Uploaded by Prof. Winfred Yaokumah

BluetoothSecurity

advertisement
BLUETOOTH TECHNOLOGY/SECURITY
Prepared By: Lo’ai Hattar
Supervised By: Dr. Lo’ai Tawalbeh
New York Institute of Technology (NYIT)
Jordan’s campus-2006
What’s With the Name?
•The name ‘Bluetooth’ was named after 10th century
Viking king in Denmark Harald Bluetooth who united
and controlled Denmark and Norway.
•The name was adopted because Bluetooth wireless
technology
is
expected
to
unify
the
telecommunications and computing industries
Who Started Bluetooth?
• Bluetooth Special Interest Group (SIG)
•Founded in Spring 1998
•By Ericsson, Intel, IBM, Nokia, Toshiba;
•Now more than 2000 organizations joint the SIG
What Is Bluetooth?
☼ Bluetooth is an open standard for short-range
digital radio to interconnect a variety of devices Cell
phones, PDA, notebook computers, modems,
cordless phones, pagers, laptop computers, printers,
cameras by developing a single-chip, low-cost,
radio-based wireless network technology
Bluetooth
•
•
•
•
•
•
•
•
Simplifying communications between:
- devices and the internet
- data synchronization
Operates in licensed exempt ISM band at 2.4ghz
Uses frequency hoping spread spectrum
Omni directional, no requiring line of sight
Bluetooth offers data speeds of up to 1 Mbps up to 10
meters (Short range wireless radio technology )
Unlike IrDA, Bluetooth supports a LAN-like mode
where multiple devices can interact with each other.
The key limitations of Bluetooth are security and
interference with wireless LANs.
Short range wireless radio technology
Bluetooth
• Bluetooth is a PAN Technology
– Offers fast and reliable transmission for both
voice and data
– Can support either one asynchronous data
channel with up to three simultaneous
synchronous speech channels or one channel
that transfers asynchronous data and
synchronous speech simultaneously
– Support both packet-switching and circuitswitching
Bluetooth
• Personal Area Network (PAN) Bluetooth is
a standard that will …
– Eliminate wires and cables between both
stationary and mobile devices
– Facilitate both data and voice
communications
– Offer the possibility of ad hoc networks and
deliver synchronicity between personal
devices
Bluetooth Topology
• Bluetooth-enabled devices can automatically
locate each other
• Topology is established on a temporary and
random basis
• Up to eight Bluetooth devices may be
networked together in a master-slave
relationship to form a Piconet
Cont.
• One is master, which controls and setup the
network
• All devices operate on the same channel and
follow the same frequency hopping sequence
• Two or more piconet interconnected to form a
scatter net
• Only one master for each piconet
• A device can’t be masters for two piconets
• The slave of one piconet can be the master of
another piconet
Ad-hoc
•
•
•
•
•
•
is a network connection method which is most often
associated with wireless devices.
The connection is established for the duration of one
session and requires no base station.
Instead, devices discover others within range to form a
network for those computers.
Devices may search for target nodes that are out of range
by flooding the network with broadcasts that are forwarded
by each node.
Connections are possible over multiple nodes (multihop ad
hoc network).
Routing protocols then provide stable connections even if
nodes are moving around
A piconet
• is an ad-hoc computer network of devices
using Bluetooth technology protocols to
allow one master device to interconnect
with up to seven active slave devices
• Up to 255 further slave devices can be
inactive, or parked, which the master device
can bring into active status at any time.
A Typical Bluetooth Network Piconet
• Master sends its globally unique 48-bit id and
clock
– Hopping pattern is determined by the 48-bit device ID
– Phase is determined by the master’s clock
• Why at most 7 slaves?
– (because a three-bit MAC adress is used).
• Parked and standby nodes
– Parked devices can not actively participate in the
piconet but are known to the network and can be
reactivated within some milliseconds
– 8-bit for parked nodes
– No id for standby nodes
– Standby nodes do not participate in the piconet
Security Protocol
• There are five phases of Simple Pairing:
Phase 1: Public key exchange
Phase 2: Authentication Stage 1
Phase 3: Authentication Stage 2
Phase 4: Link key calculation
Phase 5: LMP Authentication and Encryption
• Phases 1, 3, 4 and 5 are the same for all protocols
whereas phase 2 (Authentication Stage 1) is different
depending on
• the protocol used. Distributed through these five
phases are 13 steps.
Bluetooth Frequency
• Has been set aside by the ISM( industrial ,sientific
and medical ) for exclusive use of Bluetooth wireless
products
• Communicates on the 2.45 GHz frequency
Frequency Selection
• FH is used for interference mitigation
and media access;
• TDD (Test-Driven Development) is used
for separation of the transmission
directions In 3-slot or 5-slot packets
FH-CDMA (Frequency Hopping Code Division Multiple Access)
• Frequency hopping (FH) is one of two basic modulation
techniques used in spread spectrum signal transmission.
• It is the repeated switching of frequencies during radio
transmission, often to minimize the effectiveness of the
unauthorized interception or jamming of
telecommunications.
• It also is known as frequency- hopping code division
multiple access (FH-CDMA).
• Bluetooth uses a technique called spread-spectrum
frequency hopping.
Avoiding Interference : Hopping
•
• In this technique, a device will use 79 individual,
randomly chosen frequencies within a designated range
• Transmitters change frequency 1600 times a second
Cont.
• Each channel is divided into time slots 625
microseconds long
• Packets can be up to five time slots wide
• Data in a packet can be up to 2,745 bits in length
Cont.
• FH-CDMA to separate piconets within a scatternet
• More piconets within a scatter net degrades
performance
– Possible collision because hopping patterns are
not coordinated
• At any instant of time, a device can participate
only in one piconet
• If the device participates as a slave, it just
synchronize with the master’s hop sequence
Cont.
• The master for a piconet can join another
piconet as a slave; in this case, all
communication within in the former piconet
will be suspended .
• When leaving a piconet, a slave notifies the
master about its absence for certain amount
of time.
• Communication between different piconets
takes place by devices jumping back and
forth between these nets
Simplified Bluetooth stack
Bluetooth Profile Structure
How Does It Work?
• Bluetooth is a standard
for tiny, radio frequency
chips that can be plugged
into your devices
• These chips were designed to
take all of the information that
your wires normally send, and
transmit it at a special
frequency to something
called a receiver
Bluetooth chip.
• The information is then transmitted to your device
Bluetooth Chip
Bluetooth Chip
RF
Baseband
Link
Controller
Manager
SPECIFICATIONS
• Bluetooth specifications are divided into two:
– Core Specifications
This bluetooth specification contains the Bluetooth Radio Specification
as well as the Baseband, Link Manager, L2CAP, Service Discovery,
RFCOMM and other specifications.
SPECIFICATIONS
– Application Specifications
•
•
•
•
•
•
•
•
•
•
These specifications include the following
Profiles Cordless Telephony
Serial Port
Headset
Intercom
Dialup Networking
Fax
File Transfer
Service Discovery Application
Generic Access
RADIO POWER CLASSES
• The Bluetooth specification allows for three different
types of radio powers:
– Class 1 = 100mW
– Class2 = 2.5mW
– Class 3 = 1mW
• These power classes allow Bluetooth devices to connect
at different ranges
• High power radius have longer ranges. The maximum
range for a Class 1, 100mW is about 100 meters. There
is also a minimum range for a Bluetooth connection.
The minimum range is around 10cm.
Power Management Benefits
• Cable Replacement
– Replace the cables for peripheral devices
• Ease of file sharing
– Panel discussion, conference, etc.
• Wireless synchronization
– Synchronize personal information contained in the address
books and date books between different devices such as
PDAs, cell phones, etc.
• Bridging of networks
– Cell phone connects to the network through dial-up
connection while connecting to a laptop with Bluetooth.
