中间人(MITM)攻击发生在当用户想要连接两台设备时,使得他们并没有直接连接对方,而是在不知情的情况下连接到了第三台(攻击)设备,该设备扮演了他们试图配对的设备的角色。第三台设备随后会在两台设备之间转发信息,造成它们已直接连接的假象。攻击设备甚至可以窃听两台设备之间的通信(称为主动窃听),并能插入和修改连接上的信息。在这种攻击中,两台设备之间交换的所有信息都会被泄露,攻击者可能会向每台设备注入命令和信息,从而可能破坏设备的功能。遭受攻击的设备只有在攻击者在场时才能进行通信。如果攻击者不在或不在攻击范围内,两台受害设备将无法直接通信,用户也会注意到这一点。
为防止 MITM 攻击,安全简单配对提供了两种用户辅助数字方法:数字比较或密码输入。如果安全简单配对使用 16 位的十进制数字,那么其可用性将与使用 16 位的十进制数字 PIN 码的传统配对相同。在这种情况下,MITM 成功插入自己的链接密钥的几率是 10^16=2^53 次配对实例中的 1 次,这是一个几乎不可能的低概率。
安全简单配对功能可保护用户免受 MITM 攻击,目标是提供 1 in 1,000,000 的机会让 MITM 成功发起攻击。选择 MITM 保护的强度是为了通过使用六位数字进行数字比较和密码输入,最大限度地减少对用户的影响。之所以选择这种程度的 MITM 防范措施,是因为在大多数情况下,当 MITM 攻击失败导致连接过程失败时,用户就会警觉到可能存在 MITM 攻击者。虽然大多数用户认为,只要他们没有泄露密码,4 位数的密钥就足以进行身份验证(如银行卡 PIN 码),但使用 6 位数的密钥可以使安全简单配对符合 FIPS 标准,而且这被认为对可用性的影响很小。
在蓝牙Spec Core 5.3中:
Vol 1: Architecture, Mixing, and Conventions -> Part A: Architecture -> 5 Security overview -> 5.2 BR/EDR Secure Simple Pairing -> 5.2.3 Man-in-the-middle protection:
A man-in-the-middle (MITM) attack occurs when a user wants to connect two devices but instead of connecting directly with each other they unknowingly connect to a third (attacking) device that plays the role of the device they are attempting to pair with. The third device then relays information between the two devices giving the illusion that they are directly connected. The attacking device may even eavesdrop on communication between the two devices (known as active eavesdropping) and is able to insert and modify information on the connection. In this type of attack, all of the information exchanged between the two devices are compromised and the attacker may inject commands and information into each of the devices thus potentially damaging the function of the devices. Devices falling victim to the attack are capable of communicating only when the attacker is present. If the attacker is not active or out range, the two victim devices will not be able to communicate directly with each other and the user will notice it.
To prevent MITM attacks, Secure Simple Pairing offers two user assisted numeric methods: numerical comparison or passkey entry. If Secure Simple Pairing would use 16 decimal digit numbers, then the usability would be the same as using legacy pairing with 16 decimal digit PIN. The chance for a MITM to succeed inserting its own link keys in this case is a 1 in 1016 = 253 pairing instances, which is an unnecessarily low probability.
Secure Simple Pairing protects the user from MITM attacks with a goal of offering a 1 in 1,000,000 chance that a MITM could mount a successful attack. The strength of the MITM protections was selected to minimize the user impact by using a six digit number for numerical comparison and Passkey entry. This level of MITM protection was selected since, in most cases, users can be alerted to the potential presence of a MITM attacker when the connection process fails as a result of a failed MITM attack. While most users feel that provided that they have not compromised their passkey, a 4-digit key is sufficient for authentication (i.e. bank card PIN codes), the use of six digits allows Secure Simple Pairing to be FIPS compliant and this was deemed to have little perceivable usability impact.
