Short passkey values

During the pairing procedure [1] both units calculate an initialisation key. The
only secret input to the key calculation is the passkey (PIN). In the next step
the combination or unit key is calculated. This calculation is protected using
the initialisation key. Directly after the exchange of the link key, the
authentication procedure is performed. The authentication uses the newly
derived link key. All key derivation algorithms are symmetric algorithms that
can be implemented in hardware or in software. The computational complexity
of the algorithms is not large. Assume that an intruder records all
communication during the key exchange and the first authentication between
two units. He can then calculate, for each possible passkey value, the
corresponding initialisation key. Furthermore, for each initialisation value, he
can calculate the corresponding link key. Finally, for each link key value he
can then check the response value for the observed challenge (or he can
issue a challenge himself towards the victim device). If he finds a match, he
has obtained the correct link key. Since all calculation steps have low complexity, unless the passkey space is large, the intruder can easily compute
the correct link key.

As an alternative, the attacker can obtain the passkey and link key by initiating
a key exchange with a victim device and perform the same step as described
If the attack described above should succeed, the intruder must be present at
the pairing occasion and record all communication. Hence, we do not
recommend pairing at public places and strongly encourage the use of long
passkey number.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: