Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

security Lauri Mikkola “

advertisement 
security
Lauri Mikkola
“I don’t have to be careful, I’ve got a gun.”
-Homer Simpson
About Bluetooth
• Developed by a group called Bluetooth Special
Interest Group (SIG), formed in may 1998
• Founding members were Ericsson, Nokia, Intel,
IBM and Toshiba
• Bluetooth connects different wireless devises,
like laptops, mobile phones, PDAs, refrigerators
etc.
• Bluetooth is intended to distances about 10
meters (piconet)
24.7.2016
2
Bluetooth details
• Utilizes the 2.45Ghz ISM-band
• Uses fast frequency-hopping spread spectrum
(FHSS) technique between 79 frequencies
1600/s
• Can give bit rates up to 1 Mbps
• Piconet consist of max 8 nodes
• Low cost ( ~5€ ) and small size
24.7.2016
3
Bluetooth components
•
Radio unit
−
•
TDD and FHSS
Baseband unit
−
•
Voice to data conversion, packet segmentation, master/slave
communication, identification of parties, control authorization
Link Management Protocol (LMP)
−
•
Set up connections and implement security features like key
exchanges and encryption
Logical Link Control and Adaptation Protocol (L2CAP)
−
•
Multiplexing, packer segmentation/reassemly, QoS
Service Discovery Protocol (SDP)
–
24.7.2016
Queries a Bluetooth devise and checks what services it supports
4
Bluetooth protocol Architecture
24.7.2016
5
Bluetooth security features
• The Bluetooth specification include security
features at the link level
• Supports authorization, authentication and
encryption
• Based on a secret link key that is shared by a
pair of devices
• Link key generated by a pairing procedure when
two devices communicate for the first time
24.7.2016
6
Security modes of Bluetooth(1)
• Security mode 1
– No security, for testing only. Allows other Bluetooth
devices initiate connections with it, PUSH messages
• Security mode 2
– A device does not initiate security procedures before
establishment of the link between the devices at the
L2CAP level.
– Trusted and untrusted devices
– Security polices can flexible impose different trust
levels: authentication, authorisation and encyrption
24.7.2016
7
Security modes of Bluetooth (2)
• Security mode 3
– Security at the Baseband level
– Security manager imposes security policies
– LMP makes encryption and key exchanges
24.7.2016
8
Key Management (1)
• Link keys
– All keys are 128bit random numbers and are either
temporary or semi-permanent
– Unit key KA , unique long-term private key of a device
– Combination key KAB derived from units A and B.
Generated for each pair of devices
– Master key Kmaster ,used when master device wants
to transmit to several devices at once
– Initialization key Kinit ,used in the initialization
process.
24.7.2016
9
Key Management (2)
• Encryption key
– Derived from the current link key. Each time
encryption is needed the encryption key will be
automatically changed
– Separated from authentication key
• PIN Code
– Fixed or selected by the user
– Usually 4 digits, can be 8 to 128 bits
– Shared secret
24.7.2016
10
Establishment of Initialization Key
(Pairing)
24.7.2016
11
Verification of Initialization Key
(Pairing)
24.7.2016
12
Establishment of Link Key (1)
(Pairing)
• Link key of devices A and B = unit key KA of device A
24.7.2016
13
Establishment of Link Key (2)
(Pairing)
• Link key of devices A and B = combination key KAB
24.7.2016
14
Authentication and Encryption
• Authentication by issuing a challenge to another device
• The other device replies to challenge with a message
based on the challenge, the Device address and the
shared link key.
• The device that issued the challenge verifies the
response and authenticates if the response is equals to
it’s own calculations.
• Encryption is based on the 4 LFSR algorithm
24.7.2016
15
Bluetooth security weaknesses (1)
• Unlike in 802.11b WLAN, the security algorithms of Bluetooth are
considered strong. However there are some attack possibilities
• PIN weakness
– Initial authentication is based on a PIN that can be anywhere
between 8-128 bits.
– If poorly chosen can be easy to guess
• Impersonation
– A hacker can scan the MIN and ESN and pretend to be someone
else
– Stealing the Unit Key
– Only the device is authenticated, not the user
• Replay attacks
– A hacker can record Bluetooth transmissions in all 79
frequencies and then in some way figure out frequency hopping
sequence and then replay the whole transmission.
24.7.2016
16
Bluetooth security weaknesses (2)
• Man in the middle
– Bluetooth authentication is not based on public key certificates. It
is possible to play man in the middle
• Location attack
– A Bluetooth device has (globally) a unique identification number,
therefore it is possible to identify and locate users position
• Denial-of-Service attack
– Jamming the whole ISM band, takes lot of energy
– Put so many Bluetooth devices that the band is consumed
– Try to connect, authentication fails, but a legal client will not get
through either
24.7.2016
17
How to avoid being attacked
• Paring is the most critical moment of a attack
• Paring should be performed in a most secure
place
• Long PIN numbers are strongly encouraged
• Avoid using unit keys. Use combination keys
• To check default settings of device
– Chose to respond only to inquiries of known devices
– Do not save PIN permanently in memory
24.7.2016
18
For the paranoid
• MobileCloak
• Cloaktec Shied (fabric)
– Blocks 10Mhz to 20Ghz
signal
• Nylon Shell
• Lightweight
• Only $34
•
- mCloak r5TM for Bluetooth
www.mobliecloak.com
24.7.2016
19
Related documents
FINANCE COMMITTEE REPORT Thursday, January 21, 2016
FINANCE COMMITTEE REPORT Thursday, January 21, 2016
Hot Leads Campaign Brief
Hot Leads Campaign Brief
Download
advertisement