Location Privacy in Bluetooth

  • Ford-Long Wong
  • Frank Stajano
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3813)


We discuss ways to enhance the location privacy of Bluetooth. The principal weakness of Bluetooth with respect to location privacy lies in its disclosure of a device’s permanent identifier, which makes location tracking easy. Bluetooth’s permanent identifier is often disclosed and it is also tightly integrated into lower layers of the Bluetooth stack, and hence susceptible to leakage. We survey known location privacy attacks against Bluetooth, generalize a lesser-known attack, and describe and quantify a more novel attack. The second of these attacks, which recovers a 28-bit identifier via the device’s frequency hop pattern, requires just a few packets and is practicable. Based on a realistic usage scenario, we develop an enhanced privacy framework with stronger unlinkability, using protected stateful pseudonyms and simple primitives.


Location Privacy Access Code Connected State Privacy Risk Master Device 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kesdogan, D., Federrath, H., Jerichow, A., Pfitzmann, A.: Location Management Strategies increasing Privacy in Mobile Communication Systems. In: Proceedings of the 12th IFIP SEC (1996)Google Scholar
  2. 2.
    Capkun, S., Hubaux, J., Jakobsson, M.: Secure and Privacy-Preserving Communication in Hybrid Ad Hoc Networks. EPFL-IC Technical report IC/2004/10 (January 2004)Google Scholar
  3. 3.
    ISO/IEC-15408, ISO/IEC-15408 Common Criteria for Information Technology Security Evaluation v2.1 (1999),
  4. 4.
    Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Computing 3(1), 46–55 (2003)CrossRefGoogle Scholar
  5. 5.
    Gehrmann, C., Nyberg, K.: Enhancements to Bluetooth Baseband Security. In: Proceedings of Nordsec 2001 (November 2001)Google Scholar
  6. 6.
    Wong, F.-L., Stajano, F., Clulow, J.: Repairing the Bluetooth Pairing Protocol. In: Thirteenth International Workshop in Security Protocols (April 2005)Google Scholar
  7. 7.
    Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, p. 176. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Whitehouse, O.: RedFang (2003),
  9. 9.
    Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  10. 10.
    Gruteser, M., Grunwald, D.: Enhancing Location Privacy in Wireless LAN through Disposable Interface Identifiers: A Quantitative Analysis. In: First ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots (2003)Google Scholar
  11. 11.
    Bluetooth SIG Security Experts Group. Security Experts Group. Bluetooth Security White Paper, 1.0 (April 2002)Google Scholar
  12. 12.
    Bluetooth Special Interest Group. Bluetooth Specification Volume 1 Part B Baseband Specification. Specifications of the Bluetooth System, 1.1 (Febraury 2001)Google Scholar
  13. 13.
    Bluetooth Special Interest Group. Bluetooth Specification Volume 2 Part H Security Specification. Specification of the Bluetooth System, 1.2 (November 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ford-Long Wong
    • 1
  • Frank Stajano
    • 1
  1. 1.Computer LaboratoryUniversity of Cambridge 

Personalised recommendations