64 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 10, 2010
An Intelligent Bidirectional Authentication Method
Nabil EL KADHI 1 and Hazem EL GENDY 2
1
Computer Engineering Department Chairman
Ahlia University Bahrain
[email protected]
2
Faculty of Computer Sc &IT Ahram Canadian University Egypt
[email protected]
Abstract: A new Bluetooth authentication model using some
game theory concepts is presented in this paper. Bluetooth is a
wireless communication protocol designed for WPAN (Wireless
Personal Area Network) use. Game theory is a branch of
mathematics and logic which deals with the analysis of games.
An authentication between two Bluetooth devices is an
unidirectional challenge-response procedure and consequently,
has many vulnerabilities. We propose a bidirectional
authentication scheme in which the authentication is considered
as a non-cooperative non-zero-sum bi-matrix game. Three
strategies are developed for each player, and the best-response
strategies (also called Nash equilibrium) for this game are
computed. Using Simplex algorithm, we find only one Nash
equilibrium corresponding to the case where both Bluetooth
devices are authentic and trying to securely communicate
together. In a Nash equilibrium, no player has an incentive to
deviate from such situation. Then, we generalize our
authentication method to other protocols.
Keywords: Computer/Communications Protocols, ISO
(International Standards Organization), Bluetooth security,
Bluetooth authentication, game theory, Nash equilibrium,
Transport Layer Protocol.
1. Introduction
The growth of Information Technology role in various
aspects of our lives in various areas has been increasing
rapidly. This in turn increased the importance of having
digital information bases and have electronic connectivity
between various sites of the same organization and between
various organizations. These may be spread over multiple
networks in different countries in different contents [16, 17].
This in turn, significantly and substantially increased
the importance of having security guarantees for these
information data bases and electronic connectivity.
Unfortunately, the security risks have also increased. This
triggered the Research on & Development of security
methods and systems to provide security guarantees to the
communicating users and users of the information data
bases. This includes the work on developing authentication
methods to authenticate the identity of the communicating
parties [1].
The explosive growth of electronic connectivity and
wireless technologies revolutionized our society. Bluetooth
is one of these technologies. It is a recently proposed
standard [8] that allows for local wireless communication
and facilitates the physical connection of different devices
[2]. Unfortunately, this wireless environment attracted many
malicious individuals. Wireless networks are exposed to
many risks and hacker attacks, ranging from data manip-
ulation and eavesdropping to viruses and warms attacks. On
one hand, security needs are increasingly vital. On the other
hand, many security problems have been addressed by game
theory. In fact, game theory is the formal study of interactive
decision processes [11] offering enhanced understanding of
conflict and cooperation through mathematical models and
abstractions.
Bluetooth networks are proliferating in our society.
Unfortunately, the Bluetooth security has many weaknesses.
Del Vecchio and El Kadhi [8] explain many attacks based
on the Bluetooth protocol and Bluetooth software
implementations.
The application of game theory to networks security has
been gaining increasing interest within the past few years.
For example, Syverson [14] talks about “good” nodes
fighting “evil” nodes in networks and suggests using game
theory for reasoning. In [3], Browne describes how game
theory can be used to analyze attacks involving complicated
and heterogeneous military networks. Buike [4] studies the
use of games to model attackers and defenders in
information warfare.
In this paper, we focus on the vulnerability of the
Bluetooth authentication. Since such process is unilateral, a
malicious Verifier can considerably damage its
correspondent menacing the operability of that device on the
one hand and, the confidentiality and the integrity of the
data exchanged on the other hand. To counter this
weakness, a game-theoretic framework is used to model a
bidirectional authentication between two Bluetooth devices.
Using the Nash equilibrium concept, a secure authentication
process is defined in which the authentication is successful
if and only if both devices are trusted. This paper is
structured as following: First, Bluetooth protocol is reviewed
with a focus on its security procedures and vulnerabilities in
section 2. Then, section 3 is dedicated to a background on
game theory. Next, in section 4 we introduce our game-
theoretic model, then some results are presented in section
5. The new bidirectional Bluetooth authentication protocol
is described in section 6. In Section 7, we generalize our
intelligent authentication method to other protocols. Section
8, presents concluding remarks.
 (IJCNS) International Journal of Computer and Network Security, 65
Vol. 2, No. 10, 2010

2. An overview of the Bluetooth security exchanged [15]. The authentication process is shown in
figure 1:

2.1 Bluetooth technology

Bluetooth is a short-range wireless cable replacement
technology. It was researched and developed by an
international group called the Bluetooth Special Interest
Group (SIG). It has been chosen to serve as the baseline of
the IEEE (Institute of Electronic and Electrical Engineers)
802.15.1 standard for Wireless Personal Area Networks
(WPANs) [6]. Bluetooth communication adopts a master-
slave architecture to form restricted types of an ad-hoc net-
work (a collection of nodes that do not need to rely on a
predefined infrastructure to keep the network connected)
called piconets. A Bluetooth piconet can consist of eight
devices, of which one is the master and the others are slaves.
Each device may take part in three piconets at most, but a
device may be master in one piconet only. Several connected
piconets form a so called scatternet. One of the main
practical applications of Bluetooth technology includes the 2.2.4 Encryption
ability to transfer files, audio data and other objects, such as The encryption procedure follows on from the au-
electronic business cards, between physically separate thentication procedure. After the link key has been
devices such as cell phones and PDAs (Personal Digital As- determined, and authentication is successful, the encryption
sistant) or laptops. In addition, the piconets formed by key is generated by the Bluetooth E3 algorithm [9][12]. The
Bluetooth can be useful for example in a meeting, where all stream cipher algorithm, E0, is used for Bluetooth packet
participants have their own Bluetooth-compatible laptops, encryption and consists of three elements: the keystream
and want to share files with each other. generator, the pay-load key generator and the
2.2 Bluetooth link-level security encryption/decryption component [7].
The Bluetooth specifications include security features at the
3. Game theory
link level. These features are based on a secret link key that
is shared by a pair of devices. Bluetooth link-level security Game theory is a systematic and formal representation of the
supports key management, authentication and encryption interaction among a group of rational agents (people,
[10]. corporations, animals...). It attempts to determine
2.2.1 Security entities mathematically and logically the actions that players should
In every Bluetooth device there are four entities used for take in order to optimize their outcomes. We distinguish two
managing and maintaining security at the link level, namely main types of game-theoretic models: the strategic (or static)
[7]: games and the extensive games. The strategic form (also
• The Bluetooth device address (BD.ADDR). called normal form) is a basic model studied in non
cooperative game theory. A game in strategic form is given
• The private link key. by a set of strategies for each player, and specifies the payoff
• The private encryption key. for each player resulting from each strategy profile (a
combination of strategies, one for each player). Each player
• A random number (RAND). There is also a Bluetooth
chooses his plan of action once and for all and all players
Personal Identification Number (PIN) used for
make their decisions simultaneously at the beginning of the
authentication and to generate the initialization key
game. When there are only two players, the strategic form
before exchanging link keys [13].
game can be represented by a matrix commonly called bi-
2.2.2 Key management
matrix. The strategic game solution is, in fact, a Nash
A key management scheme is used to generate, store, and
equilibrium. Every strategic game with finite number of
distribute keys for the purpose of encryption, authentication
players, each with a finite set of actions has an equilibrium
and authorization [13][5]. Bluetooth specifies five different
point. This Nash equilibrium is a point from which no
types of keys: four link keys (initialization key, a unit key, a
single player wants to deviate unilaterally. By contrast, the
combination key and a master key) [7][13] and one
model of an extensive game specifies the possible orders of
encryption key [5].
the events. The players can make decisions during the game
2.2.3 Authentication
and they can react to other players’ decisions. Extensive
Bluetooth authentication uses a challenge-response scheme,
games can be finite or infinite. An extensive game is a
which checks whether the other party knows the link key
detailed description of the sequential structure
[9]. Thus one device adopts the role of the Verifier and the
corresponding to decision problems encountered by the
other the role of the Claimant [7]. Authentication is
players within strategic situations.
unilateral, i.e. one device (the Claimant) authorizes itself to
another device (the Verifier). If mutual authentication is re-
quired, the authentication process is repeated with the roles
66
4. Proposed model: a game-theoretic protocol
4.1 Assumptions and notations
The bidirectional Bluetooth authentication between two
devices is described by a non cooperative and non-zero-sum
game for two players in a normal form representation also
known as a bimatrix game. Our game is a non cooperative
one because the authentication procedure is considered
under the worst-case assumption. In other words, the
Verifier device and the Claimant are assumed to be in con-
flict because each of them has to consider that the other one
may be malicious. Both devices are trying to reach the same
optimal situation: communicate together without any risk.
Thus, what one device gains is not necessarily what the
other loses. This yields to a non-zero-sum game.
We define three strategies for each player i:
i = {v, c}
Where v refers to the Verifier and c refers to the Claimant:
• Tf Tell the truth and communicate with the player j.
• If Tell the truth and don’t communicate with the player
j.
• If Lie and try to damage the player j.
where j = {v,c} andi= j.
To allow only secure devices to communicate together, we
affect some reward and cost values defining an utility
function vd for each player i. In practice, each strategy
choice is assigned by some value of players’ utility
functions. The set of values assigned to different strategies is
determined according to statistical computations, empirical
studies, or by user specified values. In this work, such values
are defined according to a set of secure bidirectional
Bluetooth authentication rules. Note that we suggest
specifying these rules according to the authentication game
context and logic. Thus:
Rule 1 A bidirectionnal authentication between two
Bluetooth devices is secure if and only if both devices are
trusted.
Rule 2 A Bluetooth device is a winner when it is trusted and
is a loser otherwise.
Rule 3 A bidirectionnal Bluetooth authentication between
two Bluetooth devices is successful if and only if it is secure
and both devices cooperate together.
In addition, the following assumptions illustrate our
authentication game:
Assumption 1 Each player knows that his correspondent
may be a trusted device or a malicious one (note that this
assumption will justify the use of cryptographic parameters
in our model).
Assumption 2 Each player knows that if it cooperates, in others
words if it tells the truth and communicates with its
correspondent, it will win some value LU in the best case (when its
correspondent is trusted) and it will lose some value £ in the
worst-case (when its correspondent is malicious).
Assumption 3 Each player knows that if it tries to damage its
correspondent, in others words if it lies, it will lose some value n
(IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 10, 2010
when its correspondent is trusted and it will win some value i
when its correspondent is malicious.
Assumption 4 Each player knows that it had better be trusted in
any case: LU > i, £ < K and
(w + £) > (> + «).
Assumption 5 Each player knows that if it does not cooperate, in
other words if it tells the truth and does not communicate with its
correspondent, it will neither win nor lose.
4.2 Costs and rewards
Next, the meanings of win and lose are defined for the Bluetooth
devices. Consider each player payoff as a function of an energy
class constant G and a trust level constant Q. In fact, the Bluetooth
devices need to save operating power. The device’s level of trust
defines the interoperability authorization. Then, the utility
function is described as: Ui = CHG - (3iQ. For each player, the term
cnG defines the reward value whereas the term &Q defines the
cost value. en value depends only on the trustworthiness of the
player i. Whereas $ depends on the trustworthiness of both players
i and j. For example, if a player i is a trusted one and faces an
untrusted correspondent j, i will be rewarded for its authenticity
but it should pay for the non authenticity of j. Thus, we define the
following values for the coefficients αi and βi
4.3 The Nash equilibrium of our game
To achieve a secure bidirectional Bluetooth authentication
preserving the confidentiality and the integrity of the data in
transit, we use the Nash equilibrium theorem:
Theorem 1 A Nash equilibrium of a strategic-form game is a
mixed-strategy profile a* G Σ such that “ every player is playing
their best response to the strategy choices of his opponents” .
More formally, a* is a Nash equilibrium if:
where P = {1,... ,n}= the player set,
Si= Player i ’s pure-strategy space,
∑i= Player i’s mixed-strategy space (the set of probability
distributions over Si),
-i= The set P\i,
σi= Player i’s mixed-strategy profile, and
Ui(a)= Player i expected utility from a mixed-strategy
profile.
 (IJCNS) International Journal of Computer and Network Security, 67
Vol. 2, No. 10, 2010
To compute our game’s Nash equilibrium, we first formulate the Then, the Simplex algorithm is used to solve equations (3)
Verifier’s and the Claimant’s mixed-strategy best-responses’ and (4). This resolution leads to the following values:
correspondences (respectively, MBRv(r, s) and MBRc(p, q)): and t = 0.

4. Results
After optimal results are computed by the Simplex
resolution, the algorithm matchs Verifier and Claimant
probabilities with the mutual best-response
correspondence(MBi?y (r, s) and MBRc(p,q)). The Claimant
probability r = 173 corresponds to the case where Tv is the
best-strategy for the Verifier. In fact, r is greater than 38s
and also greater than 1s. Analogously, the Verifier
probability p = 173 yields the case where Tc is the Claimant’s
best-strategy. In fact, p is greater than 389 and also greater
than 15q. Thus, the mixed-strategy Nash equilibrium of our
game corresponds to the situation where telling the truth
and cooperating is the best-strategy for both players.
Consequently, the best strategy for the Verifier is Tv and the
best strategy for the Claimant is Tc and both players have no
incentive to deviate from this situation. This means that
according to our bidirectional authentication, the two
Bluetooth devices in communication are better off trusting
each other.

where p, q, r and s ∈ [0, 1]. The probabilities

5. Our bidirectional Bluetooth authentication
p, q, r and s corresponding to the players’
mixed-strategies, are computed using the lin- protocol
ear programs described in equations (3) and
(4):
Our method includes two main phases: the authentication
security parameters phase and the authentication game
establishment phase. The first phase is used to define the
devices’ trustworthiness and consequently the players’
strategies. The second phase corresponds to our game-
theoretic model where the bidirectional authentication is
considered a bimatrix game.
6.1 The security parameters check phase
According to the classic Bluetooth authentication (see figure
1), the Verifier and the Claimant devices use their input
parameters to produce the SRES and AGO outputs. For both
devices, there is only one secure parameter, the BDDR.C
relative to the Claimant, and only the Verifier checks if the
two SRES correspond. The Verifier can establish the
trustworthiness or the untrustworthiness of its
correspondent. Consequently, it can accept or refuse the
communication without any risk. But, if the Verifier is a
malicious device, the Claimant is incapable of to
discovering this, and the Verifier can easily damage its
correspondent. Consequently, in our bidirectionnal model,
we consider additional input parameters for both existing
players :RAND(C) and BDDR_V. Thus, the security
parameters check phase include two main steps. First, the
Verifier checks the Claimant identity. Next, the Claimant
takes the role of the Verifier and checks its correspondent
identity. Note that this identity check is done during two
different sessions and is not bidirectional. In each step,
each device computes an output and then, the two devices
check for correspondence. The Verifier and the Claimant
compute, respectively, SR1 and SR2 in the first step, and
SR3 and SR4 in the second step.
68
6.2 The authentication game phase
The authentication game phase consists of modeling the
bidirectional Bluetooth authentication as a game between
the Verifier and the Claimant. Results achieved in the
previous step of our algorithm are used to define the players
strategy. In fact, device-retained strategies are derived from
output matching. On one hand, SR1 = SR2 means that the
Claimant is trusted and ready to communicate. Otherwise,
the Claimant is considered a malicious device. On the other
hand, if the Claimant does not return a result, it is
indifferent to the communication. The same reasoning is
used for the Verifier where, this time, the SR3 and SR4
results are used. After deriving the players’ strategies, the
utility function parameters are defined. These parameters
represent the cost and reward function coefficients affected
to each player, depending on its strategy and the one that of
its correspondent. Next, the Nash equilibrium is computed
as detailed in section 5.3 (or best-responses
correspondence). Consequently, our Nash equilibrium
represents a pair of strategies (one by device) where each
player tells the truth and wants to securely communicate
which its correspondent. Recall that in a Nash equilibrium,
no player has an incentive to deviate from its strategy. In
terms of Bluetooth security, our bidirectional authentication
is successful if and only if both devices are trusted and there
isn’t any risk of damage or impersonation.
6.3 BiAuth algorithm
We summarize our bidirectionnal authentication procedure
on an algorithm called BiAuth which is described as
follows:
Algorithm BiAuth 1. Security parameters check:
(a) Define the authentication security parameters.
(b) Compute the security parameters correspondences.
2. Authentication game:
(a) Define the game basic elements:
• Define the set of players (a Verifier device and a
Claimant device).
• Define the players’ pure strategies (depending on
the verification of security parameters).
• Define the players’ mixed strategies.
• Define the players’ utility functions.
(b) Find mixed Nash equilibrium:
• Compute Verifier and Claimant pure-strategy
best-response correspondences.
• Compute Verifier and Claimant mixed-strategy
best-response correspondences.
(c) Formulate Verifier and Claimant problems as linear
programs.
(d) Compute mixed strategies’ probabilities: Simplex
resolution.
(e) Compute mixed Nash equilibrium.
Figure 2 illustrates our bidirectional Bluetooth
authentication protocol, where:
• RV and RC are Verifier and Claimant random-generated
numbers.
• BV and BC are the Verifier and the Claimant Bluetooth
addresses (BDDR).
• LK is the link key.
• ACO is the Authenticated Ciphering Offset generated by the
(IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 10, 2010
authentication process.
• FV and FC are the Verifier and the Claimant functions used
to check their identities.
• E1 is the cryptographic function used during the
unidirectional Bluetooth authentication.
• SSV and SSC are the set of all possible strategies for the
Verifier and the Claimant.
• PRV and PRC are Verifier and Claimant strategy
probabilities.
• UV and UC are the Verifier and the Claimant utility
functions.
• CNEV and CNEC are the functions used to compute The
Verifier and the Claimant best-response correspondences.
• NEV and NEC are the Verifier and the Claimant Nash
strategies.
6.4 Attacks scenarios
As previously cited, an important risk incurred in the
classical Bluetooth authentication is linked to a malicious
Verifier. Such a device can attack a trusted Claimant by a
set of messages and damage it. According to our
authentication model, such a scenario will not occur. In fact,
when considering our game, the strategies pairs- lying to
trying to damage the Claimant and telling the truth to com-
municate with the Verifier- do not represent a Nash
equilibrium. Another possible attack is the Man-in-the-
Middle attack where an attacker device inserts itself “in
between” two Bluetooth devices. The attacker connects to
both devices and plays a masquerade role. Our bidirectional
authentication can prevent such an attack. Indeed, the
attacker could not impersonate any device in
communication. The attacker must authenticate itself as a
trusted device for each Bluetooth device. Otherwise, the
authentication fails.
7. Generalization of the Security Method to
Other Protocols
In this Section, we generalize our authentication
scheme to protocols other than the Bluetooth protocol.
We extend the authentication scheme to end-to-end
protocols of the wired ISO networks (Given in Figure
3) that utilizes the ISO OSI Transport Layer Protocol.
To do this, we extend the ISO Transport Layer
protocol
Figure 2: Our bidirectional Bluetooth authentication
protocol.
To include an authentication phase. We also require
that the successful authentication of the other party
planning to communicate with (the party responding
to a request to communicate with from the initiating
party or the party requesting communication with the
current party) be a necessary condition for the transfer
of user data (the normal Data Transfer state of the
ISO Transport Layer protocol). Figure 4 represents the
extended ISO Transport Layer protocol while Figure 3
represents the ISO Transport Layer protocol before
extension.
 (IJCNS) International Journal of Computer and Network Security, 69
Vol. 2, No. 10, 2010

Connection Process
establishment phase AuthenticatedTPC0[tcreq,tdind,cr,cc,tccon,dr,ndind,tdreq,dt
,tdatr,ndreq] :no exit
idle
:= ( ?tcreq; !tdind;
connected TPC0[tcreq,tdind,cr,cc,tccon,ndind,tdreq,dt,tdatr,ndreq]
[] ?tcreq; !cr; ( ( ?dr; !tdind;
Disconnection phase TPC0[tcreq,tdind,cr,cc,tccon,dr,ndind,tdreq,dt,ndreq] )
[] (?cc; !tccon; exit)))
Data transfer phase >> ((Authentication_Data_phase[tdatr,dt]) [>
Disconnection_phase[tdreq,ndreq,ndind,tdind] )
Figure 3. Block Diagram representing normal ISO endproc
Transport Layer protocol where
Referring to the ISO Transport Layer protocol given in Process Authentication_Data_phase[RV,RC,SR2,tdatr,dt]
Lotos in [16, 17], we have the following: ::exit = ( !RV; ?RC; SR2; (i; ?tdatr; i; Data_phase[tdatr,dt])
Consider the Lotos specification for Class 0 transport [] (i; Disconnection_phase[tdreq,ndreq,ndind,tdind])
protocol to the case where the protocol entity is the initiator. [] (!RV; ?RC; SR2; (i; ?dt; i; Data_phase[tdatr,dt])
Process [] (i; Disconnection_phase[tdreq,ndreq,ndind,tdind]))
TPC0[tcreq,tdind,cr,cc,tccon,dr,ndind,tdreq,dt,tdatr,ndreq] endproc
:no exit := ( ?tcreq; !tdind; Process Disconnection[tdreq,ndreq,ndind,tdind[
TPC0[tcreq,tdind,cr,cc,tccon,ndind,tdreq,dt,tdatr,ndreq] ::no exit :=
[] ?tcreq; !cr; ( ( ?dr; !tdind; ?tdreq; !ndreq;
TPC0[tcreq,tdind,cr,cc,tccon,dr,ndind,tdreq,dt,ndreq] ) TPC0[tcreq,tdind,cr,cc,tccon,dr,ndind,tdreq,dt,tdatr,ndreq]
[] (?cc; !tccon; exit))) [] ?ndind; !tdind;
>> (Data_phase[tdatr,dt] [> TPC0[tcreq,tdind,cr,cc,tccon,dr,ndind,tdreq,dr,tdatr,ndreq]
Disconnection_phase[tdreq,ndreq,ndind,tdind] ) Endproc
endproc
where 8. Conclusions
Process Data_phase[tdatr,dt] ::exit = ?tdatr; i; In this work, we present a solution to strengthen the
Data_phase[tdatr,dt] Bluetooth security as well as other protocols including those
[] ?dt; i; Data_phase[tdatr,dt] for the wired networks. A classical Bluetooth authentication
endproc is unidirectional and consequently is vulnerable to malicious
Process Disconnection[tdreq,ndreq,ndind,tdind[ ::no exit := device attacks. The idea is to propose a bidirectional
?tdreq; !ndreq; authentication scheme. Game theory is useful for such
TPC0[tcreq,tdind,cr,cc,tccon,dr,ndind,tdreq,dt,tdatr,ndreq] modelisation since it is a global framework with formal
[] ?ndind; !tdind; opportunities for real-life problem representations. Thus, the
TPC0[tcreq,tdind,cr,cc,tccon,dr,ndind,tdreq,dr,tdatr,ndreq] authentication between two Bluetooth devices is viewed as a
endproc game. The new bidirectional authentication is modeled as a
Applying our authentication scheme and our extension, we simultaneous two-players game (bi-matrix). The possible
get the following specifications: strategies for each player are defined (based on some
security parameters check) and formulated with the utility
Connection function. Such function affects some costs and rewards
Idle
establishment Ua-
phase
values for each player depending on its strategy and its
connected
correspondent’s. Then, each players’ best-strategy are com-
puted (defining the Nash equilibrium). The algorithm uses
the Simplex technique to calculate players’ total gains.
