Bluetooth security in the DoD

摘要

Bluetooth is one of the most widely available wireless technologies with over 2 billion Bluetooth-enabled devices shipped. Used by cell phones, laptops, gaming consoles and many other devices, it is the predominant wireless personal area networking technology. Over the last couple of years, US government departments including the Department of Defense (DoD) have begun to embrace Bluetooth due to its standards-based cable replacement features for devices such as smart card readers and headsets. Further, security risks associated with using the technology have been determined and mitigating requirements have been published. However, a thorough discussion of the reasoning behind the Bluetooth security requirements has not been previously provided. This paper provides a technical background on how Bluetooth security works, and then dives into the security risks and requirements associated with designing and deploying Bluetooth-based solutions for use in the DoD. Further, open security problems that impact the future of Bluetooth use in the DoD such as service-level security modes are discussed. Finally, the importance of independent security reviews for Bluetooth product evaluation is emphasized.