An Analysis of An Analysis of Bluetooth Security Bluetooth Security Jaymin Shah Sushma Kamuni
Jan 16, 2016
An Analysis of Bluetooth SecurityAn Analysis of Bluetooth Security
Jaymin Shah Sushma
Kamuni
IntroductionIntroductionBluetooth
◦It is an open wireless protocol for exchanging data over short distances from fixed and mobile devices, creating personal area network.
◦Act as a reliable source of transmission for voice and data
Designed to operate in the ISM bandGaussian Frequency Shift Keying is usedData rate of 1Mb/sec can be achieved
Features: Low cost, low power and robustness
Class Range (meters) Max. Power (mW)
1 100 100
2 10 2.5
3 1 1
Bluetooth SecurityBluetooth SecurityAuthentication: Verifies the identification of the devices
that are communicating in the channel.
Confidentiality: Protecting the data from the attacker by allowing only authorized users to access the data.
Authorization: Only authorized users have control over the resources.
Security features of BluetoothSecurity features of BluetoothSecurity Mode 1: Non-Secure Mode
Security Mode 2: Service level enforced security mode
Security Mode 3: Link-level enforced security mode
Link Key GenerationLink Key Generation
AuthenticationAuthentication
Authentication SummaryAuthentication Summary
Parameter Length Secrecy parameter
Device Address 48 Bits Public
Random Challenge 128 Bits Public
Authentication (SRES) Response
32 Bits Public
Link Key 128 Bits Secret
BD_ADDRBVerifier Claimant
Calculates SRES’
Authentication Process
AU_RAND
SRES
Success if match
ConfidentialityConfidentialityConfidentiality security service protects the eavesdropping attack on air-interface.
Bluetooth Encryption ProcessBluetooth Encryption ProcessEncryption Mode 1: No encryption is needed.
Encryption Mode 2: Encrypted using link key keys.
Encryption Mode 3: All traffic is encrypted.
Trust levels, service levels and Trust levels, service levels and authenticationauthenticationService level 1: Requires authentication and
authorization.
Service level 2: Requires only authentication.
Service level 3: Open to all bluetooth devices.
Problems with the standard Problems with the standard Bluetooth SecurityBluetooth Security
Security Issue Remarks
Strength of the Random Number Generator (RNG) is unknown.
RNG may produce periodic numbers that reduces the strength of authentication mechanism.
Short PINs are allowed. Such weak PINs are used to generate link and encryption keys that are easily predictable.
Encryption key length is negotiable. More robust initialization key generation procedure should be developed.
No user authentication exists. As only device authentication is provided, application security and user authentication can be employed.
Stream cipher is weak and key length is negotiable.
Robust encryption procedure and minimum key length should be decided and passed as an agreement.
Security Issue RemarksPrivacy can be compromised if the BD_ADDR is captured and associated with a particular user.
Once the BD_ADDR is associated with a particular user, that user’s activity can be logged. So, loss of privacy can be compromised.
Device authentication is simple shared key challenge response.
One-way authentication may be subjected to man-in-middle attacks. Mutual authentication is a good idea to provide verification.
Security ThreatsSecurity ThreatsDenial of service: Makes the device unusable and
drains the mobile device battery.
Fuzzing attacks: Sending malformed messages to the bluetooth device.
Blue jacking: Causes harm when the user sends the data to the other user.
Blue snarfing: Uses IMEI identifier to route all the incoming calls.
Man-in-the-middleMan-in-the-middle
FutureFutureBroadcast Channel: Adoption of Bluetooth in the
mobile phones from the Bluetooth information points.
Topology Management: Configuration should be invisible and the messages to the users in the scatternet.
Quality of Service: Video and audio transmission of data with high quality.
ReferencesReferences http://www.bluetooth.com/Bluetooth/Technology/Basics.htm http://en.wikipedia.org/wiki/Bluetooth http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf Software Security Technologies, A programmable approach, By Prof.
Richard Sinn. http://www.urel.feec.vutbr.cz/ra2008/archive/ra2006/abstracts/085.pdf http://en.wikipedia.org/wiki/Bluetooth http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf