BKBLTSEC.RVW 20040622 "Bluetooth Security", Christian Gehrmann/Joakim Persson/Ben Smeets, 2004, 1-58053-504-6, U$79.00/C$114.95 %A Christian Gehrmann %A Joakim Persson %A Ben Smeets %C 685 Canton St., Norwood, MA 02062 %D 2004 %G 1-58053-504-6 %I Artech House/Horizon %O U$79.00/C$114.95 617-769-9750 artech@artech-house.com %O http://www.amazon.com/exec/obidos/ASIN/1580535046/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1580535046/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1580535046/robsladesin03-20 %P 204 p. %T "Bluetooth Security" Part one presents the basics of Bluetooth security. Chapter one is an introduction to the Bluetooth protocol suite (mostly at the packet level), and also mentions a few security concepts (in a somewhat haphazard manner). The overview of Bluetooth security, in chapter two, could be clearer: some minutia (such as the bit lengths of various components of key generation) obscure the basic concepts, while other specifics (such as the algorithms used) are missing where they could support the text. Pairings and key management rely on a considerable amount of alphabet soup, making frequent references to the list of acronyms a necessity. The detailed descriptions make the explanations difficult, but would make cryptographic analysis possible for the determined reader. The algorithms are laid out in chapter four: although most are based on SAFER+ the greatest emphasis is given to the E(0) stream cipher. Chapter five looks at the encryption used in a broadcast to all members of a piconet. The discussion of security policy and access control, in chapter six, deals mostly with the services required, rather than provided. A lot of time is spent analysing cryptographic strength of the algorithms, in chapter seven, only to come to the conclusion that the greatest problem lies in pairing and tracking. Part two deals with Bluetooth security enhancements, still in development. Chapter eight discusses anonymity, in terms of varying the device address to avoid tracking, and the requirements for such a scenario. Improved key management, using asymmetric encryption or challenge-response type systems, is considered in chapter nine. Chapter ten deliberates on refinement of some standard Bluetooth applications. Bluetooth security is not well known, despite the proliferation of Bluetooth enabled devices. While this book has a number of shortcomings in terms of writing, the material provides an introduction to a number of important considerations. copyright Robert M. Slade, 2004 BKBLTSEC.RVW 20040622