Bluetooth March 28, 2005 Patrick Lui 0053252
1. Introduction As our everyday lives move closer towards complete digital age, connectivity between devices is an important aspect that has not been emphasized comparing to other technologies. An often neglected part of research and development, there are only a few different protocols used in commercial products. Some of the examples include infrared, radio signal and Bluetooth. The latter is the focus of this research paper. 2. How Bluetooth works Bluetooth, in short, is a radio-frequency standard allows electronic devices to communicate wirelessly. It can be separated into two different layers: physical and link layers. Physical Layer It uses frequency in the range 2400 to 2483.5 MHz, which is the Industrial, Scientific and Medical (ISM) band. To minimize collision, Bluetooth adopts Frequency Hopping Spread Spectrum (FHSS). FHSS is when a device switches its frequency at up to 1600 times per second within 79 randomly chosen frequencies. There are three power classes with Class 3 being the most common. A Class 3 Bluetooth device sends 1 millivolt signals while giving a range of up to 10 meters. Since it uses radio-frequency, the shortcoming of line of sight technologies such as infrared is eliminated. It has the ability to go through walls. Link Layer This layer is responsible to establish and multiplex the data between two Bluetooth adapters. Each adapter is assigned an address by the manufacturer. When a Bluetooth-enabled device is turned on, the link layer will look for other devices that are physically within the range that have addresses in a particular addressing range. If one of such device is in range, a Personal Area Network (PAN), also known as a piconet, is formed. One device will act as the master and another as the slave. There can be up to seven active slaves in a piconet. Each slave is given a 3-bit Active Member Address. Once this is done, packets can be transmitted between the master and the slaves. The speed of transmission can go up to 723.2 kb/sec depending if the data is symmetric 2
or asymmetric. This layer is usually controlled by embedded software to conserve power. 3. Security There are three modes of security: Mode 1: Non-secure, no authentication required. Mode 2: Authentication only. Mode 3: Authentication and authorization required before a link can be established. To accomplish the above, the following is provided either by the physical layer or the link layer: random (128 bits), encryption key (8-128 bits) and link key (128 bits). Before a connection between two devices can be established, the link key has to be used for authentication. The link key can be a combination key, unit key, master key or an initialization key, depending on the application. The following table shows which algorithm produces which key: Algorithm Input Output Notes E3 Link key, 96-bit Ciphering Encryption key - encryption key is used whenever a device go into encryption mode Offset Number, random - new encryption key is generated each time going into encryption mode E21 Bluetooth device address, random Combination/Unit key - devices exchange securely their random s and calculate the combination key to be used between them E22 PIN, length of PIN, random Initialization/Master key - the generated key is used for key exchange during the generation of a link key 3
The encryption process is similar to encryption in other devices where the encryption key is used to encrypt and decrypt data. Vulnerabilities There are several known attacks that go through the Bluetooth protocol. A snarf attack refers to the compromise of data. Normally, this is only possible if the devices near an attacker are visible but there are ways around it. Another type of attack is called a backdoor attack, which is the abuse of the list of trusted devices that each Bluetooth-enabled device has. By posing as a trust device, the attack will be able to sneak onto the device without the owner knowing. Bluejacking is another vulnerability where the attacker can send unwanted messages to Bluetooth-enabled devices. The details of how these attacks can be accomplished are easily available online. Although it seems as if it is very easy to be a victim, there is a very simple method to avoid being attacked; do not turn on Bluetooth unless one needs to. There is no way an attacker can cause any harm if Bluetooth is not turned on. 4. Conclusion With so many electronics manufacturer, including Apple, IBM, Sony, Motorola, backing Bluetooth, it is here to stay and will only become more prominent in the near future. As outlined in the Security section, there are issues with Bluetooth but it is a good step towards a wireless society. There are already printers that utilize Bluetooth technology. Bluetooth-enabled keyboards and mouse are becoming more common. While the main use so far is to connect mobile phones and PDA s to the computer, there is no reason to limit this technology to those uses alone. More innovative uses will be seen in the near future. 4
References: Blankenbeckler, D. (n.d.). Retrieved Mar. 25, 2005, from An Introduction to Bluetooth Web site: http://www.wirelessdevnet.com/channels/bluetooth/features/bluetooth.html. Vainio, J. T. (2000). Retrieved Mar. 25, 2005, from Bluetooth Security Web site: http://www.niksula.cs.hut.fi/~jiitv/bluesec.html. (2003). Retrieved Mar. 25, 2005, from Bluetooth Specification Web site: http://www.thewirelessdirectory.com/bluetooth-overview/bluetooth-specifi cation.htm. (2004). Retrieved Mar. 25, 2005, from Serious flaws in bluetooth security lead to disclosure of personal data Web site: http://www.thebunker.net/security/bluetooth.htm. (n.d.). Retrieved Mar. 25, 2005, from How Bluetooth Works Web site: http://electronics.howstuffworks.com/bluetooth.htm. 5