Bluetooth Low Energy Security

Presented by:Akshay Kumar

Darshan Ramakant BhatFreeze Francis

A case study

Overview

● What is Bluetooth Low Energy?○ vs classic bluetooth

● Protocol Stack○ PHY and Link

● Encryption● Security Issues in BLE 4.0/4.1

○ Eavesdropping○ Active Attack○ MITM

● Security Enhancements BLE 4.2○ ECDH

What is Bluetooth Low Energy?

● a.k.a Bluetooth Smart● originally introduced under the name Wibree by Nokia in 2006● merged into the main Bluetooth standard in 2010 with the adoption of the

Bluetooth Core Specification Version 4.0● operates in the unlicensed 2.4 GHz band● new modulation and link layer for low-power devices● vs classic Bluetooth

○ incompatible with classic Bluetooth devices○ PHY and link layer almost completely different○ high-level protocols the same

Applications

Bluetooth LE network

Protocol Stack

PHY Layer● 2.4 GHz ISM band splitted into 40 channels:

○ 37 data channels○ 3 advertising channels (37,38,39)○ Central frequency, fn=2402 + 2n MHz

PHY Layer (continued..)● Modulation scheme : Gaussian Frequency Shift Keying(GFSK)

○ Data rate : 1 Mbit/s

● Hopping○ hop along all 37 data channels○ duration (a.k.a hop interval) : one data packet per channel○ hop increment (specific to a connection ) decides the next channel

next channel = (channel + hop increment) mod 37

Link Layer

● Preamble: an alternating binary sequence for synchronization● Access Address: unique identifier which defines a particular connection

○ Fixed value for communications in advertising channel : 0x8E89BED6

● PDU : protocol data unit which is the actual payload (variable length)● CRC : for error checking

○ depends on CRC Init and the PDU○ Computed using Linear Feedback Shift Register (LFSR)

● Whitening is applied to the PDU and CRC.○ Not complicated as it depends only on channel number.○ Computed using LFSR

● Each Bluetooth device has a unique MAC address

Link layer state diagram

● Standby: does not transmit or receive any packets● Advertising: transmitting advertising channel

packets and possibly listening to and responding to responses triggered by these advertising channel packets

● Scanning: listening for advertising channel packets from devices that are advertising.

● Initiating: listening for advertising channel packets from a specific device(s) and responding to these packets to initiate a connection with another device.

● Connection : connected state, device is either master or slave and further communication happens in data channels.

Encryption

● Link layer○ AES-CCM encryption scheme○ CCM : Counter mode with CBC-MAC (Cipher Block Chaining Message Authentication Code)○ authenticated encryption algorithm: encrypts the PDU and also generates MAC

● Application layer ○ user-defined encryption○ generally not used in BLE devices

With Low Energy Comes Low Security!!!Compromises made for low power:

● Hopping rate is less aggressive (37 data channels)● Whitening seed is straight-forward from channel number and LFSR used is

known● Overly simplified custom key exchange

Combining all these resulted in a major flaw in the protocol !!

● Applications:○ heart rate and blood pressure monitors ○ wireless door lock, low power gadgets○ industrial monitoring sensors○ public transportation apps

Eavesdropping● Compromises make eavesdropping easy● To sniff a connection:

○ Hop increment : to determine next channel○ Access address : to find the start of the PDU○ Hop interval : to determine how long to stay in a channel○ CRC init : to filter out corrupt packets

● Two scenarios:○ Observed the connection initialization packet: all values are known.○ Missed the connection initialization packet: recover values by exploiting properties of BLE packets.

Eavesdropping attack in detail

(Hardware)

(Software)

Ubertooth

(to PC)

RF to packets:

● CC2400 gets bits from air● We know Access Address !● MCU finds the start of PDU and gets it

as packet● Wireshark plugin available

Wireshark plugins

Recovering the unknown values● Master and slave transmits packets in each channel, even if

there is no meaningful data (empty packet).● waits for hop_interval x 1.25 ms in a channel.● Empty packet : PDU = header( 16 bit) + empty body

○ easy to identify looking for header○ most traffic is empty

Access address:● Look for an empty packet and AA comes before the header● least frequently used cache (LFU) + CRC to eliminate false

positives

Recovering unknown values (continued..)

CRC init:● seed value used for generating CRC● CRC computed using an LFSR● CRC Init obtained by reversing LFSR with CRC as seed● LFU to filter out false positives

Hop interval:● wait on particular data channel for consecutive packets● 37 channels visited in full cycle●

Recovering unknown values (continued..)

Hop Increment:

● Interarrival time of packets in two data channels (say 0 and 1)

(Fermat's little theorem)

we can now follow a connection and sniff packets, but encryption?

0 -----> 25 -----> 50 -----> 1

Bypassing the encryption● Encryption by link layer● How to get the keys ?

Custom Key Exchange Protocol:● 3 stage process● Stage 1 : Choosing the pairing methods which defines Temporary Key (TK)● Stage 2 : Generate the Short Term Key (STK)● Stage 3 : Generate the Long Term Key (LTK)

● LTK is reused and used to generate session keys● Session keys are used during encrypted sessions (AES-CCM)

Pairing methodsDevices chooses pairing methods based on I/O capabilities.1. Just Works

● TK is trivial i.e TK=0

2. PassKey Entry● TK is 6-digit PIN (user inputs)

3. Out Of Band (OOB)● uses other means like NFC for TK exchange● more secure● almost never used !

The TK (also the 128-bit AES key) is used to generate a ‘confirm’ values.

Cracking the TK

● We already have a packet sniffer● TK is between 0 and 99999 (if passKey entry pairing)● brute forced in < 1 second

(plain text)

Key Exchange Broken

● TK + pairing data is used to compute a STK● STK is used to encrypt the LTK exchange● Worst part : LTK is reused and used to generate session keys● 100 % passive attack and can be done offline

Active AttackWhat if attacker missed the LTK exchange packets?

Two possible active attacks:1. Eavesdropper can jam the connection so that master will drop the connection

causing force re-pairing.2. BLE protocol has provisions for a master or slave to reject a LTK. Eavesdropper

sends an appropriate link layer message (LL_REJECT_IND) that forces a key renegotiation.

Man In The Middle Attacks

An attacker can emulate himself as the valid device and cause the data to pass through him.

Authentication protects against MIMT

Authentication is the method to prevent the MITM

Enhancements in Bluetooth 4.2

There are two major enhancements in BLE 4.2

● New pairing method : A new pairing method is added. Both the devices should have display capabilities and one should have yes or no button.

● Elliptic Curve Diffie Hellman (ECDH) Key exchange:

DH uses prime factorization whereas ECDH uses elliptic curve cryptography.

Breaking the ECDH is more computationally expensive than DH and also it requires less bits than DH.

MITM prevention

● Before pairing both the devices must share pairing parameters that includes authentication requirements

● If authentication is required, both devices must authenticate each other using one of the association models

Which model to use is based on two parameters:

● Can the device receive data from a user, or output data to the user. Involving the user in the pairing process is an important element in the secure transfer of data

● Can the device communicate Out-of-Band (OOB)? For example, if part of the security key can be transferred between the two devices over Near-Field Communication (NFC), an eavesdropper will not be able to make sense of the final data.

Association models (BLE 4.2)● Numeric Comparison—Both devices display a six-digit number and the user

authenticates by selecting ‘Yes’ if both devices are displaying the same number.● Passkey Entry—The user either inputs an identical Passkey into both devices, or one

device displays the Passkey and the user enters that Passkey into the other device.● Out of Band (OOB)—The OOB association model is the model to use if the device are

capable of OOB.● Just Works—This association model is used either when MITM protection is not needed

or when devices have limited IO capabilities.

Diffie-Hellman

Elliptic Curve Cryptography

● An elliptic curve E is the graph of an equation of the form

y2 = x3 + ax + b

● Elliptic curves provides a different way to do

the math in public key system

y2 = x3 - x + 1

Elliptic curve maths

Consider y2 = x3 + 2x + 3 (mod 5)

x = 0 y2 = 3 no solution (mod 5) ; x = 1 y2 = 6 = 1 y = 1,4 (mod 5)

x = 2 y2 = 15 = 0 y = 0 (mod 5); x = 3 y2 = 36 = 1 y = 1,4 (mod 5)

x = 4 y2 = 75 = 0 y = 0 (mod 5)

So valid points on the curve are (1,1) (1,4) (2,0) (3,1) (3,4) (4,0) and (inf,inf)

These points form the finite set.

Addition in elliptic curve

● P1 + P2 = P3

Addition on: y2 = x3 + ax + b (mod p)

P1=(x1,y1), P2=(x2,y2); P1 + P2 = P3 = (x3,y3) where

x3 = (m2 - x1 - x2 ) (mod p); y3 = (m(x1 - x3) - y1 )(mod p)

And m = (y2-y1)(x2-x1)-1 mod p, if P1 ≠P2

m = (3x12+a)(2y1)

-1 mod p, if P1 = P2

What is (1,4) + (3,1) = P3 = (x3,y3) in y2 = x3 +2x+3 mod 5? m = (1-4)(3-1)-1 = (-3)(2)-1 = 2(3) = 6 = 1 (mod 5)

x3 = 1 - 1 - 3 = 2 (mod 5) y3 = 1(1-2) - 4 = 0 (mod 5)

Diffie-Hellman using elliptic maths

Public: Elliptic curve and point (x,y) on curve

Secret: Alice’s A and Bob’s B

Alice computes A(B(x,y))

Bob computes B(A(x,y))

These are the same since AB = BA

Example

Public: Curve y2 = x3 + 7x + b (mod 37) and point (2,5) b = 3

Alice’s secret: A = 4

Bob’s secret: B = 7

Alice sends Bob: 4(2,5) = (7,32)

Bob sends Alice: 7(2,5) = (18,35)

Alice computes: 4(18,35) = (22,1)

Bob computes: 7(7,32) = (22,1)

References

● https://www.bluetooth.com/specifications/bluetooth-core-specification● http://blog.bluetooth.com/everything-you-always-wanted-to-know-about-blueto

oth-security-in-bluetooth-4-2/● “Bluetooth: With Low Energy comes Low Security” by Mike Ryan, 7th USENIX

conference on Offensive Technologies, 2013