Location Privacy in Bluetooth
- 584 Downloads
We discuss ways to enhance the location privacy of Bluetooth. The principal weakness of Bluetooth with respect to location privacy lies in its disclosure of a device’s permanent identifier, which makes location tracking easy. Bluetooth’s permanent identifier is often disclosed and it is also tightly integrated into lower layers of the Bluetooth stack, and hence susceptible to leakage. We survey known location privacy attacks against Bluetooth, generalize a lesser-known attack, and describe and quantify a more novel attack. The second of these attacks, which recovers a 28-bit identifier via the device’s frequency hop pattern, requires just a few packets and is practicable. Based on a realistic usage scenario, we develop an enhanced privacy framework with stronger unlinkability, using protected stateful pseudonyms and simple primitives.
KeywordsLocation Privacy Access Code Connected State Privacy Risk Master Device
Unable to display preview. Download preview PDF.
- 1.Kesdogan, D., Federrath, H., Jerichow, A., Pfitzmann, A.: Location Management Strategies increasing Privacy in Mobile Communication Systems. In: Proceedings of the 12th IFIP SEC (1996)Google Scholar
- 2.Capkun, S., Hubaux, J., Jakobsson, M.: Secure and Privacy-Preserving Communication in Hybrid Ad Hoc Networks. EPFL-IC Technical report IC/2004/10 (January 2004)Google Scholar
- 3.ISO/IEC-15408, ISO/IEC-15408 Common Criteria for Information Technology Security Evaluation v2.1 (1999), http://csrc.nist.gov/cc
- 5.Gehrmann, C., Nyberg, K.: Enhancements to Bluetooth Baseband Security. In: Proceedings of Nordsec 2001 (November 2001)Google Scholar
- 6.Wong, F.-L., Stajano, F., Clulow, J.: Repairing the Bluetooth Pairing Protocol. In: Thirteenth International Workshop in Security Protocols (April 2005)Google Scholar
- 8.Whitehouse, O.: RedFang (2003), http://www.atstake.com/
- 10.Gruteser, M., Grunwald, D.: Enhancing Location Privacy in Wireless LAN through Disposable Interface Identifiers: A Quantitative Analysis. In: First ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots (2003)Google Scholar
- 11.Bluetooth SIG Security Experts Group. Security Experts Group. Bluetooth Security White Paper, 1.0 (April 2002)Google Scholar
- 12.Bluetooth Special Interest Group. Bluetooth Specification Volume 1 Part B Baseband Specification. Specifications of the Bluetooth System, 1.1 (Febraury 2001)Google Scholar
- 13.Bluetooth Special Interest Group. Bluetooth Specification Volume 2 Part H Security Specification. Specification of the Bluetooth System, 1.2 (November 2003)Google Scholar