Security. Nelli Gordon and Sean Vakili May 10 th 2011

Similar documents
[A SHORT REPORT ON BLUETOOTH TECHNOLOGY]

Bluetooth. Quote of the Day. "I don't have to be careful, I've got a gun. -Homer Simpson. Stephen Carter March 19, 2002

ALL SAINTS COLLEGE OF TECHNOLOGY, BHOPAL

Introduction to Wireless Networking ECE 401WN Spring 2009

CS4/MSc Computer Networking. Lecture 13: Personal Area Networks Bluetooth

ENRNG3076 : Oral presentation BEng Computer and Communications Engineering

Bluetooth. The Bluetooth Vision. Universal Wireless Connectivity. Universal Wireless Connectivity

Bluetooth. 3.3 Latest Technology in Wireless Network. What is BLUETOOTH: Bluetooth 2/17/2016

MOBILE COMPUTING. Jan-May,2012. ALAK ROY. Assistant Professor Dept. of CSE NIT Agartala.

A network is two or more computers, or other electronic devices, connected together so that they can exchange data.

Wireless Personal Area Networks & Wide Area Networks

Bluetooth Demystified

Bluetooth Technologies

Special Course in Computer Science: Local Networks. Lecture

A Seminar Report On Bluetooth Technology

Jeffrey Price Dr. Konak IST 220 Bluetooth Technology

NETWORK SECURITY. Ch. 3: Network Attacks

Communication Systems. WPAN: Bluetooth. Page 1

Bluetooth. Bluetooth Radio

Bluetooth. March 28, 2005 Patrick Lui

It is the process of sharing data, programs, and information between two or more computers.

In Brief TARIFF CLASSIFICATION OF CERTAIN ARTICLES USING BLUETOOTH TECHNOLOGY

Securing A Bluetooth Device

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

WPAN-like Systems. UWB Ultra Wide Band. IrDA Infrared Data Association. Bluetooth. Z-Wave. WPAN Wireless Personal Area Network

Guide to Wireless Communications, 3 rd Edition. Objectives

Naveen Kumar. 1 Wi-Fi Technology

Orientation and Guidance within Doors

Introducing Bluetooth

Wireless# Guide to Wireless Communications. Objectives

Wireless Personal Area Networks

Bluetooth: Short-range Wireless Communication

Logitech Advanced 2.4 GHz Technology With Unifying Technology

AT THE END OF THIS SECTION, YOU SHOULD HAVE AN UNDERSTANDING OF THE

Modulation. Propagation. Typical frequency bands

By FaaDoOEngineers.com

IMPLEMENTATION AND SECURITY OF BLUETOOTH TECHNOLOGY

Computer Networks II Advanced Features (T )

HANDS FREE MOBILE HAM RADIO AND BLUETOOTH

Seminar: Mobile Systems. Krzysztof Dabkowski Supervisor: Fabio Hecht

Mobile Hands Free Operation. Ontario Regulation 366/09

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

ON SECURITY OF BLUETOOTH WIRELESS SYSTEM. Pavel Kucera, Petr Fiedler, Zdenek Bradac, Ondrej Hyncica

Guide to Bluetooth Security

Overview of Bluetooth

A Survey on Security Threats and Vulnerability attacks on Bluetooth Communication

Bluetooth. Digital Communications CIM242. Amarpreet Singh Saini KINGSTON UNIVERSITY K /10/2010

3Com Wireless Bluetooth PC Card, USB Adapter, and Printer Adapter

Wireless Networking. Chapter The McGraw-Hill Companies, Inc. All rights reserved

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Case study of Wireless Technologies in Industrial Applications

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Wireless (Select Models Only) User Guide

Ethical Hacking and. Version 6. Module XXXVII Bluetooth Hacking

Chapter 10: Wireless LAN & VLANs

Connecting & Addressing Security Concerns of Bluetooth Technology in Current Scenario

Security Overview of Bluetooth

ECE 435 Network Engineering Lecture 8

MOBILE COMPUTING. Bluetooth 9/20/15. CSE 40814/60814 Fall Basic idea

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Discover the world of Bluetooth technology

CompTIA FC0-U51. CompTIA IT Fundamentals.

