BlueBrothers: three new protocols to secure bluetooth

Conference item

Bluetooth is a pervasive wireless standard that, despite numerous revisions, remains vulnerable to multiple design-level security flaws. Specifically, its pairing and session establishment security protocols lack integrity protection, forward secrecy, or strong authentication mechanisms, thereby enabling critical impersonation and man-inthe-middle attacks. These risks are compounded by complex and fragmented specifications, which hinder secure implementation and formal analysis.
    To address these issues, we present BlueBrothers, three new protocols to serve as a secure alternative to the current ones. BBPairing combines pairing and session establishment in a single protocol that provides integrity protection and robust user-assisted authentication. BB-Session establishes authenticated, secure sessions with forward secrecy guarantees. BB-Rekey provides forward and future secrecy within a session via a lightweight key-refresh mechanism.
    We model BlueBrothers in ProVerif and verify confidentiality, integrity, and entity-authentication properties. We implement the protocols on constrained nRF52 devices and evaluate performance against the Bluetooth baseline. Our results show up to a 59% reduction in latency with comparable energy consumption.

Authors: Sacchetti, T; Rasmussen, K; Antonioli, D

• Publication status: Accepted
• Peer review status: Peer reviewed
• Publication date: 2026-06-30
• Acceptance date: 2026-04-15
• Event title: 19th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2026)
• Event location: Saarbrücken, Germany
• Event website: https://wisec26.events.cispa.de/
• Event start date: 2026-06-30
• Event end date: 2026-07-03
• EISBN: 979-8-4007-2201-1/2026/06
• Language: English