Abstract
We discuss ways to enhance the location privacy of Bluetooth. The principal weakness of Bluetooth with respect to location privacy lies in its disclosure of a device’s permanent identifier, which makes location tracking easy. Bluetooth’s permanent identifier is often disclosed and it is also tightly integrated into lower layers of the Bluetooth stack, and hence susceptible to leakage. We survey known location privacy attacks against Bluetooth, generalize a lesser-known attack, and describe and quantify a more novel attack. The second of these attacks, which recovers a 28-bit identifier via the device’s frequency hop pattern, requires just a few packets and is practicable. Based on a realistic usage scenario, we develop an enhanced privacy framework with stronger unlinkability, using protected stateful pseudonyms and simple primitives.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kesdogan, D., Federrath, H., Jerichow, A., Pfitzmann, A.: Location Management Strategies increasing Privacy in Mobile Communication Systems. In: Proceedings of the 12th IFIP SEC (1996)
Capkun, S., Hubaux, J., Jakobsson, M.: Secure and Privacy-Preserving Communication in Hybrid Ad Hoc Networks. EPFL-IC Technical report IC/2004/10 (January 2004)
ISO/IEC-15408, ISO/IEC-15408 Common Criteria for Information Technology Security Evaluation v2.1 (1999), http://csrc.nist.gov/cc
Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Computing 3(1), 46–55 (2003)
Gehrmann, C., Nyberg, K.: Enhancements to Bluetooth Baseband Security. In: Proceedings of Nordsec 2001 (November 2001)
Wong, F.-L., Stajano, F., Clulow, J.: Repairing the Bluetooth Pairing Protocol. In: Thirteenth International Workshop in Security Protocols (April 2005)
Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, p. 176. Springer, Heidelberg (2001)
Whitehouse, O.: RedFang (2003), http://www.atstake.com/
Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24(2), 84–88 (1981)
Gruteser, M., Grunwald, D.: Enhancing Location Privacy in Wireless LAN through Disposable Interface Identifiers: A Quantitative Analysis. In: First ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots (2003)
Bluetooth SIG Security Experts Group. Security Experts Group. Bluetooth Security White Paper, 1.0 (April 2002)
Bluetooth Special Interest Group. Bluetooth Specification Volume 1 Part B Baseband Specification. Specifications of the Bluetooth System, 1.1 (Febraury 2001)
Bluetooth Special Interest Group. Bluetooth Specification Volume 2 Part H Security Specification. Specification of the Bluetooth System, 1.2 (November 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wong, FL., Stajano, F. (2005). Location Privacy in Bluetooth. In: Molva, R., Tsudik, G., Westhoff, D. (eds) Security and Privacy in Ad-hoc and Sensor Networks. ESAS 2005. Lecture Notes in Computer Science, vol 3813. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11601494_15
Download citation
DOI: https://doi.org/10.1007/11601494_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30912-3
Online ISBN: 978-3-540-31615-2
eBook Packages: Computer ScienceComputer Science (R0)