A COLLOCATED APPROACH FOR COEXISTENCE RESOLUTION IN WIRELESS HOME NETWORKING

CEN 538 Wireless LAN & MAN Networks

Bluetooth in Mobile Devices

WIRELESS-NETWORK TECHNOLOGIES/PROTOCOLS

Bluetooth Intercom Vinita D. Mishra Patkar Varde College S. V. Road, Goregaon (West), Mumbai

101seminartopics.com. Bluetooth Based Smart Sensor Networks

Manual and Application note

Wireless Audio Interface User Guide

Chapter 13: Advanced Laptops and Portable Devices

Mobile Security Fall 2013

ELECTRONIC DEVICES ACCEPTABLE USE POLICY

Wireless Security Background

Wireless (Select Models Only) User Guide

Research on Modern Bluetooth Technology

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Wireless Sensor Networks BLUETOOTH LOW ENERGY. Flavia Martelli

COMP327 Mobile Computing Session: Lecture Set 6 - Personal Area Networks and Wireless Connections - Part 2

Ethernet. Lecture 6. Outline. Ethernet - Physical Properties. Ethernet - Physical Properties. Ethernet

Wireless networks: from cellular to ad hoc

Wireless technology Principles of Security

Sensor Application for Museum Guidance

Automobile Functions Control System via Bluetooth Utility

Lecture Objectives. Lecture 1 Wireless Environment and Wireless LANs. Agenda (1) Agenda (2) Wireless Spectrum (1)

5. Execute the attack and obtain unauthorized access to the system.

Rab Nawaz Jadoon (Assistant Professor) Department of Computer Science COMSATS University, Abbottabad, Pakistan

12/2/09. Mobile and Ubiquitous Computing. Bluetooth Networking" George Roussos! Bluetooth Overview"

LTE : The Future of Mobile Broadband Technology

What is Eavedropping?

Bluetooth technology: security features, vulnerabilities and attacks Pasquale Stirparo Jan Loeschner Marco Cattani

Wireless Attacks and Countermeasures

Endpoint Security - what-if analysis 1

Security of Wireless Networks in Intelligent Vehicle Systems

Network fundamentals IB Computer Science. Content developed by Dartford Grammar School Computer Science Department

Amarjeet Singh. February 7, 2012

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

CHAPTER 3 BLUETOOTH AND IEEE

Wireless Bluetooth USB Dongle User s Guide

Solving the Interference Problem due to Wireless LAN for Bluetooth Transmission Using a Non- Collaborative Mechanism. Yun-Ming, Chiu 2005/6/09

Transcription:

Security Nelli Gordon and Sean Vakili May 10 th 2011

What is Bluetooth? Bluetooth is an open standard for short-range radio frequency (RF) communication. Bluetooth technology is used primarily to establish wireless personal area networks (WPAN), commonly referred to as ad hoc or peer-to-peer (P2P) networks. Bluetooth is a low-cost, low-power technology that provides a mechanism for creating small wireless networks on an ad hoc basis, known as piconets.

Bluetooth devices

Origin of the name Bluetooth was named after a late 900s king, Harald Blåtand (Harald Bluetooth) King of Denmark and Norway. He is known for his unification of previously warring tribes from Denmark (including Scania, present-day Sweden, where the Bluetooth technology was invented), and Norway. Bluetooth likewise was intended to unify different technologies, such as computers and mobile phones.

History The Bluetooth specification was developed in 1994 by Jaap Haartsen and Sven Mattisson, who were working for Ericsson in Lund, Sweden. The specification is based on frequency-hopping spread spectrum technology. The specifications were formalized by the Bluetooth Special Interest Group (SIG). The SIG was formally announced on May 20, 1998. Today it has a membership of over 14,000 companies worldwide. It was established by Ericsson, IBM, Intel, Toshiba and Nokia, and later joined by many other companies.

Where we can find it? Bluetooth technology has been integrated into many types of business and consumer devices, including: Cellular phones Personal digital assistants (PDA) Laptops Automobiles Printers Headsets This allows users to form ad hoc networks between a wide variety of devices to transfer voice and data. This presentation provides an overview of Bluetooth technology and discusses related security concerns.

More Bluetooth devices

Why do we need Bluetooth (key benefits of Bluetooth technology are): Cable replacement. Bluetooth technology replaces a variety of cables, such as those traditionally used for peripheral devices (e.g., mouse and keyboard connections), printers, and wireless headsets and ear buds that interface with personal computers (PC) or mobile telephones. Ease of file sharing. A Bluetooth-enabled device can form a piconet to support file sharing capabilities with other Bluetooth devices, such as laptops. Wireless synchronization. Bluetooth provides automatic synchronization between Bluetooth- enabled devices. For example, Bluetooth allows synchronization of contact information contained in electronic address books and calendars. Internet connectivity. A Bluetooth device with Internet connectivity can share that access with other Bluetooth devices. For example, a laptop can use a Bluetooth connection to have a mobile phone establish a dial-up connection, so that the laptop can access the Internet through the phone.

Bluetooth vs. Wi-Fi Bluetooth and Wi-Fi have many applications: setting up networks, printing, or transferring files. Wi-Fi is intended for resident equipment and its applications. The category of applications is outlined as WLAN, the wireless local area networks. Wi-Fi is intended as a replacement for cabling for general local area network access in work areas. Wi-Fi uses the same radio frequencies as Bluetooth, but with higher power, resulting in a faster connection and better range from the base station. Bluetooth was intended for non-resident equipment and its applications. The category of applications is outlined as the wireless personal area network (WPAN). Bluetooth is a replacement for cabling in a variety of personally carried applications in any setting.

Bluetooth Device Classes of Power Management Type Power Power Level Designed Operating Range Class 1 High 100 mw (20 dbm) Up to 91 meters (300 feet) Class 2 Medium 2.5 mw (4 dbm) Up to 9 meters (30 feet) Class 3 Low 1 mw (0 dbm) Up to 1 meter (3 feet) Sample Devices AC-powered devices (USB dongles, access points) Batterypowered devices (mobile devices, Bluetooth adapters, smart card readers) Batterypowered devices (Bluetooth adapters)

Bluetooth Spy Phone Spy Software http://www.youtube.com/watch?v=9qmdigutluq

Various versions of Bluetooth specifications define four security modes: Security Mode 1 is non-secure. In Security Mode 2, a security manager (as specified in the Bluetooth architecture) controls access to specific services and devices. In Security Mode 3, a Bluetooth device initiates security procedures before the physical link is fully established. Bluetooth devices operating in Security Mode 3 mandates authentication and encryption for all connections to and from the device. This mode supports authentication (unidirectional or mutual) and encryption. Similar to Security Mode 2, Security Mode 4 (introduced in Bluetooth v2.1 + EDR) is a service level enforced security mode in which security procedures are initiated after link setup. Security requirements for services protected by Security Mode 4 must be classified as one of the following: authenticated link key required, unauthenticated link key required, or no security required.

Confidentiality In addition to the Security Modes, Bluetooth provides a separate confidentiality service to thwart eavesdropping attempts on the payloads of the packets exchanged between Bluetooth devices. Bluetooth has three Encryption Modes, but only two of them actually provide confidentiality. The modes are as follows: Encryption Mode 1 No encryption is performed on any traffic.! Encryption Mode 2 Individually addressed traffic is encrypted using encryption keys based on individual link keys; broadcast traffic is not encrypted.! Encryption Mode 3 All traffic is encrypted using an encryption key based on the master link key. Encryption Modes 2 and 3 use the same encryption mechanism.

Trust Levels, Service Levels, and Authorization In addition to the four security modes, Bluetooth allows two levels of trust and three levels of service security. The two Bluetooth levels of trust are trusted and untrusted. A trusted device has a fixed relationship with another device and has full access to all services. An untrusted device does not have an established relationship with another Bluetooth device, which results in the untrusted device receiving restricted access to services. Service Level 1 Requires authorization and authentication. Automatic access is granted only to trusted devices; untrusted devices need manual authorization. Service Level 2 Requires authentication only; authorization is not necessary. Access to an application is allowed only after an authentication procedure. Service Level 3 Open to all devices, with no authentication required. Access is granted automatically.

Bluetooth Vulnerabilities After 1 st use, unit key becomes public Can lead to eavesdropping Pin management Encryption keystream repetition Secure storage of link keys Repeated authentication attempts (unlimited but time gap)

Threats Bluetooth technology and associated devices are susceptible to general wireless networking threats, such as: Denial of service attacks Eavesdropping Man-in-the-middle attacks Message modification Resource misappropriation They are also threatened by more specific Bluetooth-related attacks that target known vulnerabilities in Bluetooth implementations and specifications.

Blue Threats Bluesnarfing - Forces a connection to a Bluetooth device, allowing access to data stored on the device and even the device s international mobile equipment identity (IMEI) Bluejacking - Initiated by an attacker sending unsolicited messages to a user of a Bluetooth-enabled device to entice the user to respond. Resembles spam and phishing attacks conducted against email users. Bluebugging - Security flaw in the firmware allows attacker to use the commands of the device without informing the user

Other Threats Car Whisperer (European developed software tool) Allows an attacker to send to or receive audio from the car kit or receive from mic Denial of Service Making a device s Bluetooth interface unusable and draining the mobile device s battery Fuzzing Attacks Consist of sending malformed or otherwise non-standard data to a device s Bluetooth radio and observing how the device reacts

Risk Mitigation/Countermeasures Security measures organizational security policy aware of responsibilities pre-cautionary measures inventory list of devices and addresses

Risk Mitigation/Countermeasures (continued) Units set to lowest necessary power level to minimize range Complex pin codes Undiscoverable by default Maximum key size encryption Mutual authentication Service-level security mode 3 (most secure) Install software patches & upgrades

Future of Bluetooth Coming home Home audio Wireless mouse/keyboard Home automation and energy efficiency (smart energy) A2DP - Bluetooth profile for streaming audio Such as from a music phone to headphones Supports stereo audio One-way instead of two-way

Where you can find more information? Guide to Bluetooth Security Recommendations of the National Institute of Standards and Technology by Karen Scarfone and John Padgette

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback