On Secure Simple Pairing in Bluetooth Standard v5.0-Part II: Privacy Analysis and Enhancement for Low Energy.

Bluetooth low energy devices are very popular in wireless personal area networks. According to the Bluetooth standard specifications, the low energy secure simple pairing (LESSP) protocol is the process by which the pairing devices negotiate the authenticated secret key. To violate the user privacy, the adversary can perhaps link the runs of the LESSP protocol to the targeted device, which usually relates to the specially appointed user. Hence, we investigate deep into the privacy of the LESSP protocol. Our main contributions are threefold: (1) We demonstrate that the LESSP protocol suffers from privacy vulnerability. That is, an adversary without any secret key is able to identify the targeted device by the LESSP protocol. (2) An improvement is therefore proposed to repair the privacy vulnerability in the LESSP protocol. (3) We develop a formal privacy model to evaluate the privacy vulnerabilities in the LESSP protocol and its improved versions. We further prove that our improvement on the LESSP protocol is private under the privacy model. In addition, the performance evaluation shows that our improvement is as efficient as the LESSP protocol. Our research results are beneficial to the privacy enhancement of Bluetooth systems in wireless personal area networks.