摘要
低功率蓝牙(BLE)专为资源受限的设备设计,但现有的研究已经指出其安全简单配对方案(SSP)存在中间人攻击(MITM)漏洞.文章指出造成MITM漏洞的根本原因是:配对信息被篡改以及JW模式自身的漏洞.为此文章中提出了两个适用于移动云计算(MCC)中BLE设备的SSP改进方案,所提出的方案基于哈希函数并利用MCC技术提高SSP的安全性.方案1适用于支持PE或者OOB模式的BLE设备,其利用哈希函数确保配对信息的真实性、可靠性.方案2通过哈希序列来解决仅支持JW模式的BLE设备的MITM攻击漏洞.文章分别从安全角度和性能角度对所提出的方案进行分析,以表明方案在不同级别敌手的攻击下可以提供MITM攻击防护能力.
Bluetooth low energy (BLE)is designed for the devices with computational and power limitations.But it has been confirmed that Secure Simple Pairing (SSP)is vulnerable to the MITM attack.We identify the root causes of the problem:the pairing messages being tampered,and the vulnerability of the JW model.In this paper,we propose two hash-based SSP schemes for the devices in Mobile Cloud Computing (MCC).The proposed schemes enhance the SSP security with the help of MCC.Scheme I is applied into the devices which support the PE or OOB model.It uses the hash function to ensure the authenticity and integrity of the pairing messages.Scheme II is suitable for the devices which only support the JW model.It improves the security of the JW model through using the hash array.At the end of this paper,we examine the per-formance for the proposed schemes,and perform the security analysis to show that they can provide the MITM protection a-gainst the adversaries with different levels of power.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2016年第8期1806-1813,共8页
Acta Electronica Sinica
基金
中国科学院先导专项子课题(No.XDA06010701)
信息安全国家重点实验室科研仪器设备专项(No.Y4D0031302)
关键词
蓝牙低功率
安全简单配对方案
中间人攻击
移动云计算
bluetooth low energy
secure simple pairing
man-in-the-middle attacks
mobile cloud computing