An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni.

An Analysis of Bluetooth SecurityAn Analysis of Bluetooth Security

Jaymin Shah Sushma

Kamuni

IntroductionIntroductionBluetooth

◦It is an open wireless protocol for exchanging data over short distances from fixed and mobile devices, creating personal area network.

◦Act as a reliable source of transmission for voice and data

Designed to operate in the ISM bandGaussian Frequency Shift Keying is usedData rate of 1Mb/sec can be achieved

Features: Low cost, low power and robustness

Class Range (meters) Max. Power (mW)

1 100 100

2 10 2.5

3 1 1

Bluetooth SecurityBluetooth SecurityAuthentication: Verifies the identification of the devices

that are communicating in the channel.

Confidentiality: Protecting the data from the attacker by allowing only authorized users to access the data.

Authorization: Only authorized users have control over the resources.

Security features of BluetoothSecurity features of BluetoothSecurity Mode 1: Non-Secure Mode

Security Mode 2: Service level enforced security mode

Security Mode 3: Link-level enforced security mode

Link Key GenerationLink Key Generation

AuthenticationAuthentication

Authentication SummaryAuthentication Summary

Parameter Length Secrecy parameter

Device Address 48 Bits Public

Random Challenge 128 Bits Public

Authentication (SRES) Response

32 Bits Public

Link Key 128 Bits Secret

BD_ADDRBVerifier Claimant

Calculates SRES’

Authentication Process

AU_RAND

SRES

Success if match

ConfidentialityConfidentialityConfidentiality security service protects the eavesdropping attack on air-interface.

Bluetooth Encryption ProcessBluetooth Encryption ProcessEncryption Mode 1: No encryption is needed.

Encryption Mode 2: Encrypted using link key keys.

Encryption Mode 3: All traffic is encrypted.

Trust levels, service levels and Trust levels, service levels and authenticationauthenticationService level 1: Requires authentication and

authorization.

Service level 2: Requires only authentication.

Service level 3: Open to all bluetooth devices.

Problems with the standard Problems with the standard Bluetooth SecurityBluetooth Security

Security Issue Remarks

Strength of the Random Number Generator (RNG) is unknown.

RNG may produce periodic numbers that reduces the strength of authentication mechanism.

Short PINs are allowed. Such weak PINs are used to generate link and encryption keys that are easily predictable.

Encryption key length is negotiable. More robust initialization key generation procedure should be developed.

No user authentication exists. As only device authentication is provided, application security and user authentication can be employed.

Stream cipher is weak and key length is negotiable.

Robust encryption procedure and minimum key length should be decided and passed as an agreement.

Security Issue RemarksPrivacy can be compromised if the BD_ADDR is captured and associated with a particular user.

Once the BD_ADDR is associated with a particular user, that user’s activity can be logged. So, loss of privacy can be compromised.

Device authentication is simple shared key challenge response.

One-way authentication may be subjected to man-in-middle attacks. Mutual authentication is a good idea to provide verification.

Security ThreatsSecurity ThreatsDenial of service: Makes the device unusable and

drains the mobile device battery.

Fuzzing attacks: Sending malformed messages to the bluetooth device.

Blue jacking: Causes harm when the user sends the data to the other user.

Blue snarfing: Uses IMEI identifier to route all the incoming calls.

Man-in-the-middleMan-in-the-middle

FutureFutureBroadcast Channel: Adoption of Bluetooth in the

mobile phones from the Bluetooth information points.

Topology Management: Configuration should be invisible and the messages to the users in the scatternet.

Quality of Service: Video and audio transmission of data with high quality.

ReferencesReferences http://www.bluetooth.com/Bluetooth/Technology/Basics.htm http://en.wikipedia.org/wiki/Bluetooth http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf Software Security Technologies, A programmable approach, By Prof.

Richard Sinn. http://www.urel.feec.vutbr.cz/ra2008/archive/ra2006/abstracts/085.pdf http://en.wikipedia.org/wiki/Bluetooth http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf