During the pairing procedure [1] both units calculate an initialisation key. The

only secret input to the key calculation is the passkey (PIN). In the next step

the combination or unit key is calculated. This calculation is protected using

the initialisation key. Directly after the exchange of the link key, the

authentication procedure is performed. The authentication uses the newly

derived link key. All key derivation algorithms are symmetric algorithms that

can be implemented in hardware or in software. The computational complexity

of the algorithms is not large. Assume that an intruder records all

communication during the key exchange and the first authentication between

two units. He can then calculate, for each possible passkey value, the

corresponding initialisation key. Furthermore, for each initialisation value, he

can calculate the corresponding link key. Finally, for each link key value he

can then check the response value for the observed challenge (or he can

issue a challenge himself towards the victim device). If he finds a match, he

has obtained the correct link key. Since all calculation steps have low complexity, unless the passkey space is large, the intruder can easily compute

the correct link key.

As an alternative, the attacker can obtain the passkey and link key by initiating

a key exchange with a victim device and perform the same step as described

above.

If the attack described above should succeed, the intruder must be present at

the pairing occasion and record all communication. Hence, we do not

recommend pairing at public places and strongly encourage the use of long

passkey number.

### Like this:

Like Loading...

*Related*

## Leave a Reply