Versio 2 Security of Bluetooth: A overview of Bluetooth Security Marjaaa Träskbäck Departmet of Electrical ad Commuicatios Egieerig mtraskba@cc.hut.fi 52655H ABSTRACT The purpose of this paper is to give a overview of Bluetooth security ad how it was desiged. At the ed there is also a short discussio of its weakesses o a geeral level. Keywords Bluetooth, Security, Architecture, Autheticatio, Ecryptio 1. INTRODUCTION Bluetooth is a ew techology for wireless commuicatio. The target of the desig is to coect differet devices together wirelessly i a small eviromet like i a office or at home. The BT rage restricts the eviromet, which at the momet is about 10 meters. Before acceptig the techology a close look at the security fuctio has to be take. Especially i office the iformatio broadcasted over the Bluetooth picoet ca be sesitive ad requires a good security. Bluetooth employs several layers of data ecryptio ad user autheticatio measures. Bluetooth devices use a combiatio of the Persoal Idetificatio Number (PIN) ad a Bluetooth address to idetify other Bluetooth devices. Data ecryptio ca be used to further ehace the degree of bluetooth security. [3] Bluetooth uses trasmissio scheme that provides a level of security i itself. Istead of trasmittig over oe frequecy withi the 2.4 GHz bad, Bluetooth radios use a fast frequecy-hoppig spread spectrum (FHSS) techique, allowig oly sychroised receivers to access the trasmitted data. [3] 2. BLUETOOTH SECURITY BT uses authorisatio ad autheticatio to kow who is the user ad what are the devices ad their rights. The terms are defied as follows: Autheticatio: The process of verifyig who is at the other ed of the lik. Autheticatio is performed for devices. I Bluetooth, this is achieved by the autheticatio procedure based o the stored lik key or by pairig (eterig a PIN). [12] Authorisatio: This is the process of decidig if device X is allowed to have access to service Y. This is where the cocept of trusted exist (explaied below). [4 pg. 14] Bluetooth uses lik level security where each coectio is give a uique secret autheticatio key ad ecryptio key that is derived from the first oe. More of these later i the paper. Commuicatio betwee differet Bluetooth (BT) devices use fast frequecy-hoppig spread spectrum (FHSS) techique, which uses 79 differet radio chaels. Bluetooth uses the same frequecy tha other household machies, example microwave ove, which ca cause iterferece. FHSS prevets this iterferece to cause too much harm, sice it chages trasmissio frequecy 1600
User Iterface Geeral Mgmt RFCOMM (or other Security Etity multiplexig Protocol) Maager Service L2CAP Database Device Database HCI Lik Maager / Lik cotroller Leged Registratio Query Figure 1. Security Architecture (based o [4]) times per secod ad if there is a iterferece at some frequecy, oly that oe trasmissio is damaged. FHSS also add security o data trasmissio betwee devices sice it makes it harder to eavesdrop. O the other had the low trasmissio power prevets the trasmissio to propagate far ad makes it harder to cut betwee the trasmissio. The iformatio o a BT packet ca be protected by ecryptio. Oly the packet payload is ecrypted, ever the access code ad the packet header. The ecryptio is doe with a stream cipher E0, which is sychroised for each payload. 2.1 Security Architecture The Bluetooth architecture is show i figure 1. The security maager stores iformatio about the security of services ad devices. It decides o acceptig the access or discoectio ad requires autheticatio ad ecryptio if they are eeded. Security maager also iitiates settig up a trusted relatioship ad pairig ad asks for PIN code from the user. 2.2 Security Levels Bluetooth has several differet security levels that ca be defied for devices ad services. All the devices get a status whe they coect the first time to aother device. 2.2.1 Device Trust Level The devices ca have two trust levels; trusted ad utrusted. The trusted level requires a fixed ad trusted relatioship ad it has urestricted access to all services. The device has to be previously autheticated. The utrusted device does t have fixed relatioship ad its access to services is limited. A utrusted device ca also have a fixed relatioship, but it s ot cosidered as trusted. A ew device is labelled as ukow device ad it is always utrusted. 2.2.2 Security Modes Bluetooth has three differet security modes build i it ad they are as follows: Security Mode 1 A device will ot iitiate ay security. A o-secure mode. [12] Security Mode 2 A device does ot iitiate security procedures before chael establishmet o L2CAP level This mode allows differet ad flexible access policies for applicatios, especially ruig applicatios with differet security requiremets i parallel. A service level eforced security mode. [12] Security Mode 3 A device iitiates security procedures before the lik set-up o LPM level is completed. A lik level eforced security mode. [12] This paper exploits most the security mode 2.
2.2.3 Security Level of Services The eed for authorisatio, autheticatio ad ecryptio chages. Whe the coectio is set there are differet levels of security where the user ca choose from. The security level of a service is defied by three attributes: Authorisatio required: Access is oly grated automatically to trusted devices or utrusted devices after a authorisatio procedure. [4 pg. 15] Autheticatio required: Before coectig to the applicatio, the remote device must be autheticated. [4 pg. 15] Ecryptio Required: The lik must be chaged to ecrypted mode, before access to the service is possible. [4 pg. 15] O the lowest level the services ca be set to be accessible to all devices. Usually there is a eed for restrictios so the user ca set the service so that it eeds autheticatio. Whe the highest level of security is eeded the service ca require authorisatio ad autheticatio. At this level trusted device has access to the services, but utrusted device eeds maual authorisatio. 2.3 Lik Layer At the lik layer, autheticatio of the peers ad ecryptio of the iformatio maitai security. For basic security we eed a devices uique public address (BD_ADDR), two secret keys (autheticatio keys ad ecryptio key) ad a radom umber geerator. BD_ADDR is used i the autheticatio process. Whe a challege is give. The device has to respose with it s ow challege that is based o the icomig challege, its BD_ADDR ad a lik key shared with the two devices. Other devices BD_ADDRs are stored i the device database for further use. 2.4 Radom umber Geeratio Each Bluetooth device has a radom umber geerator to be used i the security fuctios. This geerator is usually implemeted with software. BT devices use radom umbers for cotactig other devices ad for the autheticatio ad ecryptio. 3.1 Lik key There are four lik keys to cover the differet applicatios it is used for. All the keys are 128-bit radom umbers ad are either temporary or semi-permaet. Uit key, K A, is derived at the istallatio of the Bluetooth device from a uit A. The storage of K A requires little memory space ad is ofte used whe device has little memory or whe the device should be accessible to a large group of users. Combiatio key, K AB, is derived from two uits A ad B. This key is geerated for each pair of devices ad is used whe more security is eeded. This requires more memory, sice device has to store oe combiatio key for each coectio it has. The master key, K master, is used whe the master device wats to trasmit to several devices at oes. It over rides the curret lik key oly for oe sessio. The iitialisatio key, K iit, is used i the iitialisatio process. This key protects iitialisatio parameters whe they are trasmitted. This key is formed from a radom umber, a L-octet PIN code, ad the BD_ADDR of the claimat uit. 3.2 Ecryptio key Ecryptio key is derived from the curret lik key. Each time ecryptio is eeded the ecryptio key will be automatically chaged. The purpose of separatig the autheticatio key ad ecryptio key is to facilitate the use of a shorter ecryptio key without weakeig the stregth of the autheticatio procedure. [1 pg. 152] 3.3 PIN code This is a umber, which ca be fixed or selected by the user. The legth is usually 4 digits, but it ca be aythig betwee 1 to 16 octets. The user ca chage it whe it wats to ad this adds security to the system. The PIN ca be used eterig it ito oe device (fixed PIN), but it is safer to eter it to both uits. Example the latter oe ca be used whe there is a laptop ad a phoe to be coected. 3. KEY MANAGEMENT There are several kids of keys i the Bluetooth system to esure secure trasmissio. The most importat key is the lik key, which is used betwee two BT devices for autheticatio purpose. Usig the lik key a ecryptio key is derived. This secures the data of the packet ad is regeerated for all ew trasmissios. Figure 2. Ecryptio ad key cotrol [5]
3.4 Key Geeratio ad Iitialisatio The exchage of the keys takes place durig a iitialisatio phase, which has to be carried out separately for each two uits that wat to implemet autheticatio ad ecryptio. All iitialisatio procedures cosists of the followig five parts: - Geeratio of a iitialisatio key - Autheticatio - Geeratio of lik key - Lik key exchage - Geeratig of ecryptio key i each uit [1 pg. 153] After this procedure the coectio is build or the lik ca be aborted. 