Transcript An Analysis of Bluetooth Security

An Analysis of Bluetooth Security
Jaymin Shah
Sushma Kamuni
Introduction

Bluetooth
◦ It is an open wireless protocol for exchanging
data over short distances from fixed and
mobile devices, creating personal area
network.
◦ Act as a reliable source of transmission for
voice and data
Designed to operate in the ISM band
 Gaussian Frequency Shift Keying is used
 Data rate of 1Mb/sec can be achieved

Class

Range (meters)
Max. Power (mW)
1
100
100
2
10
2.5
3
1
1
Features: Low cost, low power and robustness
Bluetooth Security

Authentication: Verifies the identification of the devices
that are communicating in the channel.

Confidentiality: Protecting the data from the attacker by
allowing only authorized users to access the data.

Authorization: Only authorized users have control over
the resources.
Security features of Bluetooth

Security Mode 1: Non-Secure Mode

Security Mode 2: Service level enforced security
mode

Security Mode 3: Link-level enforced security mode
Link Key Generation
Authentication
Authentication Summary
Verifier
BD_ADDRB
Claimant
AU_RAND
Calculates SRES’
SRES
Success if match
Authentication Process
Parameter
Length
Secrecy parameter
Device Address
48 Bits
Public
Random Challenge
128 Bits
Public
Authentication (SRES)
Response
32 Bits
Public
Link Key
128 Bits
Secret
Confidentiality
Confidentiality security service protects the eavesdropping attack on airinterface.
Bluetooth Encryption Process

Encryption Mode 1: No encryption is needed.

Encryption Mode 2: Encrypted using link key keys.

Encryption Mode 3: All traffic is encrypted.
Trust levels, service levels and
authentication

Service level 1: Requires authentication and
authorization.

Service level 2: Requires only authentication.

Service level 3: Open to all bluetooth devices.
Problems with the standard
Bluetooth Security
Security Issue
Remarks
Strength of the Random Number Generator RNG may produce periodic numbers that
(RNG) is unknown.
reduces the strength of authentication
mechanism.
Short PINs are allowed.
Such weak PINs are used to generate link
and encryption keys that are easily
predictable.
Encryption key length is negotiable.
More robust initialization key generation
procedure should be developed.
No user authentication exists.
As only device authentication is provided,
application security and user authentication
can be employed.
Stream cipher is weak and key length is Robust encryption procedure and minimum
negotiable.
key length should be decided and passed as
an agreement.
Security Issue
Remarks
Privacy can be compromised if the Once the BD_ADDR is associated with a
BD_ADDR is captured and associated particular user, that user’s activity can be
with a particular user.
logged. So, loss of privacy can be
compromised.
Device authentication is simple shared One-way
authentication
may
be
key challenge response.
subjected to man-in-middle attacks.
Mutual authentication is a good idea to
provide verification.
Security Threats

Denial of service: Makes the device unusable and
drains the mobile device battery.

Fuzzing attacks: Sending malformed messages to the
bluetooth device.

Blue jacking: Causes harm when the user sends the
data to the other user.

Blue snarfing: Uses IMEI identifier to route all the
incoming calls.
Man-in-the-middle
Future

Broadcast Channel: Adoption of Bluetooth in the
mobile phones from the Bluetooth information points.

Topology Management: Configuration should be
invisible and the messages to the users in the scatternet.

Quality of Service: Video and audio transmission of
data with high quality.
References







http://www.bluetooth.com/Bluetooth/Technology/Basics.htm
http://en.wikipedia.org/wiki/Bluetooth
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
Software Security Technologies, A programmable approach, By Prof.
Richard Sinn.
http://www.urel.feec.vutbr.cz/ra2008/archive/ra2006/abstracts/085.pdf
http://en.wikipedia.org/wiki/Bluetooth
http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf