Re: [PATCH] pre-shared passcode: secure pairing for "no keyboard, no display" devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi!

> > Currently, "no keyboard, no display" devices can be paired, but
> > pairing is not secure against active attacker.
> >
> > Can we do better? Not for the first pairing; but for the next ones --
> > yes, I believe we can.
> >
> > BLE device in this case has internal storage, and Linux running
> > there. From factory, random 6-digit number is stored in the
> > flash. Legitimate user knows the number, and system is manipulated so
> > that pairing passkey will be this pre-shared passkey. After pairing,
> > user is allowed to change it.
> >
> > [Or maybe passkey is 000000 from the factory; this is still win for
> > the user, as long as he can change the key to something random in a
> > secure cave.]
> >
> > Fortunately, kernel support for this is rather easy; patch is attached
> > below.
> >
> > Does someone see a security issue with proposal above?
> 
> Assuming "LE Secure Connections" is used, the protocol is only secure
> if the passkey is not reused. A 6 digit passkey means 20 bits. The
> protocol is performed in 20 steps, where one bit is compared and
> revealed in every step. This means the attacker will know for every
> attempt the first bit that is incorrect in the attempted passkey. If
> the passkey is reused, the attacker can just try the same passkey with
> the incorrect bit flipped. In average it takes 10 attempts to crack
> the key and maximum 20 attempts. Hence, a static key doesn't really
> add much security compared to Just Works and might give a false sense
> of security.

Thanks a lot for quick reply. And no, that is not good.

Just Works basically means that there's no security at all, anyone
within range can connect when owner is not around, and do whatever
they want.

Is there some common way this is solved?

We do have pre-shared passkey, if only 20 bits. If we set
passkey = sha( pre-shared passkey + pairing_attempt++ ), would we get
some kind of meaningful security? Perhaps with limiting pairing
attempt to say 10 a day?

Best regards,
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux