 Hi, and welcome to the presentation of the paper, Cryptographic Analysis of the Bluetooth Secure Connection Protocol Suite. My name is Olga Zanina, and this is a joint work with Mark Fishlin from Darmstadt Technical University. If you're watching it using Bluetooth devices, these might be a right video for you. You probably heard about Bluetooth low energy in the light of contact tracing, but this is one of the modes in Bluetooth. Bluetooth technology comes in two different variants, classic and low energy. Bluetooth classic is used for connections with continuous data streams, like headphones, controllers, cars. In contrast, Bluetooth low energy is typically used when power consumption is a concern and data is transferred periodically. For example, in fitness trackers, smart homes, pacemakers. There are also devices that support both variants of Bluetooth, like smartphones. In this presentation, I will focus on Bluetooth low energy. To encrypt the data between two devices, the first need to establish a key. In Bluetooth, there is a bunch of protocols for key exchange with different levels of security, and the strongest one is called secure connection. Now you might ask me, why do we need yet another analysis? Bluetooth protocol is out there for such a long time. Wasn't it analyzed already? Well, there were indeed some papers with analysis of key exchange in Bluetooth. However, they had some drawbacks. First, they always considered only standalone protocols and proved them to be secure. Second, they modeled the protocol not close to the standard. For example, the analysis assumed that a fresh Diffie-Hellman share is used in each connection. However, the standard allows to use the same Diffie-Hellman share in up to eight connections. This also caused a problem in Lindell's analysis where the session identifiers were defined via only these Diffie-Hellman shares and strictly speaking, the result in the paper cannot even guarantee a correctness property for the protocol. Another thing is that Lindell and Zoom in their papers assumed that the entire Diffie-Hellman code point enters the computation, while the standard uses only X coordinate of the Diffie-Hellman code point. Trancozo and Hale in their paper pointed that out and correctly used only the X coordinate. Okay, but why is it important to analyze the entire protocol suite? Why can't we just take the most secure protocol in the suite and use it for all the devices? Well, devices have different features such as input and output capabilities. Hence, we cannot rule out some protocols because all of them are used. In addition, there is a range of various most in the medial attacks on protocols starting from reflection and troll confusion attacks up to done great attacks on the encryption key size and the attacks on the authentication property where the adversary can even learn the encryption key. One of such attacks is presented in the paper by Zanatal from the user links last year. Imagine we have a user who wants to connect their keyboard to the screen. For this, the screen will display some digits which user must type on the keyboard. Looks good, right? But there is a monster in the medial attack going on at the same time. For this, the adversary connects its fake screen to the keyboard of the user. When the user inserts the digits, the adversary learns them. Then the adversary enters these digits on the fake keyboard and successfully connect to the user's screen and establish the session key with the user. Now, with all this in mind, we can move to the contribution of the paper. We give the first analysis of the entire CQ connection protocol suite. Because of all this monster in the medial attacks, we could not show Bluetooth protocol to be in authenticated key exchange. So we analyze the suit as trust on the first use key exchange. Then we also investigate a privacy mechanism available in Bluetooth low energy. And a small bonus, we also give a precise and exhaustive description of the Bluetooth key exchange protocol suite. First, I will present you the security results. But before jumping to them, I will briefly show their protocol flow. Bluetooth key exchange consists of the initial connection where the devices connect for the first time and establish a bond and a reconnection when the boundary devices want to communicate with each other again. For the initial connection, the devices start with connecting on the physical level where both send their device addresses for identification. After that, the devices need to connect on the logical level where they exchange their device-specific information such as input and output capabilities of their devices. Finally, they can start their parent process where they first perform the elliptic of Diffie-Hellman key exchange to send each other the Diffie-Hellman shares. Then they exchange some random nonsense and then they set a key confirmation to check the derived shared key. For the reconnection step, the devices again need to connect on the physical level if they are not connected yet. Then they can go directly to the session key establishment and derive a session key from the shared secret which they establish it during the initial connection. This encryption key will be then used to encrypt the communication between the devices. Now, how does the trust-on-first-use model work in this case? During the initial connection, the adversary stays passive and can only if drop the communication between two devices. When the devices are reconnected, the adversary can be active and affect the communication by modifying the messages, dropping them, revealing the encryption keys, and so on. Now, I will show you the model that we use to analyze the key exchange in Bluetooth. We used a game-based security model in the Lara Rockaway style. We aimed for two security properties. First property is key secrecy, which intuitively means that the encryption key remains secret. So when we give the adversary the real key and some random string, the adversary cannot efficiently distinguish between them. The second property is match security, which consists of the two conditions. First, the sessions that are partnered must derive the same session key. Second, not more than two sessions must be partnered. To capture the adversarial behavior, we give him the access to the oracle. The test oracle is used for key secrecy, and the reveal oracle allows the adversary to learn the session key. Send lets the adversary to send any messages to the arbitrary sessions. Init session and reconnect oracles are used to establish a session with the initial connection or with the reconnection if the devices have been bounded before. Finally, we allow the adversary to choose when the devices change their Diffie-Hellman share with the next BK oracle. Before presenting the results, I will show you the assumptions that we used to achieve these results. First, we used PRF or DH assumption from the paper by Brenda Letell from crypto 2017. Then we also assumed that IS used for session key derivation is a pseudo-random function. We also assumed trust on first use so the adversary stays passive during the initial connection and becomes active during the reconnection of two devices. We showed that under these assumptions, the secure connection protocol suite is a secure trust on first use key exchange. You can check the bounds and details of the proof in the paper. Now we can go to another part of the contribution which is privacy analysis. Prior to that, most of the analysis looked into privacy as linkability of the physical characteristics of the devices such as the strength of the signal. There is a paper by Sunatal in Censored Journal which started the linkability of the cryptographic transcript in Bluetooth key exchange protocol. They pointed out correctly that the devices can be easily linked if they use the same Diffie-Hellman share in several connections. However, they only focused on secure connection and did not give any analysis of the address randomization mechanism which is essential for the key exchange and done before the devices enter the secure connection stage. The privacy mechanism in Bluetooth allows the devices to use non-resolvable random addresses instead of their physical MAC addresses. Non-resolvable addresses are just random values that are generated new every certain period of time. It doesn't contain any information about the device and that is why it can be used only in initial connections. Opposite, the resolvable addresses consist of some random value prunt which is then concatenated to the ciphertext. This ciphertext is derived from the prunt encrypted with the identity-resolving key. To resolve the address, this identity-resolving key must be distributed to the device. Therefore, this type of addresses can be used only in reconnections. The identity-resolving key is unique for the device and the same key is distributed among all the devices with which the initial device is bounding. But if there is an adversary among these devices, then the identity-resolving key is compromised for all of the connections. We also used a game-based model for the analysis of privacy. Here we aimed for the property which we called outsider privacy. Intuitively, it means that the adversary cannot link the target device. That is, he cannot distinguish the target device from some other identical device. Second, it also means that the identity-resolving key of the target remains secret. We make the adversary passive and model his behavior by giving him the access only to the test oracle. This oracle gives back the transcript between a device and either the target or some other device. Now let's look into the results that we received. I will again start with the assumptions that we used. As I mentioned before, we assume the adversary is passive and cannot learn the identity-resolving key of the target device. Then we assume that D.V. Hellman shares are new in each session or the device, the device can be easily linked, what was shown in the paper by Soonatal. Next, we assume that the target device uses the same device-specific information as the devices, from which the adversary is trying to distinguish the target. Finally, we assume that AS, which is used to encrypt the random value prompt, is a pseudo-random function. We proved that the address-randomization mechanism achieves outside the privacy under the assumptions that I mentioned, with a decent level. That is, the bound does not achieve the cryptographic standard of two to the power of minus 60, but the mechanisms sound due to the difficulty to mount the attacks with the big number of the devices. Note that this result does not rule out the linkability of the devices based on their physical characteristics, such as the time with which the new address is generated or the strength of the signal. Let's wrap up the talk. We showed that the CQ connection protocol speed provides basic common key requirements in trust and first use model under reasonable assumptions. We showed that Bluetooth low energy achieves outside the privacy when we rule out physical traceability. We also found out, and I would like to mention that, that the Bluetooth standard code cost specification is extremely hard to navigate through. It has a huge size of 3,000 pages and lack of clarity in terminology. For example, when it comes to the desired security properties, the standard is rather vague because the requirements are not specified or subsumed under imprecise terms. This concludes my presentation. Thank you for watching. If you have any questions, feel free to contact me by email.