Security of Bluetooth: An overview of Bluetooth Security

Similar documents
Baan Tools User Management

Using the Keyboard. Using the Wireless Keyboard. > Using the Keyboard

Bluetooth Basics. Bluetooth Overview

Message Integrity and Hash Functions. TELE3119: Week4

CSC 220: Computer Organization Unit 11 Basic Computer Organization and Design

WYSE Academic Challenge Sectional Computer Science 2005 SOLUTION SET

Introduction to Network Technologies & Layered Architecture BUPT/QMUL

Global Support Guide. Verizon WIreless. For the BlackBerry 8830 World Edition Smartphone and the Motorola Z6c

Lecture 28: Data Link Layer

K-NET bus. When several turrets are connected to the K-Bus, the structure of the system is as showns

Announcements. Reading. Project #4 is on the web. Homework #1. Midterm #2. Chapter 4 ( ) Note policy about project #3 missing components

Improvement of the Orthogonal Code Convolution Capabilities Using FPGA Implementation

Task scenarios Outline. Scenarios in Knowledge Extraction. Proposed Framework for Scenario to Design Diagram Transformation

MOTIF XF Extension Owner s Manual

Copyright 2016 Ramez Elmasri and Shamkant B. Navathe

Politecnico di Milano Advanced Network Technologies Laboratory. Internet of Things. Projects

Session Initiated Protocol (SIP) and Message-based Load Balancing (MBLB)

1 Enterprise Modeler

Secure Software Upload in an Intelligent Vehicle via Wireless Communication Links

IS-IS in Detail. ISP Workshops

ICS Regent. Communications Modules. Module Operation. RS-232, RS-422 and RS-485 (T3150A) PD-6002

1. SWITCHING FUNDAMENTALS

Using VTR Emulation on Avid Systems

Chapter 4 The Datapath

The CCITT Communication Protocol for Videophone Teleconferencing Equipment

Private Key Cryptography. TELE3119: Week2

Chapter 1. Introduction to Computers and C++ Programming. Copyright 2015 Pearson Education, Ltd.. All rights reserved.

Elementary Educational Computer

Python Programming: An Introduction to Computer Science

System and Software Architecture Description (SSAD)

Message Authentication Codes. Reading: Chapter 4 of Katz & Lindell

BAAN IVb/c. Structure, master data, and configuration of BEMIS

Pseudocode ( 1.1) Analysis of Algorithms. Primitive Operations. Pseudocode Details. Running Time ( 1.1) Estimating performance

CHAPTER IV: GRAPH THEORY. Section 1: Introduction to Graphs

Bezier curves. Figure 2 shows cubic Bezier curves for various control points. In a Bezier curve, only

Architectural styles for software systems The client-server style

CTx / CTx-II. Ultra Compact SD COFDM Concealment Transmitters. Features: Options: Accessories: Applications:

IMP: Superposer Integrated Morphometrics Package Superposition Tool

SERIAL COMMUNICATION INTERFACE FOR ESA ESTRO

BAAN IVc/BaanERP. Conversion Guide Oracle7 to Oracle8

Application Notes for Configuring Dasan Electron Headsets from JPL Europe with Avaya 9600 Series IP Deskphones using a DA-30 Cord Issue 1.

NVP-903 Series. Multi-Stream Network Video Encoder REFERENCE GUIDE

Reliable Transmission. Spring 2018 CS 438 Staff - University of Illinois 1

SECURITY PROOF FOR SHENGBAO WANG S IDENTITY-BASED ENCRYPTION SCHEME

. Written in factored form it is easy to see that the roots are 2, 2, i,

Extending The Sleuth Kit and its Underlying Model for Pooled Storage File System Forensic Analysis

Appendix D. Controller Implementation

Web OS Switch Software

An Improved Shuffled Frog-Leaping Algorithm for Knapsack Problem

Parabolic Path to a Best Best-Fit Line:

USB TO PARALLEL USB to DB25 Parallel Adapter Cable

Lecture 1: Introduction and Strassen s Algorithm

Running Time. Analysis of Algorithms. Experimental Studies. Limitations of Experiments

The Magma Database file formats

Chapter 10. Defining Classes. Copyright 2015 Pearson Education, Ltd.. All rights reserved.

MR-2010I %MktBSize Macro 989. %MktBSize Macro

Python Programming: An Introduction to Computer Science

Introduction to Wireless & Mobile Systems. Chapter 6. Multiple Radio Access Cengage Learning Engineering. All Rights Reserved.

Running Time ( 3.1) Analysis of Algorithms. Experimental Studies. Limitations of Experiments

Analysis of Algorithms

Operating System Concepts. Operating System Concepts

Lecture Notes 6 Introduction to algorithm analysis CSS 501 Data Structures and Object-Oriented Programming

In this chapter, you learn the concepts and terminology of databases and

Avid Interplay Bundle

Windows Server 2008 R2 networking

One advantage that SONAR has over any other music-sequencing product I ve worked

Chapter 4 Threads. Operating Systems: Internals and Design Principles. Ninth Edition By William Stallings

A Key Distribution method for Reducing Storage and Supporting High Level Security in the Large-scale WSN

Application Notes for configuring Agent AG Headsets from Corporate Telecommunications with Avaya one-x Communicator using a USB 2.0 Chord Issue 1.

Introduction to OSPF. ISP Training Workshops

L5355 Modbus Plus Communications Interface

AN EFFICIENT GROUP KEY MANAGEMENT USING CODE FOR KEY CALCULATION FOR SIMULTANEOUS JOIN/LEAVE: CKCS

CIS 121 Data Structures and Algorithms with Java Spring Stacks, Queues, and Heaps Monday, February 18 / Tuesday, February 19

Operating manual for message text display reporter 690

Morgan Kaufmann Publishers 26 February, COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Interface. Chapter 5

Network Time Protocol (NTP)

Throughput-Delay Scaling in Wireless Networks with Constant-Size Packets

BGP Attributes and Path Selection. ISP Training Workshops

Recursive Procedures. How can you model the relationship between consecutive terms of a sequence?

Network Time Protocol (NTP)

Security and Communication. Ultimate. Because Intercom doesn t stop at the hardware level. Software Intercom Server for virtualised IT platforms

Evaluation of Distributed and Replicated HLR for Location Management in PCS Network

Schema for the DCE Security Registry Server

1&1 Next Level Hosting

Lecture 10 Collision resolution. Collision resolution

Chapter 4. Procedural Abstraction and Functions That Return a Value. Copyright 2015 Pearson Education, Ltd.. All rights reserved.

A Proposal of One-Time Biometric Authentication

User Guide. Using Caliber Datamart

Chapter 11. Friends, Overloaded Operators, and Arrays in Classes. Copyright 2014 Pearson Addison-Wesley. All rights reserved.

TELETERM M2 Series Programmable RTU s

Computers and Scientific Thinking

MAC Throughput Improvement Using Adaptive Contention Window

Operating manual for message text display reporter 680

Lecture 18. Optimization in n dimensions

Term Project Report. This component works to detect gesture from the patient as a sign of emergency message and send it to the emergency manager.

Abstract. Avaya Solution & Interoperability Test Lab

Princeton Instruments Reference Manual

Data Structures and Algorithms. Analysis of Algorithms

Baan Finance Financial Statements

Customer Portal Quick Reference User Guide

Transcription:

Versio 2 Security of Bluetooth: A overview of Bluetooth Security Marjaaa Träskbäck Departmet of Electrical ad Commuicatios Egieerig mtraskba@cc.hut.fi 52655H ABSTRACT The purpose of this paper is to give a overview of Bluetooth security ad how it was desiged. At the ed there is also a short discussio of its weakesses o a geeral level. Keywords Bluetooth, Security, Architecture, Autheticatio, Ecryptio 1. INTRODUCTION Bluetooth is a ew techology for wireless commuicatio. The target of the desig is to coect differet devices together wirelessly i a small eviromet like i a office or at home. The BT rage restricts the eviromet, which at the momet is about 10 meters. Before acceptig the techology a close look at the security fuctio has to be take. Especially i office the iformatio broadcasted over the Bluetooth picoet ca be sesitive ad requires a good security. Bluetooth employs several layers of data ecryptio ad user autheticatio measures. Bluetooth devices use a combiatio of the Persoal Idetificatio Number (PIN) ad a Bluetooth address to idetify other Bluetooth devices. Data ecryptio ca be used to further ehace the degree of bluetooth security. [3] Bluetooth uses trasmissio scheme that provides a level of security i itself. Istead of trasmittig over oe frequecy withi the 2.4 GHz bad, Bluetooth radios use a fast frequecy-hoppig spread spectrum (FHSS) techique, allowig oly sychroised receivers to access the trasmitted data. [3] 2. BLUETOOTH SECURITY BT uses authorisatio ad autheticatio to kow who is the user ad what are the devices ad their rights. The terms are defied as follows: Autheticatio: The process of verifyig who is at the other ed of the lik. Autheticatio is performed for devices. I Bluetooth, this is achieved by the autheticatio procedure based o the stored lik key or by pairig (eterig a PIN). [12] Authorisatio: This is the process of decidig if device X is allowed to have access to service Y. This is where the cocept of trusted exist (explaied below). [4 pg. 14] Bluetooth uses lik level security where each coectio is give a uique secret autheticatio key ad ecryptio key that is derived from the first oe. More of these later i the paper. Commuicatio betwee differet Bluetooth (BT) devices use fast frequecy-hoppig spread spectrum (FHSS) techique, which uses 79 differet radio chaels. Bluetooth uses the same frequecy tha other household machies, example microwave ove, which ca cause iterferece. FHSS prevets this iterferece to cause too much harm, sice it chages trasmissio frequecy 1600

User Iterface Geeral Mgmt RFCOMM (or other Security Etity multiplexig Protocol) Maager Service L2CAP Database Device Database HCI Lik Maager / Lik cotroller Leged Registratio Query Figure 1. Security Architecture (based o [4]) times per secod ad if there is a iterferece at some frequecy, oly that oe trasmissio is damaged. FHSS also add security o data trasmissio betwee devices sice it makes it harder to eavesdrop. O the other had the low trasmissio power prevets the trasmissio to propagate far ad makes it harder to cut betwee the trasmissio. The iformatio o a BT packet ca be protected by ecryptio. Oly the packet payload is ecrypted, ever the access code ad the packet header. The ecryptio is doe with a stream cipher E0, which is sychroised for each payload. 2.1 Security Architecture The Bluetooth architecture is show i figure 1. The security maager stores iformatio about the security of services ad devices. It decides o acceptig the access or discoectio ad requires autheticatio ad ecryptio if they are eeded. Security maager also iitiates settig up a trusted relatioship ad pairig ad asks for PIN code from the user. 2.2 Security Levels Bluetooth has several differet security levels that ca be defied for devices ad services. All the devices get a status whe they coect the first time to aother device. 2.2.1 Device Trust Level The devices ca have two trust levels; trusted ad utrusted. The trusted level requires a fixed ad trusted relatioship ad it has urestricted access to all services. The device has to be previously autheticated. The utrusted device does t have fixed relatioship ad its access to services is limited. A utrusted device ca also have a fixed relatioship, but it s ot cosidered as trusted. A ew device is labelled as ukow device ad it is always utrusted. 2.2.2 Security Modes Bluetooth has three differet security modes build i it ad they are as follows: Security Mode 1 A device will ot iitiate ay security. A o-secure mode. [12] Security Mode 2 A device does ot iitiate security procedures before chael establishmet o L2CAP level This mode allows differet ad flexible access policies for applicatios, especially ruig applicatios with differet security requiremets i parallel. A service level eforced security mode. [12] Security Mode 3 A device iitiates security procedures before the lik set-up o LPM level is completed. A lik level eforced security mode. [12] This paper exploits most the security mode 2.

2.2.3 Security Level of Services The eed for authorisatio, autheticatio ad ecryptio chages. Whe the coectio is set there are differet levels of security where the user ca choose from. The security level of a service is defied by three attributes: Authorisatio required: Access is oly grated automatically to trusted devices or utrusted devices after a authorisatio procedure. [4 pg. 15] Autheticatio required: Before coectig to the applicatio, the remote device must be autheticated. [4 pg. 15] Ecryptio Required: The lik must be chaged to ecrypted mode, before access to the service is possible. [4 pg. 15] O the lowest level the services ca be set to be accessible to all devices. Usually there is a eed for restrictios so the user ca set the service so that it eeds autheticatio. Whe the highest level of security is eeded the service ca require authorisatio ad autheticatio. At this level trusted device has access to the services, but utrusted device eeds maual authorisatio. 2.3 Lik Layer At the lik layer, autheticatio of the peers ad ecryptio of the iformatio maitai security. For basic security we eed a devices uique public address (BD_ADDR), two secret keys (autheticatio keys ad ecryptio key) ad a radom umber geerator. BD_ADDR is used i the autheticatio process. Whe a challege is give. The device has to respose with it s ow challege that is based o the icomig challege, its BD_ADDR ad a lik key shared with the two devices. Other devices BD_ADDRs are stored i the device database for further use. 2.4 Radom umber Geeratio Each Bluetooth device has a radom umber geerator to be used i the security fuctios. This geerator is usually implemeted with software. BT devices use radom umbers for cotactig other devices ad for the autheticatio ad ecryptio. 3.1 Lik key There are four lik keys to cover the differet applicatios it is used for. All the keys are 128-bit radom umbers ad are either temporary or semi-permaet. Uit key, K A, is derived at the istallatio of the Bluetooth device from a uit A. The storage of K A requires little memory space ad is ofte used whe device has little memory or whe the device should be accessible to a large group of users. Combiatio key, K AB, is derived from two uits A ad B. This key is geerated for each pair of devices ad is used whe more security is eeded. This requires more memory, sice device has to store oe combiatio key for each coectio it has. The master key, K master, is used whe the master device wats to trasmit to several devices at oes. It over rides the curret lik key oly for oe sessio. The iitialisatio key, K iit, is used i the iitialisatio process. This key protects iitialisatio parameters whe they are trasmitted. This key is formed from a radom umber, a L-octet PIN code, ad the BD_ADDR of the claimat uit. 3.2 Ecryptio key Ecryptio key is derived from the curret lik key. Each time ecryptio is eeded the ecryptio key will be automatically chaged. The purpose of separatig the autheticatio key ad ecryptio key is to facilitate the use of a shorter ecryptio key without weakeig the stregth of the autheticatio procedure. [1 pg. 152] 3.3 PIN code This is a umber, which ca be fixed or selected by the user. The legth is usually 4 digits, but it ca be aythig betwee 1 to 16 octets. The user ca chage it whe it wats to ad this adds security to the system. The PIN ca be used eterig it ito oe device (fixed PIN), but it is safer to eter it to both uits. Example the latter oe ca be used whe there is a laptop ad a phoe to be coected. 3. KEY MANAGEMENT There are several kids of keys i the Bluetooth system to esure secure trasmissio. The most importat key is the lik key, which is used betwee two BT devices for autheticatio purpose. Usig the lik key a ecryptio key is derived. This secures the data of the packet ad is regeerated for all ew trasmissios. Figure 2. Ecryptio ad key cotrol [5]

3.4 Key Geeratio ad Iitialisatio The exchage of the keys takes place durig a iitialisatio phase, which has to be carried out separately for each two uits that wat to implemet autheticatio ad ecryptio. All iitialisatio procedures cosists of the followig five parts: - Geeratio of a iitialisatio key - Autheticatio - Geeratio of lik key - Lik key exchage - Geeratig of ecryptio key i each uit [1 pg. 153] After this procedure the coectio is build or the lik ca be aborted. 4. AUTHENTICATION Autheticatio starts by issuig a challege to aother device ad it has to the sed a respose to that challege which is based o the challege, it s BD_ADDR ad lik key shared betwee them. After autheticatio, ecryptio may be used to commuicate. [10] Without kowig the PIN, oe uit ca t logo to the other uit if autheticatio is activated. To make matters easier, the PIN ca be stored somewhere iside the uit (i Memory/Hard Drive etc.) so if you wish to establish the coectio, a user may ot have to maually type i the PIN (Note: the level of security is oe i this case). [14] Bluetooth uses a challege-respose scheme i which a Verifier (Uit A) Claimat (Uit B) AU_RAND A BD_RAND B Lik key ACO E 1? = AU_RAND A Figure 3. Challege-respose for BT [based o 1] claimat s kowledge of a secret key is checked through a 2-move protocol usig symmetric secret keys. [1 pg. 169] It has bee represeted i figure 3. The uit A seds a radom iput, deoted by AU_RAND A, with a E 2 AU_RAN BD_RAN Lik key ACO autheticatio code, deoted by E1 for the uit B. Uit B calculates as stated i Figure 4 ad returs the result to uit A. Uit A will derive (i figure 4) ad will autheticate the Uit B if ad are equal. E1 cosist of the tuple AU_RAND A ad the BT device address (BD_ADDR) of the claimat. O each autheticatio a ew AU_RAND A (a radom umber) is issued. [1 pg. 169] The challege-respose scheme for the symmetric keys used i the bluetooth are show i figure 4. The applicatio idicates who has to be autheticated by whom. Certai applicatios oly require a oe-way autheticatio. However, i some peer-to-peer commuicatios oe might prefer a mutual autheticatio i which each uit is subsequetly the challeger (verifier) i two autheticatio procedures. The Lik Maager coordiates the idicated autheticatio prefereces by the applicatio to determie i which directio(s) the = Verifier E(key,IDB,RAND) autheticatio(s) has to take place. [1 pg. 170] 5. ENCRYPTION Claimat (User A) (User B) RAND Checks: = = E(key,IDB,RAND) Figure 4. Challege-respose for symmetric key system. [based o 1] The Bluetooth specificatio 1.0 describes the lik ecryptio algorithm as a stream cipher usig 4 LFSR (liear feedback shift registers). The sum of the width of the LFSR is 128, ad the spec says the effective key legth is selectable betwee 8 ad 128 bits. This arragemet allows Bluetooth to be used i coutries with regulatios limitig ecryptio stregth, ad "facilitate a future upgrade path for the security without the eed for a costly redesig of the algorithms ad ecryptio hardware" accordig to the Bluetooth specificatio. Key geeratio ad autheticatio seems to be usig the 8- roud SAFER+ ecryptio algorithm. [3] [6] The iformatio available suggests that Bluetooth security will be adequate for most purposes; but users with higher security requiremets will eed to employ stroger algorithms to esure the security of their data. [3] [6]

6. SECURITY LIMITATIONS Bluetooth security is ot all satisfactory ad it has some limitatios. First about the autheticatio: oly the device is autheticated, ot the user. If this feature is eeded it have to be accomplished with applicatio level security. Secodly BT does t defie authorisatio separately for each service either. This ca be applied i the Bluetooth architecture without chagig the BT protocol stack, but chages i the security maager ad the registratio processes would be ecessary. At the momet BT oly allows access cotrol at coectio set-up. The access check ca be asymmetric, but oce a coectio is established, data flow is i priciple bi-directioal. It is ot possible withi the scope of this architecture to eforce uidirectioal traffic. [4 pg. 11] There is o support of legacy applicatios: It will ot make calls to the security maager. Istead Bluetoothaware adapter applicatio is required to make securityrelated calls to the BT security maager o behalf of the legacy applicatio. [4 pg. 11] 7. CONCLUSIONS AND FURTHER WORK Bluetooth security is ot complete, but is seems like it was t meat to be that way. More security ca be accomplished easily with additioal software that is all ready available. More detailed iformatio ca be foud from chapter 14 of the Specificatio of the Bluetooth System. Further work will be doe i the other semiar papers o the Bluetooth security. 8. REFERENCES 1. Specificatio of the Bluetooth System, volume 1B, December 1 st 1999 2. Kowledge Base for Bluetooth iformatio http://www.ifotooth.com/ 3. Geeral iformatio o bluetooth http://www.mobileifo.com/bluetooth/ 4. Thomas Muller, Bluetooth WHITE PAPER: Bluetooth Security Architecture, Versio 1.0, 15July 1999 5. Aikka Aalto, Bluetooth http://www.tml.hut.fi/studies/tik110.300/1999/essays/ bluetooth.html 6. Bluetooth iformatio, http://www.bluetoothcetral.com/ 7. Oraskari, Jyrki, Bluetooth 2000 http://www.hut.fi/~joraskur/bluetooth.html 8. How Stuff Works, iformatio o BT http://www.howstuffworks.com/bluetooth3.htm 9. Iformatio o Bluetooth (Official Homepage) http://www.bluetooth.com/ 10. Bluetooth Basebad http://www.ifotooth.com/tutorial/baseband.htm 11. Bluetooth - a iferior LAN cocept? http://www.ifotooth.com/kowbase/otheretworks/71. htm 12. Bluetooth Glossary http://www.ifotooth.com/glossary.htm#autheticatio 13. Autheticatio process i Bluetooth http://www.ifotooth.com/kowbase/security/66.htm 14. Autheticatio i Bluetooth http://www.ifotooth.com/kowbase/security/80.htm

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback