{"id":"https://openalex.org/W3038161846","doi":"https://doi.org/10.1145/3394497","title":"Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy","display_name":"Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy","publication_year":2020,"publication_date":"2020-07-04","ids":{"openalex":"https://openalex.org/W3038161846","doi":"https://doi.org/10.1145/3394497","mag":"3038161846"},"language":"en","primary_location":{"id":"doi:10.1145/3394497","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3394497","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://infoscience.epfl.ch/record/281793","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5029738162","display_name":"Daniele Antonioli","orcid":"https://orcid.org/0000-0002-9342-3920"},"institutions":[{"id":"https://openalex.org/I5124864","display_name":"\u00c9cole Polytechnique F\u00e9d\u00e9rale de Lausanne","ror":"https://ror.org/02s376052","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I5124864"]}],"countries":["CH"],"is_corresponding":true,"raw_author_name":"Daniele Antonioli","raw_affiliation_strings":["\u00c9cole Polytechnique F\u00e9d\u00e9rale de Lausanne (EPFL), Lausanne, Switzerland"],"affiliations":[{"raw_affiliation_string":"\u00c9cole Polytechnique F\u00e9d\u00e9rale de Lausanne (EPFL), Lausanne, Switzerland","institution_ids":["https://openalex.org/I5124864"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073540044","display_name":"Nils Ole Tippenhauer","orcid":"https://orcid.org/0000-0001-8424-2602"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Nils Ole Tippenhauer","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Stuhlsatzenhausweg, Saarbr\u00fccken, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Stuhlsatzenhausweg, Saarbr\u00fccken, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5035426350","display_name":"Kasper Rasmussen","orcid":"https://orcid.org/0000-0002-9471-9985"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Kasper Rasmussen","raw_affiliation_strings":["University of Oxford, Oxford, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University of Oxford, Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5029738162"],"corresponding_institution_ids":["https://openalex.org/I5124864"],"apc_list":null,"apc_paid":null,"fwci":5.4993,"has_fulltext":false,"cited_by_count":54,"citation_normalized_percentile":{"value":0.95993159,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"23","issue":"3","first_page":"1","last_page":"28"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12801","display_name":"Bluetooth and Wireless Communication Technologies","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12801","display_name":"Bluetooth and Wireless Communication Technologies","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9689000248908997,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11896","display_name":"Opportunistic and Delay-Tolerant Networks","score":0.9521999955177307,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/bluetooth","display_name":"Bluetooth","score":0.8099527359008789},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7285080552101135},{"id":"https://openalex.org/keywords/downgrade","display_name":"Downgrade","score":0.6944496035575867},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6154377460479736},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.604823648929596},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5496934652328491},{"id":"https://openalex.org/keywords/wireless","display_name":"Wireless","score":0.40244555473327637},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.19641253352165222}],"concepts":[{"id":"https://openalex.org/C546215728","wikidata":"https://www.wikidata.org/wiki/Q39531","display_name":"Bluetooth","level":3,"score":0.8099527359008789},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7285080552101135},{"id":"https://openalex.org/C2779628075","wikidata":"https://www.wikidata.org/wiki/Q1253258","display_name":"Downgrade","level":2,"score":0.6944496035575867},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6154377460479736},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.604823648929596},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5496934652328491},{"id":"https://openalex.org/C555944384","wikidata":"https://www.wikidata.org/wiki/Q249","display_name":"Wireless","level":2,"score":0.40244555473327637},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.19641253352165222}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3394497","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3394497","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},{"id":"pmh:oai:infoscience.epfl.ch:281793","is_oa":true,"landing_page_url":"http://infoscience.epfl.ch/record/281793","pdf_url":null,"source":{"id":"https://openalex.org/S4306400487","display_name":"Infoscience (Ecole Polytechnique F\u00e9d\u00e9rale de Lausanne)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"WoS","raw_type":"research article"},{"id":"pmh:oai:ora.ox.ac.uk:uuid:3921530f-031c-46f9-8b21-1eacb1dc1615","is_oa":false,"landing_page_url":"https://ora.ox.ac.uk/objects/uuid:3921530f-031c-46f9-8b21-1eacb1dc1615","pdf_url":null,"source":{"id":"https://openalex.org/S4306402636","display_name":"Oxford University Research Archive (ORA) (University of Oxford)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I40120149","host_organization_name":"University of Oxford","host_organization_lineage":["https://openalex.org/I40120149"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Symplectic Elements","raw_type":"Journal article"}],"best_oa_location":{"id":"pmh:oai:infoscience.epfl.ch:281793","is_oa":true,"landing_page_url":"http://infoscience.epfl.ch/record/281793","pdf_url":null,"source":{"id":"https://openalex.org/S4306400487","display_name":"Infoscience (Ecole Polytechnique F\u00e9d\u00e9rale de Lausanne)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"WoS","raw_type":"research article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.44999998807907104,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W58703277","https://openalex.org/W315107650","https://openalex.org/W756886190","https://openalex.org/W1510442823","https://openalex.org/W1519988299","https://openalex.org/W1532878068","https://openalex.org/W1554501433","https://openalex.org/W1802259427","https://openalex.org/W1974303640","https://openalex.org/W2019698782","https://openalex.org/W2030604270","https://openalex.org/W2036116878","https://openalex.org/W2064355504","https://openalex.org/W2069273735","https://openalex.org/W2092553878","https://openalex.org/W2139215234","https://openalex.org/W2289406604","https://openalex.org/W2336683095","https://openalex.org/W2408302068","https://openalex.org/W2467636675","https://openalex.org/W2519466388","https://openalex.org/W2592939579","https://openalex.org/W2625860315","https://openalex.org/W2767098552","https://openalex.org/W2788819230","https://openalex.org/W2795078365","https://openalex.org/W2890897493","https://openalex.org/W2892310063","https://openalex.org/W2933347941","https://openalex.org/W2942826212","https://openalex.org/W2946011358","https://openalex.org/W3015314850","https://openalex.org/W3016124431","https://openalex.org/W3105256051","https://openalex.org/W4230904691","https://openalex.org/W6740027571"],"related_works":["https://openalex.org/W3206633188","https://openalex.org/W2041034096","https://openalex.org/W2058759559","https://openalex.org/W2392180086","https://openalex.org/W2792049201","https://openalex.org/W3124827474","https://openalex.org/W4242093584","https://openalex.org/W3088710599","https://openalex.org/W2365945961","https://openalex.org/W2369540926"],"abstract_inverted_index":{"Bluetooth":[0,3,14,47,70,97,115,137,178,187,204,208,224],"(BR/EDR)":[1],"and":[2,29,48,76,82,100,103,106,116,131,138,157,179,189,210,232],"Low":[4],"Energy":[5],"(BLE)":[6],"are":[7,50,146,158,166,169],"pervasive":[8],"wireless":[9],"technologies":[10],"specified":[11],"in":[12,135],"the":[13,42,66,93,110,129,154,161,164,173,176,186,190,194,198,219,223],"standard.":[15,225],"The":[16],"standard":[17],"includes":[18],"key":[19,43,72,81,84,142,239],"negotiation":[20,44,143,240],"protocols":[21,45],"used":[22,196],"to":[23,52,73,85,95,107,153,160,236],"generate":[24],"long-term":[25,80,98,102],"keys":[26,31,99],"(during":[27,32],"pairing)":[28],"session":[30,71,83,104],"secure":[33],"connection":[34],"establishment).":[35],"In":[36,57],"this":[37],"work,":[38],"we":[39,59,227],"demonstrate":[40],"that":[41],"of":[46,68,77,121,172,175,193,222],"BLE":[49,79,101,139,180,212],"vulnerable":[51],"standard-compliant":[53],"entropy":[54,67,90],"downgrade":[55,65,144,241],"attacks.":[56,242],"particular,":[58],"show":[60],"how":[61],"an":[62,124],"attacker":[63,94,125],"can":[64,126],"any":[69,78,136],"1":[74],"byte,":[75],"7":[86],"bytes.":[87],"Such":[88],"low":[89],"values":[91],"enable":[92],"brute-force":[96],"keys,":[105],"break":[108],"all":[109,128,218],"security":[111,181],"guarantees":[112],"promised":[113],"by":[114,197],"BLE.":[117],"As":[118,163],"a":[119],"result":[120],"our":[122,238],"attacks,":[123],"decrypt":[127],"ciphertext":[130,134],"inject":[132],"valid":[133],"network.":[140],"Our":[141],"attacks":[145,165],"conducted":[147],"remotely,":[148],"do":[149],"not":[150],"require":[151],"access":[152],"victims\u2019":[155],"devices,":[156],"stealthy":[159],"victims.":[162,199],"standard-compliant,":[167],"they":[168],"effective":[170,229],"regardless":[171],"usage":[174],"strongest":[177],"modes":[182],"(including":[183],"Secure":[184],"Connections),":[185],"version,":[188],"implementation":[191],"details":[192],"devices":[195,205,213],"We":[200],"successfully":[201],"attack":[202],"38":[203],"(32":[206],"unique":[207],"chips)":[209],"19":[211],"from":[214],"different":[215],"vendors,":[216],"using":[217],"major":[220],"versions":[221],"Finally,":[226],"present":[228],"legacy":[230],"compliant":[231,234],"non-legacy":[233],"countermeasures":[235],"mitigate":[237]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":12},{"year":2021,"cited_by_count":14},{"year":2020,"cited_by_count":1}],"updated_date":"2026-04-06T07:47:59.780226","created_date":"2025-10-10T00:00:00"}