4. AUTHENTICATION Autheticatio starts by issuig a challege to aother device ad it has to the sed a respose to that challege which is based o the challege, it s BD_ADDR ad lik key shared betwee them. After autheticatio, ecryptio may be used to commuicate. [10] Without kowig the PIN, oe uit ca t logo to the other uit if autheticatio is activated. To make matters easier, the PIN ca be stored somewhere iside the uit (i Memory/Hard Drive etc.) so if you wish to establish the coectio, a user may ot have to maually type i the PIN (Note: the level of security is oe i this case). [14] Bluetooth uses a challege-respose scheme i which a Verifier (Uit A) Claimat (Uit B) AU_RAND A BD_RAND B Lik key ACO E 1? = AU_RAND A Figure 3. Challege-respose for BT [based o 1] claimat s kowledge of a secret key is checked through a 2-move protocol usig symmetric secret keys. [1 pg. 169] It has bee represeted i figure 3. The uit A seds a radom iput, deoted by AU_RAND A, with a E 2 AU_RAN BD_RAN Lik key ACO autheticatio code, deoted by E1 for the uit B. Uit B calculates as stated i Figure 4 ad returs the result to uit A. Uit A will derive (i figure 4) ad will autheticate the Uit B if ad are equal. E1 cosist of the tuple AU_RAND A ad the BT device address (BD_ADDR) of the claimat. O each autheticatio a ew AU_RAND A (a radom umber) is issued. [1 pg. 169] The challege-respose scheme for the symmetric keys used i the bluetooth are show i figure 4. The applicatio idicates who has to be autheticated by whom. Certai applicatios oly require a oe-way autheticatio. However, i some peer-to-peer commuicatios oe might prefer a mutual autheticatio i which each uit is subsequetly the challeger (verifier) i two autheticatio procedures. The Lik Maager coordiates the idicated autheticatio prefereces by the applicatio to determie i which directio(s) the = Verifier E(key,IDB,RAND) autheticatio(s) has to take place. [1 pg. 170] 5. ENCRYPTION Claimat (User A) (User B) RAND Checks: = = E(key,IDB,RAND) Figure 4. Challege-respose for symmetric key system. [based o 1] The Bluetooth specificatio 1.0 describes the lik ecryptio algorithm as a stream cipher usig 4 LFSR (liear feedback shift registers). The sum of the width of the LFSR is 128, ad the spec says the effective key legth is selectable betwee 8 ad 128 bits. This arragemet allows Bluetooth to be used i coutries with regulatios limitig ecryptio stregth, ad "facilitate a future upgrade path for the security without the eed for a costly redesig of the algorithms ad ecryptio hardware" accordig to the Bluetooth specificatio. Key geeratio ad autheticatio seems to be usig the 8- roud SAFER+ ecryptio algorithm. [3] [6] The iformatio available suggests that Bluetooth security will be adequate for most purposes; but users with higher security requiremets will eed to employ stroger algorithms to esure the security of their data. [3] [6]
6. SECURITY LIMITATIONS Bluetooth security is ot all satisfactory ad it has some limitatios. First about the autheticatio: oly the device is autheticated, ot the user. If this feature is eeded it have to be accomplished with applicatio level security. Secodly BT does t defie authorisatio separately for each service either. This ca be applied i the Bluetooth architecture without chagig the BT protocol stack, but chages i the security maager ad the registratio processes would be ecessary. At the momet BT oly allows access cotrol at coectio set-up. The access check ca be asymmetric, but oce a coectio is established, data flow is i priciple bi-directioal. It is ot possible withi the scope of this architecture to eforce uidirectioal traffic. [4 pg. 11] There is o support of legacy applicatios: It will ot make calls to the security maager. Istead Bluetoothaware adapter applicatio is required to make securityrelated calls to the BT security maager o behalf of the legacy applicatio. [4 pg. 11] 7. CONCLUSIONS AND FURTHER WORK Bluetooth security is ot complete, but is seems like it was t meat to be that way. More security ca be accomplished easily with additioal software that is all ready available. More detailed iformatio ca be foud from chapter 14 of the Specificatio of the Bluetooth System. Further work will be doe i the other semiar papers o the Bluetooth security. 8. REFERENCES 1. Specificatio of the Bluetooth System, volume 1B, December 1 st 1999 2. Kowledge Base for Bluetooth iformatio http://www.ifotooth.com/ 3. Geeral iformatio o bluetooth http://www.mobileifo.com/bluetooth/ 4. Thomas Muller, Bluetooth WHITE PAPER: Bluetooth Security Architecture, Versio 1.0, 15July 1999 5. Aikka Aalto, Bluetooth http://www.tml.hut.fi/studies/tik110.300/1999/essays/ bluetooth.html 6. Bluetooth iformatio, http://www.bluetoothcetral.com/ 7. Oraskari, Jyrki, Bluetooth 2000 http://www.hut.fi/~joraskur/bluetooth.html 8. How Stuff Works, iformatio o BT http://www.howstuffworks.com/bluetooth3.htm 9. Iformatio o Bluetooth (Official Homepage) http://www.bluetooth.com/ 10. Bluetooth Basebad http://www.ifotooth.com/tutorial/baseband.htm 11. Bluetooth - a iferior LAN cocept? http://www.ifotooth.com/kowbase/otheretworks/71. htm 12. Bluetooth Glossary http://www.ifotooth.com/glossary.htm#autheticatio 13. Autheticatio process i Bluetooth http://www.ifotooth.com/kowbase/security/66.htm 14. Autheticatio i Bluetooth http://www.ifotooth.com/kowbase/security/80.htm