An Analysis of Bluetooth Security
Jaymin Shah Sushma Kamuni
�Introduction
Bluetooth ◦ It is an open wireless protocol for exchanging data over short distances from fixed and mobile devices, creating personal area network. ◦ Act as a reliable source of transmission for voice and data
�Designed to operate in the ISM band Gaussian Frequency Shift Keying is used Data rate of 1Mb/sec can be achieved
Class 1 2 Range (meters) 100 10 Max. Power (mW) 100 2.5
3
1
1
Features: Low cost, low power and robustness
�Bluetooth Security
Authentication: Verifies the identification of the devices
that are communicating in the channel.
Confidentiality: Protecting the data from the attacker by
allowing only authorized users to access the data.
Authorization: Only authorized users have control over
the resources.
�Security features of Bluetooth
Security Mode 1: Non-Secure Mode Security Mode 2: Service level enforced security
mode
Security Mode 3: Link-level enforced security mode
�Link Key Generation
�Authentication
�Authentication Summary
Verifier BD_ADDRB AU_RAND Calculates SRES’ SRES Success if match Claimant
Authentication Process Parameter Device Address Random Challenge Authentication (SRES) Response Link Key Length 48 Bits 128 Bits 32 Bits 128 Bits Secrecy parameter Public Public Public Secret
�Confidentiality
Confidentiality security service protects the eavesdropping attack on airinterface.
�Bluetooth Encryption Process
Encryption Mode 1: No encryption is needed. Encryption Mode 2: Encrypted using link key keys.
Encryption Mode 3: All traffic is encrypted.
�Trust levels, service levels and authentication
Service level 1: Requires authentication and
authorization.
Service level 2: Requires only authentication. Service level 3: Open to all bluetooth devices.
�Problems with the standard Bluetooth Security
Security Issue Remarks
Strength of the Random Number Generator RNG may produce periodic numbers that (RNG) is unknown. reduces the strength of authentication mechanism. Short PINs are allowed. Such weak PINs are used to generate link and encryption keys that are easily predictable. Encryption key length is negotiable. More robust initialization key generation procedure should be developed. No user authentication exists. As only device authentication is provided, application security and user authentication can be employed. Stream cipher is weak and key length is Robust encryption procedure and minimum negotiable. key length should be decided and passed as an agreement.
�Security Issue
Remarks
Privacy can be compromised if the Once the BD_ADDR is associated with a BD_ADDR is captured and associated particular user, that user’s activity can be with a particular user. logged. So, loss of privacy can be compromised. Device authentication is simple shared One-way authentication may be key challenge response. subjected to man-in-middle attacks. Mutual authentication is a good idea to provide verification.
�Security Threats
Denial of service: Makes the device unusable and
drains the mobile device battery.
Fuzzing attacks: Sending malformed messages to the
bluetooth device.
Blue jacking: Causes harm when the user sends the
data to the other user.
Blue snarfing: Uses IMEI identifier to route all the
incoming calls.
�Man-in-the-middle
�Future
Broadcast Channel: Adoption of Bluetooth in the
mobile phones from the Bluetooth information points.
Topology Management: Configuration should be
invisible and the messages to the users in the scatternet.
Quality of Service: Video and audio transmission of
data with high quality.
�References
http://www.bluetooth.com/Bluetooth/Technology/Basics.htm http://en.wikipedia.org/wiki/Bluetooth http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf Software Security Technologies, A programmable approach, By Prof. Richard Sinn. http://www.urel.feec.vutbr.cz/ra2008/archive/ra2006/abstracts/085.pdf http://en.wikipedia.org/wiki/Bluetooth http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf
