Back when we designed the security for Wireless USB, one of the attacks we protected against was the man-in-the-middle attack. From a product marketing perspective, this was one of the hardest features to get agreement on because it requires the end user to perform a manual verification step.

Many people think that manual verification hurts usability unnecessarily since, in their eyes, MITM attacks are very difficult to do. Their reasoning is as follows: It's extremely unlikely that an attacker would be present at the exact moment in space and time when the end user performs the security pairing. Therefore we really don't need MITM protection.

However, the more paranoid members of our team correctly pointed out that it would be trivial for an attacker to simply jam the transmission of one of the devices. The connection would then stop working. When faced with this situation, most users "reboot" the devices and perform the pairing ritual again.

We ended up including fairly robust protection against MITM attacks. Which is a good thing, since a recent article discusses how easy it is to force a Bluetooth device to dump its pairing data and initiate the rekeying process. This attacks the protocol directly and is even easier to accomplish than the denial-of-service-type jamming attack that we were concerned with.

I spent a lot of time in 2006 and 2007 working on the WiMedia Logical Link Layer Control Protocol specification (WLP spec for short). Publishing a specification like WLP is a lot like filing a patent. You do a lot of the work early on, and then the actual publishing process takes a really long time. It's almost anti-climatic when it does finally get published.

In any event, it's available on the WiMedia web site if you're interested (unfortunately there is a click-through license agreement that you must fill out to read the spec). I worked on the security sections, sections 6.6 and 7.2 and annexes A and C.