Breaking the Bluetooth Pairing - The Fixed Coordinate Invalid Curve Attack

  title={Breaking the Bluetooth Pairing - The Fixed Coordinate Invalid Curve Attack},
  author={Eli Biham and Lior Neumann},
  journal={IACR Cryptol. ePrint Arch.},
  • E. Biham, Lior Neumann
  • Published 12 August 2019
  • Computer Science, Mathematics
  • IACR Cryptol. ePrint Arch.
Bluetooth is a widely deployed standard for wireless communications between mobile devices. It uses authenticated Elliptic Curve Diffie-Hellman for its key exchange. In this paper we show that the authentication provided by the Bluetooth pairing protocols is insufficient and does not provide the promised MitM protection. We present a new attack that modifies the y-coordinates of the public keys (while preserving the x-coordinates). The attack compromises the encryption keys of all of the… 
Method Confusion Attack on Bluetooth Pairing
This paper describes a design flaw in the pairing mechanism of Bluetooth that permits two devices to perform pairing using differing methods, and explains how an attacker can cause and abuse this Method Conf confusion to mount a Method Confusion Attack.
An Enhanced Passkey Entry Protocol for Secure Simple Pairing in Bluetooth
This research mainly focuses on strengthening the passkey entry protocol and protecting the devices against passive eavesdropping and active Man-in-the-middle (MITM) attacks in both Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (Bluetooth LE).
Cryptographic Analysis of the Bluetooth Secure Connection Protocol Suite
It is shown that the Bluetooth protocol still matches the common key secrecy requirements of a key exchange protocol if one assumes a trust-on-first-use (TOFU) relationship, which means that the adversary needs to mount an active attack during the initial connection, otherwise the subsequent reconnections remain secure.
The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR
An attack on the encryption key negotiation protocol of Bluetooth BR/EDR that allows a third party, without knowledge of any secret material, to make two (or more) victims agree on an encryption key with only 1 byte (8 bits) of entropy.
Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy
This work demonstrates that the key negotiation protocols of Bluetooth and BLE are vulnerable to standard-compliant entropy downgrade attacks, and shows how an attacker can downgrade the entropy of any Bluetooth session key to 1 byte, and of any BLE long-term key and sessionKey to 7 bytes.
Low Entropy Key Negotiation Attacks on Bluetooth and Bluetooth Low Energy
This work shows that an attacker can manipulate the entropy negotiation of Bluetooth and Bluetooth Low Energy to drastically reduce the encryption key space, and implements and evaluates the Key Negotiation Of Bluetooth (KNOB) attack.
MagicPairing: Apple's take on securing bluetooth peripherals
This paper analyzes how Apple improves the security of Bluetooth pairing while still maintaining its usability and specification compliance and identifies multiple vulnerabilities within Apple's implementations using over-the-air and in-process fuzzing.
Happy MitM: fun and toys in every bluetooth device
It is uncovered that none of the major Bluetooth stacks warns users, which violates the specification, and clear warnings would protect users from recently published and potential future security issues in Bluetooth authentication and encryption.
BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy
This work demonstrates that CTKD is a valuable and novel Bluetooth attack surface that enables, among others, to exploit BT and BLE just by targeting one of the two (i.e., Bluetooth cross-transport exploitation).
BlueMirror: Reflections on Bluetooth Pairing and Provisioning Protocols
It is shown that reflection attacks are possible against various pairing modes of BLE and Bluetooth Classic and several vulnerabilities in Bluetooth Mesh provisioning are uncovered, ranging from reflection attacks to cryptographic weaknesses.


Validation of Elliptic Curve Public Keys
We present practical and realistic attacks on some standardized elliptic curve key establishment and public-key encryption protocols that are effective if the receiver of an elliptic curve point does
Practical Invalid Curve Attacks on TLS-ECDH
An attack is described that allows to extract the long-term private key from a TLS server that uses such a vulnerable library and turns out that the effect on the security of TLS-ECDH is devastating.
Use of Elliptic Curves in Cryptography
  • V. Miller
  • Computer Science, Mathematics
  • 1985
An analogue of the Diffie-Hellmann key exchange protocol is proposed which appears to be immune from attacks of the style of Western, Miller, and Adleman.
Differential Fault Attacks on Elliptic Curve Cryptosystems
Three different types of attacks that can be used to derive information about the secret key if bit errors can be inserted into the elliptic curve computations in a tamper-proof device are presented.
Elliptic curve cryptosystems
The question of primitive points on an elliptic curve modulo p is discussed, and a theorem on nonsmoothness of the order of the cyclic subgroup generated by a global point is given.
New directions in cryptography
This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Bluetooth: With Low Energy Comes Low Security
It is shown that the tools and techniques discussed can effectively render useless the encryption of any Bluetooth Low Energy link.
The AES-CMAC Algorithm
This memo specifies an authentication algorithm based on CMAC with the 128-bit Advanced Encryption Standard (AES), named AES-CMAC, to be conveniently available to the Internet Community.
Hellman . New directions in cryptography
  • Transactions on Infromation Theory
  • 1976