摘要
Our today’s world is becoming digital and mobile. Exploiting the advantages of wireless communication protocols is not only for telecommunication purposes, but also for payments, interaction with intelligent vehicles, etc. One of the most widespread wireless capabilities is the Bluetooth protocol. Just in 2010, 906 million mobile Bluetooth enabled phones had been sold, and in 2011, there were more than 40 million Bluetooth enabled health and medical devices on the market. Still in 2011, one third of all new vehicles produced worldwide included Bluetooth technology. Security and privacy protection is key in the digital world of today. There are security and privacy risks such as device tracking, communication eavesdropping, etc., which may come from improper Bluetooth implementation with very severe consequences for the users. The objective of this paper is to analyze the usage of Bluetooth in m-commerce and m-payment fields. The steps undertaken in this paper in order to come to a proposal for a secure architecture are the analysis of the state of the art of the relevant specifications, the existing risks and the known vulnerabilities the related known attacks. Therefore, we give first an overview of the general characteristics of Bluetooth technology today, going deeper in the analysis of Bluetooth stack’s layers and the security features offered by the specifications. After this analysis of the specifications, we study how known vulnerabilities have been exploited with a comprehensive list of known attacks, which poses serious threats for the users. With all these elements as background, we conclude the paper proposing a design for Secure Architecture for Bluetooth-Enhanced Mobile “Smart” Commerce Environments.
Our today’s world is becoming digital and mobile. Exploiting the advantages of wireless communication protocols is not only for telecommunication purposes, but also for payments, interaction with intelligent vehicles, etc. One of the most widespread wireless capabilities is the Bluetooth protocol. Just in 2010, 906 million mobile Bluetooth enabled phones had been sold, and in 2011, there were more than 40 million Bluetooth enabled health and medical devices on the market. Still in 2011, one third of all new vehicles produced worldwide included Bluetooth technology. Security and privacy protection is key in the digital world of today. There are security and privacy risks such as device tracking, communication eavesdropping, etc., which may come from improper Bluetooth implementation with very severe consequences for the users. The objective of this paper is to analyze the usage of Bluetooth in m-commerce and m-payment fields. The steps undertaken in this paper in order to come to a proposal for a secure architecture are the analysis of the state of the art of the relevant specifications, the existing risks and the known vulnerabilities the related known attacks. Therefore, we give first an overview of the general characteristics of Bluetooth technology today, going deeper in the analysis of Bluetooth stack’s layers and the security features offered by the specifications. After this analysis of the specifications, we study how known vulnerabilities have been exploited with a comprehensive list of known attacks, which poses serious threats for the users. With all these elements as background, we conclude the paper proposing a design for Secure Architecture for Bluetooth-Enhanced Mobile “Smart” Commerce Environments.
