Focus On

Bluetooth Security Presented by

Kanij Fatema Sharme

What Is Bluetooth?☼ Bluetooth is an open standard for short-range digital radio to interconnect a variety of devices Cell phones, PDA, notebook computers, modems, cordless phones, pagers, laptop computers, printers, cameras by developing a single-chip, low-cost, radio-based wireless network technology

Bluetooth

• Bluetooth is a PAN Technology– Offers fast and reliable transmission for

both voice and data– Can support either one asynchronous data

channel with up to three simultaneous synchronous speech channels or one channel that transfers asynchronous data and synchronous speech simultaneously

– Support both packet-switching and circuit-switching

Security of Bluetooth

• Security in Bluetooth is provided on the radio paths only– Link authentication and encryption may be provided– True end-to-end security relies on higher layer security

solutions on top of Bluetooth

• Bluetooth provides three security services– Authentication – identity verification of communicating

devices– Confidentiality – against information compromise– Authorization – access right of resources/services

Security Modes (Authentication )

• Exchange Business Cards– Needs a secret key

• A security manager controls access to services and to devices– Security mode 2 does not provide any security

until a channel has been established

• Key Generation from PIN– PIN: 1-16 bytes. PINs are fixed and may be

permanently stored. Many users use the four digit 0000

Creation of a link key Authentication

• Challenge-Response Based– Claimant: intends to prove its identity, to be verified– Verifier: validating the identity of another device– Use challenge-response to verify whether the claimant

knows the secret (link key) or not . If fail, the claimant must wait for an interval to try a new attempt.

– The waiting time is increased exponentially to defend the “try-and-error” authentication attack

– Mutual authentication is supported• Challenge (128-bit)• Response (32-bit)• 48-bit device address

Bluetooth Security Architecture

• Step 1: User input (initialization or pairing)– Two devices need a common pin (1-16 bytes)

• Step 2: Authentication key (128-bit link key) generation– Possibly permanent, generated based on the PIN, device

address, random numbers, etc.

• Step 3: Encryption key (128 bits, store temporarily)

• Step 4: key stream generation for xor-ing the payload

Hacker Tools

• Bluesnarfing:• is the theft of information from a wireless device through

a Bluetooth connection. • By exploiting a vulnerability in the way Bluetooth is

implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and e-mail and text messages -- without leaving any evidence of the attack.

• Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems.

• Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled.

Most important security weaknesses

• Problems with E0

• PIN

• Problems with E1

• Location privacy

• Denial of service attacks

Location privacy

• Devices can be in discoverable mode

• Every device has fixed hardware address Addresses are sent in clear

– possible to track devices (and users)

Denial of service attacks

• Radio jamming attacks

• Buffer overflow attacks

• Blocking of other devices

• Battery exhaustion (e.g., sleep deprivation torture attack)

Other weaknesses

• No integrity checks

• No prevention of replay attacks

• Man in the middle attacks

• Sometimes: default = no security

Advantages (+)

• Wireless (No Cables)

• No Setup Needed

• Low Power Consumption (1 Milliwat)

• Industry Wide Support

Disadvantages (-)

• Short range (10 meters)

• Small throughput rates

- Data Rate 1.0 Mbps

• Mostly for personal use (PANs)

• Fairly Expensive

The End

• Thank You, for attending my presentation.