Secret key extraction using Bluetooth wireless signal strength measurements

Bluetooth has found widespread adoption in phones, wireless headsets, stethoscopes, glucose monitors, and oximeters for communication of, at times, very critical information. However, the link keys and encryption keys in Bluetooth are ultimately generated from a short 4 digit PIN, which can be cracked off-line. We develop an alternative for secure communication between Bluetooth devices using the symmetric wireless channel characteristics. Existing approaches to secret key extraction primarily use measurements from a fixed, single channel (e.g., a 20 MHz WiFi channel); however in the presence of heavy WiFi traffic, the packet exchange rate in such approaches can reduce as much as 200 x. We build and evaluate a new method, which is robust to heavy WiFi traffic, using a very wide bandwidth (B >> 20 MHz) in conjunction with random frequency hopping. We implement our secret key extraction on two Google Nexus One smartphones and conduct numerous experiments in indoor-hallway and outdoor settings. Using extensive real-world measurements, we show that outdoor settings are best suited for secret key extraction using Bluetooth. We also show that even in the absence of heavy WiFi traffic, the performance of secret key generation using Bluetooth is comparable to that of WiFi while using much lower transmit power.