Mitigation for the Method Confusion Attack on Bluetooth
Mitigation for the Method Confusion Attack on Bluetooth
| Supervisor(s): | Ludwig Peuckert |
| Status: | finished |
| Topic: | Others |
| Author: | Fabian Wührer |
| Submission: | 2021-07-15 |
| Type of Thesis: | Bachelorthesis |
DescriptionThe Method Confusion Attack on Bluetooth enables an attacker to place a Man in the Middle even in the highest security mode of Bluetooth. Since its discovery in 2020, it has been a major issue for Bluetooth security. It attacks the pairing process by using a Numeric Comparison value used for a pairing with one device as a passkey for a Passkey Entry with the other device. This breaks the confidentiality of the passkey.
Bluetooth exists since 1999 and is one of the most used wireless technology standards. It has a lot of use-cases, including many security relevant ones. To date, no viable solution could be presented to address the vulnerability.
However, this work presents a new way to mitigate the attack while maintaining backwards compatibility. The mitigation works by sharing the used Numeric Comparison values with surrounding devices, which allows them to detect a potential attack by comparing them to their used passkeys.
Furthermore, the obvious problem that the sharing transmission could be blocked is circumvented by an introduction of a jamming protection. This protection is based on Tamper Evident Announcements, which provides tamper and jamming detection. Additionally, a security model was designed and a working implementation was used to evaluate the functionality.
|
|