by both the master and the slave to compute a new hopping sequence for the new session.
  • An intentional eavesdropper attempting to determine the hopping sequence being used by a proximate device by listening to the frequency bands in which signal energy is present will be unable to correlate the detected two partial or full hopping sequences to each other or to a specific BD_ADDR. Further, the eavesdropper will be unable to determine where the first hopping sequence is transformed into the second hopping sequence, and that both hopping sequences are in fact generated from the same BD_ADDR.
  • the seed used in calculating the hopping sequence for the new session may be a function of the random number generated for the new session and one or more random numbers generated for previous sessions.
  • the random number sent from the master to the other devices at the beginning of each session can be encrypted, requiring pre-establishing a key in each device, but precluding the eavesdropper from learning that random number if he overhears it.
  • the random number can be sent in the clear. If sent in the clear, an attacker needs to be present at the exact time of setup to learn that number. Further, when plural random numbers are used together to form the seed, the attacking eavesdropper needs to be present at the exact setup times of all previous sessions.
  • device-to-device access can be made inclusive or exclusive to other devices and users of such devices operating on the same first piconet or other devices operating on a second piconet that is physically proximate to and within the range of the first piconet.
  • FIG. 1 is a diagram showing a user carrying three Bluetooth-enabled devices on his person that communicate with each other on a piconet;
  • FIG. 2 shows two users whose Bluetooth-enabled devices are within the range of more than one piconet
  • FIG. 3 illustrates a nefarious eavesdropper tracking the location of the user of a Bluetooth-enabled device
  • FIG. 4 is a block diagram of a Bluetooth-enabled device in accordance with the present invention
  • FIG. 5 is a flow chart detailing the steps of a first embodiment of the present invention.
  • FIG. 6 is a flow chart detailing the steps of a second embodiment of the present invention.
  • FIG. 1 shows a user 101 having three active Bluetooth-enabled devices: a cell phone 102, a wireless headset 103, and a CD player 104.
  • the cell phone 102 is established as the master device, with the wireless headset 103 and CD player 104 being slave devices.
  • the cell phone 102 acts as an intermediary and controller, and all messages from the slaves 103 and 104 are sent to the master cell phone 102 before being passed to the other.
  • the digitized audio output of the CD player 104 is sent as messages to the master cell phone 102 before being forwarded by the cell phone to the wireless headset 103 for the user's enjoyment.
  • the master cell phone can be programmed to switch off the CD player 104 when an incoming phone call arrives and then pass the call to the wireless headset 103 for reception by the user.
  • the range of Bluetooth-enabled devices is approximately 30 feet.
  • a Bluetooth-enabled device can physically be within the range of more than one piconet, such as is shown in FIG. 2, where the devices being used by users 202 and 203 fall within each other's ranges.
  • the Bluetooth- enabled cell phone 204, headset 205, and CD player 206 of user 202 on piconet 212 are within range of the cell phone 207, headset 208, and laptop computer 209 of user 203 on piconet 213.
  • the Bluetooth standard requires each message to include a network descriptor that is used in all messages on a particular piconet.
  • a computer-strong eavesdropper could still track the location of the user by determining the BD_ADDR of one of the user's Bluetooth-enabled devices by monitoring one or more of frequency bands over a plurality of message timeslots.
  • the channel hopping sequence used by a Bluetooth-enabled device is computed as a known function of the BD_ADDR of one of the devices in the set of devices on the piconet. The computer-strong eavesdropper can thus determine the hopping sequence for each possible BD_ADDR.
  • a receiver within range of the Bluetooth-enabled device being used by the user whom the attacking eavesdropper wants to track, can be used to monitor the pattern of signal energy in one or more frequency bands over a plurality of message timeslots.
  • the one channel hopping sequence that could produce such a pattern can be found and the associated BD_ADDR that generates that hopping sequence can then be determined.
  • the user's location can be tracked as he passes within the range of other receivers, which are monitoring for a signal energy distribution that matches the hopping sequence associated with that BD_ADDR. As shown in FIG. 3, therefore, as the user 301 moves throughout the city, he could be tracked by receivers 302, 303 and 304, for example, which are each
  • the present invention modifies the hopping sequence used by Bluetooth-enabled devices communicating over a piconet including a randomizing seed into the parameters of the function that determines the hopping sequence from the universal time parameter and the BD_ADDR of one of the devices.
  • a degree of randomization into that function, an eavesdropper who is able to detect the hopping sequence being used by the communicating devices by listening to one or more frequency channels over a plurality of message timeslots will be unable to associate the detected hopping sequence with a specific BD_ADDR in the manner previously described.
  • the hopping sequence is determined as predetermined function of the universal time parameter, the BD_ADDR of one of the devices, such as the master, and a random number, which is changed each time a new session begins on the piconet.
  • a session is defined by the duration of one event such as, in FIG. 1 , a phone conversation by the user over the cell phone 102 or the playing of a single CD on the CD player 104.
  • a new session begins upon the start on a new phone conversation or the playing of a new CD.
  • the master sends to the slave a random number, the seed, with the BD_ADDR of the master, that are used by both the master and the slave together with a universal time parameter to compute the hopping sequence that will be used by the master and the slave for the duration of that session.
  • the function used the compute hopping sequence from the BD_ADDR of the master, the seed and the universal time parameter is a so -called one-way function such as the well-known SHA1 , or MD5 functions. Such one-way functions prevent the reverse engineering of the inputs to the function given the output of the function, as is well understood by those skilled in the art.
  • the random number used as the seed to compute the hopping sequence is changed on a periodic basis, such as each time a new session begins, in alternative embodiments the random number could remain static.
  • the intentional eavesdropper could potentially associate the observed hopping sequence with a previously detected hopping sequence but would not know with whom to associate it. Thus, he would be able to conclude that the same group of devices generated the two hopping sequences, but would they would be unidentifiable.
  • the random number used as the seed needs to be provided to the master and the slave, which are communicating with each other, to enable each to separately and consistently compute the hopping sequence. This can be achieved through communication between the two, such as sending the random number from one to the other, for example, from the master to the slave, or by sending a first portion from the master to the slave and the remaining second portion from the slave to the master.
  • the random number, or the portion of the random number can be sent in the clear, the simplicity of this arrangement being its advantage.
  • the random number has the potential to being overheard by the eavesdropper when it is communicated between devices.
  • the random number, or the portions of the random number communicated from one device to another can be encrypted, which requires both such devices to pre-establish a key.
  • encrypting the random number has the advantage of excluding certain users and/or devices from receiving messages that are being transmitted between other devices on the piconet.
  • FIG. 4 is a block diagram that functionally shows a Bluetooth-enabled device 400 in accordance with the invention.
  • device 400 functionally separates the Bluetooth-functioning elements 401 that cause the device to operate in accordance with the Bluetooth specifications, and the other device circuitry 402 that performs the functions associated with the particular type of unit that the entire device 400 is, such as in the example of FIG. 1 , a cell phone, a wireless headset, or a CD player.
  • the Bluetooth- functioning elements 401 include a receiving antenna 403, which receives wireless-transmitted messages from the other devices on the piconet, and passes them on to a receiver 404.
  • Receiver 404 outputs the demodulated messages and inputs them to a processor 405.
  • processor 405 performs other required Bluetooth operations including those required for the invention described in the afore-noted co-pending patent application, plus other operations which are not discussed further since they are not necessary for an understanding of the present invention.
  • the information within each received message is passed to the device circuitry 402 for device-specific processing over a link 406, which may be a serial or parallel bus or other cabled arrangement, or a wireless connection.
  • Outgoing messages, originating either within the device circuitry 402 or within processor 405 are passed to a transmitter 407 for modulation and output onto output antenna 408.
  • a common antenna may share the functions of the two separate antennas 403 and 408 shown in FIG. 4.
  • the Bluetooth-functioning elements 401 are shown including an event detector 409, which may be a separate element as shown, or incorporated as part of processor 405. If device 400 is the master on the piconet and a new session begins within the device circuitry 402 of that device, event detector 409 is triggered, thereby signaling processor 405 to compute a new hopping sequence. If a new session begins within the device circuitry of a slave, that information is communicated to the master and event detector 409.
  • event detector 409 may be a separate element as shown, or incorporated as part of processor 405.
  • processor 405 Upon being triggered by event detector 409, processor 405 retrieves a random number from random number generator 410 to act as the seed in computing the hopping sequence as a predetermined function of the retrieved random number, this device's, the master's, BD_ADDR, and the current universal time parameter from clock 412.
  • the random number generator 410 could be incorporated within processor 405 and could generate the random number from various sources of randomness such as radio activity or using cryptographic techniques such as one-way functions. For purposes of simplicity, it will be assumed that the entire random number, rather than a portion, is produced by random number generator 410 within the master rather than a portion, which would be combined by another portion generated within a slave. As shown in FIG.
  • the BD__ADDR is stored in a memory 411 associated with processor 405 but may actually be hard-wired as part of the Bluetooth-functioning elements 401.
  • the predetermined function used to compute the hopping sequence is preferably a one-way function.
  • the random number used to compute the hopping sequence which is also stored in memory 411 , is also communicated to the slave where it is used, together with the master's BD_ADDR and the universal time parameter, to compute the hopping sequence using the same function.
  • memory 411 stores the BD_ADDR of the master and the current random number used to compute hopping sequence.
  • the master communicates the random number to the slave in the clear. If it is encrypted, then a transmit key is retrieved from memory 411 and processor 405 encrypts the random number before it is transmitted to the slave. A slave, when receiving the random number retrieves a receive key from memory 411 and processor 405 decrypts the received encrypted number using that key.
  • the random number in memory 411 is replaced by a random number generated by random number generator 410 in the master and a new hopping sequence is computed by processor 405 to determine the sequence of frequency bands on which to successively transmit and receive all message packets until event detector 409 detects the beginning of a next session.
  • the embodiments described above can be modified to add even further protection to prevent the intentional eavesdropper from tracking the location of the user of a Bluetooth-enabled device.
  • the random number outputted by random number generator 410 is combined with at least one previous random number. The combination of these random numbers is then used as the seed in computing CAC as a function of that combination and the master's BD_ADDR.
  • memory 411 within the Bluetooth elements 401 , also includes at least one storage location for storing the at least one previous random number outputted by random number generator 410.
  • the second embodiment of the invention in which the CAC is recomputed not only at the beginning of each session, but periodically within each session, can also be similarly modified.
  • the random number used as the seed to compute the CAC at the beginning of each session or within each session at the end of each periodic interval is a combination of a random number outputted by random number generator 210 at that time and at least one previous random number that is stored in memory 311.
