[cryptography] Preserve us from poorly described/implemented crypto

David G. Koontz david_koontz at xtra.co.nz
Mon Jun 6 06:59:15 EDT 2011

Bluetooth 4.0 specifies 128 bit AES CCM mode.

Also found in IEEE 802.15 (Personal Area Networks).  The 802 standards can
be downloaded without cost for personal use.  You have to be Bluetooth SIG
member to get Bluetooth standards and they don't accept individual members.
IEEE Std 802.15.1-2005 13.4 appears to describe the earlier encryption
method E0 and LFSR with a 128 bit key.  Annex B of IEEE Std 802.15.3b-2005
specifies security considerations using AES addressing key usage and replay
prevention.  Without further evidence you could wonder whether or not they
use E3 (SAFER+ based hash) to generate keys for AES as well (802.15.1-2005
13.6).  Key exchange is upper layer stuff.

Taking a lot at the previous encryption method EO (which also used a 128 bit
key) see NIST Special Pubs SP800-121, Guide to Bluetooth Security[1] which
also  refers to a recent (CRYPTO'05) study saying 2^^38 computations and
2^^23.8 frames resistance for E0[2], also See Table 4-1. Key Problems with
Existing (Native) Bluetooth Security.  There doesn't appear to be a real
time threat. If you include financial transactions or other high security
dependent on using two factor security you need to have penetrated that too
(oops), it serves as a real time anchor.

You could note that the government wasn't setting off any alarms on the use
of the previous method although providing quidelines and qualifying the

The image here is that AES is a jump on the bandwagon response to an
non-articulated problem.   It'd make sense increasing the throughput to
increase the security, for those things that can take advantage of a higher
data rate.

The new range (100m) for Bluetooth 4.0 sounds like a threat even without
fancy antennas.  I opened the curtains in my office and took some binoculars
out in the yard along with a bluetooth device.  Amazing the range on these

You'd expect government bluetooth security guides would get updated,
security is likely still be use and implementation dependent and the
question still remains, how serious the threat is.  Feel free to use the
keyboard built in to you laptop to avoid it.  Hey, is that someone with a
spotter scope looking at your computer screen from across the street?

Back in the days before SCIFs were quite so prevalent the euphemism was
'step into my office', a moving vehicle was considered safe.  Both
conditions have changed since then and  I'm enjoying the lack of
professional paranoia these days.  We were much more likely to find illicit
drug stashes than listening devices searching cable troughs, equipment rooms
and offices.

There's undoubtedly a distinction in the level of effective security between
the average Microsoft customer feeling secure because of buying one of these
keyboards and a security conscious organization implementing guidelines and
adhering to recommendations.  The amount of security you end up with in the
two cases is only in part affected by the encryption algorithm selection.


[1] Guide to Bluetooth Security SP800-121,

[2] The Conditional Correlation Attack:  A Practical Attack on Bluetooth
Encryption, Y1 Lu, Willi meier and Serge Vaudenay
http://www.iacr.org/conferences/crypto2005/p/16.pdf (slides)

[3] Bluetooth Security

[4] Recommended Security Controls for Federal Information Systems and
See pages F-15, F-16, Page A-9

More information about the cryptography mailing list