Cryptanalysis of Bluetooth Encryption

By | May 9, 2006

Encryption is the most important part in computer security mechanisms and protocols: he who can bypass cryptographic protection, gains total control over the security. Password management, secure network transmission protocol, wireless protocol (Wep, WPA, Bluetooth, GSM), integrity checking (e.g. in antivirus software), data protection, login authentication are well-known examples whose security heavily relies on cryptographic mechanisms.

One well illustrative example, among many others, is the Bluetooth protocol used for wireless communications between mobile devices: laptops, PDA, cell phones, printers, cars… This protocol embeds cryptographic multi-level security.

Cryptology ensures a high level of security for both encryption and authentication. This implies that nobody can remotely and unlegitimately either connect to or log in to Bluetooth devices and proceed to its infection. With the same considerations in mind, encryption of data stream between two or more communicating devices prevents anyone from manipulating, subverting or corrupting it. The encryption cryptographic core uses the stream cipher E0, whose key entropy is 128 bits. The key length thus prevents any cryptanalysis by exhaustive search. Moreover, up to now, the encryption security of E0 has not been challenged from a practical point of view.

A few attacks of theoretical interest only have been published. Unless irrealistic assumptions are to be made, E0 has not been broken yet and the cryptographic security of Blue- tooth protocol is still very high.

This paper presents a protocol aiming at proving that an encryption system contains structural weaknesses without disclosing any information on those weaknesses. A verifier can check in a polynomial time that a given property of the cipher system output has been effectively realized. This property has been chosen by the prover in such a way that it cannot been achieved by known attacks or exhaustive search but only if the prover indeed knows some unknown weaknesses that may effectively endanger the cryptosystem security.

This protocol has been denoted zero-knowledge-like proof of cryptanalysis. In this paper, we apply this protocol to the Bluetooth core encryption algorithm E0, used in many mobile environments and thus we prove that its security can seriously be put into question.

Click here to download the full paper

Leave a Reply