  • FIG. 5 is a flowchart that illustrates the steps of this first embodiment of the invention.
  • a communication network is established between the designated master and the slave(s).
  • the master selects a random number to be used as the seed which is provided to the slave(s) together with the master's BD_ADDR.
  • the CAC is computed by the master and the slave(s) as a deterministic function of the master's BD_ADDR and the selected random number.
  • that computed CAC is used as the network descriptor in all messages transmitted between the master and the slave(s).
  • a determination is made whether the current session is still ongoing.
  • step 504 again, the same computed CAC continues to be used as the network descriptor in all messages between the master and the slave(s). If, at step 505, the determination is made that the current session in not still ongoing, then, at step 506, a determination is made whether a new session has begun. If yes, the flow returns to step 502, where the master selects a new random number to used as the seed and which new seed is provided to the slave(s). Again, as previously described, a new CAC is computed by the master and the slave(s), which is used as the network descriptor in all messages between the master and the slave(s) until that session ends.
  • An intentional eavesdropper will thus first "hear" CAC, computed for use during the first session in the messages it captures. When that session ends, the eavesdropper will no longer hear CAC ! in any message. When a new session begins, the eavesdropper will "hear" CAC 2 , computed for use during the second session, in the messages it overhears. The eavesdropper can't, however, determine that both CA ⁇ and CAC 2 have been generated from the same BD_ADDR, and therefore is precluded from tracking the locations of the individual using the Bluetooth-enabled device as that Bluetooth user moves from location-to-location.
  • a second embodiment of the present invention provides a finer-grained solution to the problem.
  • the master when a session begins, the master sends to the slave(s), together with its BD_ADDR, a seed that consists of a randomly generated number plus a time parameter associated with the master's internal clock.
  • the CAC is then computed by the master and the slave(s) as a predetermined function of the BD_ADDR, the random number and the time parameter. Thereafter, throughout the same session, the CAC is automatically recomputed at the end of every interval of predetermined duration using the then current time parameter associated with the master's clock. The CAC is thus changed at a much faster rate than in the purely session-driven embodiment described above. The intentional eavesdropper then has much greater difficulty tracking the location of the user of the Bluetooth-enabled device by "listening" for a particular CAC.
  • the Bluetooth-enabled device 400 in FIG. 4 stores the time parameter associated with the master's clock in memory 411.
  • Processor 405 then thereafter re-computes the CAC based on the master's BD_ADDR, the current session's random number, and that stored master's time parameter as it is modified by the accumulated predetermined time intervals that have passed since the session began, the latter being determined by clock 412.
  • Clock 412 is shown for illustrative purposes as a separate element but in practice could be incorporated into the processor 405. If device 400 is the master, when a session begins the then current value of clock 412 is stored in memory 411 and sent together with the random number outputted by random number generator 410 to the slave(s).
  • FIG. 6 is a flowchart that illustrates the steps of this second embodiment.
  • communication is established between the master and the slave(s).
  • a random number is selected by the master and provided to the slave(s) together with the master's BD_ADDR and a current time parameter associated with the master.
  • the CAC is computed by both the master and the slave(s) as a deterministic function of the master's BD_ADDR, the selected random number and the current time parameter associated with the master.
  • that computed CAC is used as the network descriptor in all the messages between the master and the slave(s).
  • a determination is made whether the predetermined time interval has elapsed since the CAC was last computed.
  • step 606 a determination is made whether the current session is still ongoing. If it is, then the previously computed CAC continues to be used as the network descriptor in each message. If the current session is not ongoing, the flow proceeds to decision step 607 to await the beginning a new session. When a new session begin, the flow returns to step 602 where a new random number and the then current master's time parameter are used as a seed to compute a new CAC as a function of that seed and the master's BD_ADDR.
  • step 605 a determination is made that the predetermined time interval has elapsed and, at step 608, the current session is still ongoing, then the flow returns to step 604 where the CAC is recomputed as the predetermined function of the master's BD_ADDR, the previously determined random number and the then current master's time parameter. If, at step 608, the current session is not still ongoing, then the flow proceeds to step 607 to await the beginning of a new session. Upon the occurrence of a new session, the flow returns to step 602. As previously, at step 602, a new random number is selected by the master and combined with the master's then current time parameter to form a seed that is used together with the master's BD_ADDR to compute the CAC.
  • processors may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software.
  • the functions may be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared.
  • explicit use of the term "processor” should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, digital signal processor (DSP) hardware, read-only memory (ROM) for storing software, random access memory (RAM), and non-volatile storage.
  • DSP digital signal processor
  • ROM read-only memory
  • RAM random access memory
  • non-volatile storage Other hardware, conventional and/or custom, may also be included.
  • any element expressed as a means for performing a specified function is intended to encompass any way of performing that function including, for example, a) a combination of circuit elements which performs that function or b) software in any form, including, therefore, firmware, microcode or the like, combined with appropriate circuitry for executing that software to perform the function.
  • the invention as defined by such claims resides in the fact that the functionalities provided by the various recited means are combined and brought together in the manner which the claims call for. Applicant thus regards any means which can provide those functionalities as equivalent as those shown herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

Au début de chaque nouvelle session sur un appareil, le descripteur de réseau est modifié, au lieu d'inclure un descripteur de réseau statique dans des messages transmis entre des appareils maîtres et esclaves de type Bluetooth communiquant dans un piconet, ce descripteur de réseau étant traité comme une fonction connue de l'adresse de l'appareil maître Bluetooth (BD ADDR). Ceci permet d'éviter qu'une personne, qui se trouve à proximité du piconet et écoute clandestinement pour détecter le descripteur de réseau inclus dans lesdits messages, n'associe un descripteur de réseau intercepté à un appareil donné d'un utilisateur, pour, ensuite, utiliser ce descripteur de réseau, afin de repérer la localisation de l'utilisateur qui exploite l'appareil. Le descripteur de réseau, le code d'accès au canal (CAC), est changé au début de chaque nouvelle session et il est alors traité comme une fonction connue d'une valeur de départ et de la BD ADDR de l'appareil maître, cette valeur de départ étant un nombre aléatoire choisi par l'appareil maître au début de chaque nouvelle session. Pour une plus grande sécurité, le CAC est changé, non seulement au début d'une nouvelle session, mais aussi pendant chaque session, de façon périodique. Pour celui-ci, la valeur de départ est une combinaison du nombre aléatoire généré par l'appareil maître pour chaque session et d'un paramètre de temps associé à l'appareil maître.
EP01966311A 2000-08-30 2001-08-28 Procede et appareil pour assurer la securite des utilisateurs d'appareils de type bluetooth?tm Ceased EP1329060A2 (fr)

Applications Claiming Priority (9)

Application Number Priority Date Filing Date Title
US22913000P 2000-08-30 2000-08-30
US229130P 2000-08-30
US23442600P 2000-09-21 2000-09-21
US234426P 2000-09-21
US09/851,098 US6574455B2 (en) 2000-08-30 2001-05-08 Method and apparatus for ensuring security of users of bluetooth TM-enabled devices
US09/851,233 US6981157B2 (en) 2000-08-30 2001-05-08 Method and apparatus for ensuring security of users of short range wireless enable devices
US851223 2001-05-08
US851098 2001-05-08
PCT/US2001/026763 WO2002019599A2 (fr) 2000-08-30 2001-08-28 Procede et appareil pour assurer la securite des utilisateurs d'appareils de type bluetooth?tm¿

Publications (1)

Publication Number Publication Date
EP1329060A2 true EP1329060A2 (fr) 2003-07-23

Family

ID=32303704

Family Applications (2)

Application Number Title Priority Date Filing Date
EP01966311A Ceased EP1329060A2 (fr) 2000-08-30 2001-08-28 Procede et appareil pour assurer la securite des utilisateurs d'appareils de type bluetooth?tm
EP01964463A Expired - Lifetime EP1314286B1 (fr) 2000-08-30 2001-08-28 Procede et appareil permettant d'assurer la securite d'utilisateurs de dispositifs a capacites bluetooth

Family Applications After (1)

Application Number Title Priority Date Filing Date
EP01964463A Expired - Lifetime EP1314286B1 (fr) 2000-08-30 2001-08-28 Procede et appareil permettant d'assurer la securite d'utilisateurs de dispositifs a capacites bluetooth

Country Status (5)

Country Link
EP (2) EP1329060A2 (fr)
JP (3) JP3860113B2 (fr)
AU (2) AU2001286837A1 (fr)
DE (1) DE60129714T2 (fr)
WO (2) WO2002019599A2 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2001286837A1 (en) * 2000-08-30 2002-03-13 Lucent Technologies Inc. Securing the identity of a bluetooth master device (bd_addr) against eavesdropping by preventing the association of a detected frequency hopping sequence with the identity of a particular bluetooth device
US9042549B2 (en) * 2009-03-30 2015-05-26 Qualcomm Incorporated Apparatus and method for address privacy protection in receiver oriented channels
GB2491159A (en) * 2011-05-25 2012-11-28 Leon Codrington CD player wireless audio transceiver
US20160249365A1 (en) 2015-02-19 2016-08-25 Corning Optical Communications Wireless Ltd. Offsetting unwanted downlink interference signals in an uplink path in a distributed antenna system (das)

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1995024081A1 (fr) * 1994-03-03 1995-09-08 Proxim, Inc. Protocole de commande d'acces a un support de communications a sauts de frequences
GB9508885D0 (en) * 1995-05-02 1995-06-21 Plessey Semiconductors Ltd Wireless local area networks
JP3814339B2 (ja) * 1995-07-14 2006-08-30 キヤノン株式会社 通信方法及び無線通信装置
JPH09326789A (ja) * 1996-06-07 1997-12-16 Sharp Corp 携帯無線端末間通信における相手認証方法及びシステム
US6157633A (en) * 1996-06-10 2000-12-05 At&T Wireless Sucs. Inc. Registration of mobile packet data terminals after disaster
JPH10224340A (ja) * 1997-02-07 1998-08-21 Brother Ind Ltd 無線通信方法及び無線通信システム
US6590928B1 (en) * 1997-09-17 2003-07-08 Telefonaktiebolaget Lm Ericsson (Publ) Frequency hopping piconets in an uncoordinated wireless multi-user system
US6108366A (en) * 1997-10-14 2000-08-22 Telefonaktiebolaget Lm Ericsson Method and apparatus for the generation of frequency hopping sequences
AU2001286837A1 (en) * 2000-08-30 2002-03-13 Lucent Technologies Inc. Securing the identity of a bluetooth master device (bd_addr) against eavesdropping by preventing the association of a detected frequency hopping sequence with the identity of a particular bluetooth device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0219599A2 *

Also Published As

Publication number Publication date
WO2002019599A3 (fr) 2003-01-23
AU2001286837A1 (en) 2002-03-13
EP1314286B1 (fr) 2007-08-01
JP2004512709A (ja) 2004-04-22
DE60129714T2 (de) 2008-04-30
WO2002019641A3 (fr) 2003-03-06
JP2004528735A (ja) 2004-09-16
EP1314286A2 (fr) 2003-05-28
WO2002019599A2 (fr) 2002-03-07
JP2011239414A (ja) 2011-11-24
WO2002019641A2 (fr) 2002-03-07
DE60129714D1 (de) 2007-09-13
JP3860113B2 (ja) 2006-12-20
AU2001285313A1 (en) 2002-03-13
JP5209086B2 (ja) 2013-06-12

Similar Documents

Publication Publication Date Title
US6981157B2 (en) Method and apparatus for ensuring security of users of short range wireless enable devices
US6574455B2 (en) Method and apparatus for ensuring security of users of bluetooth TM-enabled devices
EP1389388B1 (fr) Procede pour protege la confidentialite lors de l'utilisation d'un dispositif bluetooth
Jakobsson et al. Security weaknesses in Bluetooth
US20180278625A1 (en) Exchanging message authentication codes for additional security in a communication system
KR101466393B1 (ko) 통신 시스템에서 피어 투 피어 통신 방법 및 장치
CN110034940B (zh) 3gpp lte中的通信移动设备之间的接近发现、认证和链路建立
CN107113594B (zh) 设备到设备通信系统的安全发送和接收发现消息的方法
KR101893481B1 (ko) 소부대 운용을 위한 디지털 무전기에서 주변 주파수 탐색 호출 및 아이디 탐색 방법
US20070293197A1 (en) Address privacy in short-range wireless communication
KR20030013464A (ko) 무선 통신 시스템에서의 접속 설정 방법
JPH06506813A (ja) 暗号化された無線送信のための動的暗号化キー選択
JP5209086B2 (ja) Bluetooth(登録商標)対応デバイスのユーザのセキュリティを保証する方法および装置
JP2003512768A (ja) 低電力無線周波数装置に用いられる周波数帯域を制限するための方法および装置
WO2019129346A1 (fr) Appareil, système et procédé d'authentification sans fil
CN112994739B (zh) 无公共控制信道的自主建链与变频一体化通信方法及系统
WO2019153015A1 (fr) Système et procédé de réveil sécurisé dans un système de communication
CN103987018A (zh) 基于非协调跳频的认知无线网络抗敌意干扰协作广播方法
EP4145766A1 (fr) Système et procédés de communication fournissant une opération de messagerie vocale instantanée avec sécurité améliorée de bluetooth à faible énergie (ble)
JP2006521737A (ja) 無線周波妨害から保護するための方法および装置
KR101602497B1 (ko) 무선 네트워크 통신 시스템에서 데이터 통신 보안을 위한 맥 프로토콜 제공 방법
JPS61199342A (ja) コ−ドレス電話装置
US9794777B2 (en) Varying device identities
CN107920054A (zh) 一种数据传输方法及其相关设备
Mishra et al. D-MACRN: A Decentralized MAC protocol for Ad Hoc Cognitive Radio Networks

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20030221

AK Designated contracting states

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

RBV Designated contracting states (corrected)

Designated state(s): AT BE CH CY DE FI FR GB LI

17Q First examination report despatched

Effective date: 20080508

RAP3 Party data changed (applicant data changed or rights of an application transferred)

Owner name: LUCENT TECHNOLOGIES INC.

APBK Appeal reference recorded

Free format text: ORIGINAL CODE: EPIDOSNREFNE

APBN Date of receipt of notice of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA2E

APBR Date of receipt of statement of grounds of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA3E

APAF Appeal reference modified

Free format text: ORIGINAL CODE: EPIDOSCREFNE

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ALCATEL-LUCENT USA INC.

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ALCATEL LUCENT

111Z Information provided on other rights and legal means of execution

Free format text: AT BE CH CY DE FI FR GB LI

Effective date: 20130410

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

APBT Appeal procedure closed

Free format text: ORIGINAL CODE: EPIDOSNNOA9E

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20140611

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Free format text: PREVIOUS MAIN CLASS: H04L0012560000

Ipc: H04L0012713000

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Free format text: PREVIOUS MAIN CLASS: H04L0012560000

Ipc: H04L0012713000

Effective date: 20140730