1 / 19

security

security. Bluetooth. Lauri Mikkola “ I don’t have to be careful, I’ve got a gun.” -Homer Simpson. About Bluetooth. Developed by a group called Bluetooth Special Interest Group (SIG), formed in may 1998 Founding members were Ericsson, Nokia, Intel, IBM and Toshiba

irving
Download Presentation

security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. security Bluetooth Lauri Mikkola “I don’t have to be careful, I’ve got a gun.” -Homer Simpson

  2. About Bluetooth • Developed by a group called Bluetooth Special Interest Group (SIG), formed in may 1998 • Founding members were Ericsson, Nokia, Intel, IBM and Toshiba • Bluetooth connects different wireless devises, like laptops, mobile phones, PDAs, refrigerators etc. • Bluetooth is intended to distances about 10 meters (piconet)

  3. Bluetooth details • Utilizes the 2.45Ghz ISM-band • Uses fast frequency-hopping spread spectrum (FHSS) technique between 79 frequencies 1600/s • Can give bit rates up to 1 Mbps • Piconet consist of max 8 nodes • Low cost ( ~5€ ) and small size

  4. Bluetooth components • Radio unit • TDD and FHSS • Baseband unit • Voice to data conversion, packet segmentation, master/slave communication, identification of parties, control authorization • Link Management Protocol (LMP) • Set up connections and implement security features like key exchanges and encryption • Logical Link Control and Adaptation Protocol (L2CAP) • Multiplexing, packer segmentation/reassemly, QoS • Service Discovery Protocol (SDP) • Queries a Bluetooth devise and checks what services it supports

  5. Bluetooth protocol Architecture

  6. Bluetooth security features • The Bluetooth specification include security features at the link level • Supports authorization, authentication and encryption • Based on a secret link key that is shared by a pair of devices • Link key generated by a pairing procedure when two devices communicate for the first time

  7. Security modes of Bluetooth(1) • Security mode 1 • No security, for testing only. Allows other Bluetooth devices initiate connections with it, PUSH messages • Security mode 2 • A device does not initiate security procedures before establishment of the link between the devices at the L2CAP level. • Trusted and untrusted devices • Security polices can flexible impose different trust levels: authentication, authorisation and encyrption

  8. Security modes of Bluetooth (2) • Security mode 3 • Security at the Baseband level • Security manager imposes security policies • LMP makes encryption and key exchanges

  9. Key Management (1) • Link keys • All keys are 128bit random numbers and are either temporary or semi-permanent • Unit key KA , unique long-term private key of a device • Combination key KAB derived from units A and B. Generated for each pair of devices • Master key Kmaster ,used when master device wants to transmit to several devices at once • Initialization key Kinit ,used in the initialization process.

  10. Key Management (2) • Encryption key • Derived from the current link key. Each time encryption is needed the encryption key will be automatically changed • Separated from authentication key • PIN Code • Fixed or selected by the user • Usually 4 digits, can be 8 to 128 bits • Shared secret

  11. Establishment of Initialization Key(Pairing)

  12. Verification of Initialization Key(Pairing)

  13. Establishment of Link Key (1)(Pairing) • Link key of devices A and B = unit key KA of device A

  14. Link key of devices A and B = combination key KAB Establishment of Link Key (2)(Pairing)

  15. Authentication and Encryption • Authentication by issuing a challenge to another device • The other device replies to challenge with a message based on the challenge, the Device address and the shared link key. • The device that issued the challenge verifies the response and authenticates if the response is equals to it’s own calculations. • Encryption is based on the 4 LFSR algorithm

  16. Bluetooth security weaknesses (1) • Unlike in 802.11b WLAN, the security algorithms of Bluetooth are considered strong. However there are some attack possibilities • PIN weakness • Initial authentication is based on a PIN that can be anywhere between 8-128 bits. • If poorly chosen can be easy to guess • Impersonation • A hacker can scan the MIN and ESN and pretend to be someone else • Stealing the Unit Key • Only the device is authenticated, not the user • Replay attacks • A hacker can record Bluetooth transmissions in all 79 frequencies and then in some way figure out frequency hopping sequence and then replay the whole transmission.

  17. Bluetooth security weaknesses (2) • Man in the middle • Bluetooth authentication is not based on public key certificates. It is possible to play man in the middle • Location attack • A Bluetooth device has (globally) a unique identification number, therefore it is possible to identify and locate users position • Denial-of-Service attack • Jamming the whole ISM band, takes lot of energy • Put so many Bluetooth devices that the band is consumed • Try to connect, authentication fails, but a legal client will not get through either

  18. How to avoid being attacked • Paring is the most critical moment of a attack • Paring should be performed in a most secure place • Long PIN numbers are strongly encouraged • Avoid using unit keys. Use combination keys • To check default settings of device • Chose to respond only to inquiries of known devices • Do not save PIN permanently in memory

  19. MobileCloak Cloaktec Shied (fabric) Blocks 10Mhz to 20Ghz signal Nylon Shell Lightweight Only $34 www.mobliecloak.com mCloak r5TM for Bluetooth For the paranoid

More Related