Secure Bluetooth for Trusted m-Commerce

Abstract

Our today’s world is becoming digital and mobile. Exploiting the advantages of wireless communication protocols is not only for telecommunication purposes, but also for payments, interaction with intelligent vehicles, etc. One of the most widespread wireless capabilities is the Bluetooth protocol. Just in 2010, 906 million mobile Bluetooth enabled phones had been sold, and in 2011, there were more than 40 million Bluetooth enabled health and medical devices on the market. Still in 2011, one third of all new vehicles produced worldwide included Bluetooth technology. Security and privacy protection is key in the digital world of today. There are security and privacy risks such as device tracking, communication eavesdropping, etc., which may come from improper Bluetooth implementation with very severe consequences for the users. The objective of this paper is to analyze the usage of Bluetooth in m-commerce and m-payment fields. The steps undertaken in this paper in order to come to a proposal for a secure architecture are the analysis of the state of the art of the relevant specifications, the existing risks and the known vulnerabilities the related known attacks. Therefore, we give first an overview of the general characteristics of Bluetooth technology today, going deeper in the analysis of Bluetooth stack’s layers and the security features offered by the specifications. After this analysis of the specifications, we study how known vulnerabilities have been exploited with a comprehensive list of known attacks, which poses serious threats for the users. With all these elements as background, we conclude the paper proposing a design for Secure Architecture for Bluetooth-Enhanced Mobile “Smart” Commerce Environments.

Share and Cite:

P. Stirparo and J. Löschner, "Secure Bluetooth for Trusted m-Commerce," International Journal of Communications, Network and System Sciences, Vol. 6 No. 6, 2013, pp. 277-288. doi: 10.4236/ijcns.2013.66030.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] Bluetooth SIG, “Bluetooth Specification.” http://www.bluetooth.org/Technical/Specifications/ adopted.htm
[2] Bluetooth SIG, “Bluetooth Special Interest Group.” http://www.bluetooth.com/Pages/network-effect.aspx
[3] H. Dwivedi, C. Clarck and D. Thiel, “Mobile Application Security,” McGraw Hill, 2010.
[4] Bluetooth SIG, “Bluetooth Specification: Core Versione 2.0 + EDR,” 2004. http://www.bluetooth.org/docman/handlers/DownloadDoc.ashx?doc_id=40560
[5] Bluetooth SIG, “Bluetooth Specification: Core Versione 2.1 + EDR,” 2007. http://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=241363
[6] Bluetooth SIG, “Bluetooth Specification: Core Versione 3.0 + HS,” 2009. http://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=174214
[7] Bluetooth SIG, “Bluetooth Specification: Core Versione 4.0,” 2010. http://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=229737
[8] NIST, “Guide to Bluetooth Security (Draft), Special Pubblication 800-121, Rev. 1,” NIST, 2011.
[9] W. Stallings, “Wireless Communications and Networks,” 2nd Edition, Prentice Hall, 2004.
[10] S. Hay and R. Harle, “Bluetooth Tracking without Discoverability,” 4th International Symposium on Location and Context Awareness, Tokyo, 7-8 May 2009, pp. 120-137. doi:10.1007/978-3-642-01721-6_8
[11] L. Carettoni, C. Merloni and S. Zanero, “Studying Bluetooth Malware Propagation: The Bluebag Project,” IEEE Security & Privacy, Vol. 5, No. 2, 2007, pp. 17-25. doi:10.1109/MSP.2007.43
[12] “Trifinite Group.” http://www.trifinite.org
[13] M. Herfurt and C. Mulliner, “Remote Device Identification Based on Bluetooth Fingerprinting Techniques,” Trifinite Group, White Paper, 2004.
[14] C. Gehrmann, J. Persson and B. Smeets, “Bluetooth Security,” Artech House, Inc., 2004.
[15] I. Kounelis, J. Loschner, D. Shaw and S. Scheer, “Security of Service Requests for Cloud Based m-Commerce,” 2012 Proceedings of the 35th International Convention MIPRO, Opatija/Abbazia, 21-25 May 2012, pp. 1479-1483.
[16] I. Kounelis, H. Zhao and S. Muftic, “Secure Middleware for Mobile Phones and UICC Applications,” Mobile Wireless Middleware, Operating Systems, and Applications, Berlin, 13-14 November 2012, pp. 143-152.
[17] GSMA, “Mobile NFC Technical Guidelines, Version 2.0,” 2007.
[18] NFC Forum, “Bluetooth Secure Simple Pairing Using NFC,” Application Document v1.0, 2011.

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.