Recall that in such conditions only one Nash equilibrium
Au- Authentication phase
connected
can be derived. This equilibrium corresponds to the case
where both players are telling the truth. In Bluetooth
security terms, two devices have to be trusted during
bidirectional authentication. In other words, the
bidirectional authentication is successful if and only if both
devices are authentic. To implement this protocol, two
issues are possible: outside the Bluetooth core protocol (in
Data transfer phase Disconnection phase the application layer) or within the Bluetooth core protocol
(in the LMP layer). In the first case, the classical Bluetooth
authentication will be replaced by our bidirectional
authentication. When considering the second view, some
changes in the cryptographic function used during a
Idle classical Bluetooth authentication are necessary in order to
Figure 4: Block Diagram of the Extended ISO Transport incorporate the described model. We are finalizing some
Layered protocol with Authenticaion benchmarks to compare the efficiency between our
70 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 10, 2010

algorithm and the standard Bluetooth authentication model. [14] Syverson, P. F. (1997). A different look at secure
Our work can be extended in different ways. For example, distributed computation. In Proc. 10th IEEE Computer
we can model our bidirectional authentication as an N- Security Foundations Workshop.
player game. According to such model, an authentication [15](2003) Bluetooth: threats and security measures.
process can be performed between many devices at the same Bundesant fr Sicherheit in der Informationstechnik,
time. This will be useful when piconets or scatternets are Local Wireless Communication Project Team, Ger-
formed. In addition, we can exploit extensive form in order many.
to describe dynamic behavior. A player will take into ac- [16] Hazem El-Gendy, “Formal Method for Automated
count the effect of its current behavior on the other players’ Transformation of Lotos Specifications to Estelle
future behavior. This principle can forewarn trusted Specifications”, International Journal of Software
Bluetooth devices of possible threats and malicious devices. Engineering & Knowledge Engineering, USA,
Also our model can be applied to any authentication process Vol. 15, No. 5, October 2005, pp. 1-19. 2005.
just by adapting the utility function parameters. [17] Hazem El-Gendy and Nabil El Kadhi, “Testing Data
Flow Aspects of Communications Protocols, Software,
References and Systems Specified in Lotos”, International Journal
[1] Alexoudi, M., Finlayson, E., & Griffiths, M. (2002). on Computing Methods in Science and Engineering,
Security in Bluetooth. Published in Greece, 2005.
[2] Bray, J., & Sturman, C. F. (2002). Bluetooth 1.1:
connect without cables. Second Edition, Prentice Hall
PTR (Eds.).
[3] Browne, R. (2000). C4i defensive infrastructure for
survivability against multi-mode attacks. In Proc. 21st
Century Military Communications - Architectures and
Technologies for Information Superiority.
[4] Buike, D. (1999). Towards a game theory model of
information warfare. Master’s Thesis, Technical
report, Airforce Institute of Technology
[5] Candolin, C. (2000). Security Issues for Wearable
Computing and Bluetooth Technology. Telecommu-
nications Software and Multimedia Laboratory,
Helsinky University of Technology, Finland.
[6] Cordeiro, C. M., Abhyankar, S., & Agrawal, D. P.
(2004). An enhanced and energy efficient commu-
nication architecture for Bluetooth wireless PANs.
Elsevier.
[7] De Kock, A. Bluetooth security. University Of Cape
Town, Department Of Computer Science, Network
Security.
[8] Del Vecchio, D., & El Kadhi, N. (2004). Bluetooth
Security Challenges, A tutorial. In proceedings of the
8th World Multi-Conference on Systemics, Cybernetics
and Informatics, Orlando, Florida, USA.
[9] Kitsos, P., Sklavos, N., Papadomanolakis, K., &
Koufopavlou, O. (2003) Hardware Implementation of
Bluetooth Security. IEEE CS and IEEE Commu-
nications Society, IEEE Pervasive Computing.
[10] Muller, T. (1999). Bluetooth security architecture -
Version 1.0. Bluetooth white paper.
[11] Osborne, M.-J., & Rubinstein, A. (1994). A course in
game theory. Massachusetts Institute of Technology.
[12] Persson, J., & Smeets, B. (2000). Bluetooth security -
An overview. Ericsson Mobile Communications AB,
Ericsson Research, Information Security Technical
Report, Vol 5, No. 3, pp. 32-43.
[13] Pnematicatos, G. (2004). Network and InterNetwork
Security: Bluetooth Security.