Bluetooth Devices
Bluetooth will soon be enabled in
everything from:
• Telephones
• Headsets
• Computers
• Cameras
• PDAs
• Cars
• Etc …
Bluetooth Products
• Bluetooth-enabled
PC Card
1
Bluetooth Products
• Bluetooth-enabled
PDA
2
Bluetooth Products
• Bluetooth-enabled
Cell Phone
3
Bluetooth Products
• Bluetooth-enabled
Head Set
4
Usage Models
•
•
•
•
•
•
Cordless computer
Ultimate headset
Three-in-one phone
Interactive conference (file transfer)
Direct network access
Instant postcard
Wireless Technologies
• There are two technologies that have been
developed as wireless cable replacements:
Infrared (IRDA) and radio (Bluetooth).
Why Not Infrared?
•
•
•
•
•
•
•
Intended for point to point links
Limited to line of sight
have a narrow angle (30 degree cone),
Low penetration power
Distance covered is low(1 meter approx)
have a throughput of 9600 bps to 4 Mbps
IrDA has proven to be a popular technology with
compliant ports currently available in an array of
devices including: embedded devices, phones,
modems, computers (PCs) and laptops, PDAs,
printers, and other computer peripherals
Compare Infrared, Bluetooth
Bluetooth
Infrared
Spread
Spectrum
Infrared, narrow
beam
Spectrum
2.4GHz
Optical 850
nano meters
Data Rate
1Mbps
16Mbps
Range
30 Feet
3 Feet
Supported
Devices
Upto 8
2
Connection
Type
Cont…..
Voice
Channels
3
Data Security 8-128bit Key
Addressing
48 bit MAC
1
No special
security
32 bit ID
Our Focus
•Bluetooth security
Security of Bluetooth
• Security in Bluetooth is provided on the radio paths only
– Link authentication and encryption may be provided
– True end-to-end security relies on higher layer security
solutions on top of Bluetooth
• Bluetooth provides three security services
– Authentication – identity verification of communicating
devices
– Confidentiality – against information compromise
– Authorization – access right of resources/services
• Fast FH together with link radio link power control provide
protection from eavesdropping and malicious access
– Fast FH makes it harder to lock the frequency
– Power control forces the adversary to be in relatively close
proximity
Security Modes (Authentication )
• Exchange Business Cards
– Needs a secret key
• A security manager controls access to
services and to devices
– Security mode 2 does not provide any security
until a channel has been established
• Key Generation from PIN
– PIN: 1-16 bytes. PINs are fixed and may be
permanently stored. Many users use the four
digit 0000
Bluetooth Key Generation From PIN
• Bluetooth Initialization Procedure
(Pairing)
– Creation of an initialization key (ki)
– Creation of a link key Authentication (ka)
Creation of an Initialization Key
• PIN and its length
(ki)
Creation of a link key Authentication
• Challenge-Response Based
– Claimant: intends to prove its identity, to be verified
– Verifier: validating the identity of another device
– Use challenge-response to verify whether the claimant
knows the secret (link key) or not . If fail, the claimant
must wait for an interval to try a new attempt.
– The waiting time is increased exponentially to defend
the “try-and-error” authentication attack
– Mutual authentication is supported
• Challenge (128-bit)
• Response (32-bit)
• 48-bit device address
Confidentiality
• ACO (Authenticated Cipher Offset) is 96-bit,
generated during the authentication procedure
– ACO and the link key are never transmitted
• Encryption key Kc is generated from the
current link key
– Kc is 8-bit to 128-bit, negotiable between the master
and the slave Master suggests a key size Set the
“minimum acceptable” key size parameter to prevent a
malicious user from driving the key size down to the
minimum of 8 bits
• The key stream is different for different packet
since slot number is different
Three Encryption Modes for Confidentiality
• Encryption Mode 1: -- No encryption is
performed on any traffic
• Encryption Mode 2: -- Broadcast traffic
goes unprotected
– while uni cast traffic is protected by the unique
key
• Encryption Mode 3: -- All traffic is
encrypted
Trust Levels, Service Levels
(authorization )
• Two trust levels: trusted and untrusted
– Trusted devices have full access right
– Untrusted devices have restricted service access
Bluetooth Security Architecture
• Step 1: User input (initialization or pairing)
– Two devices need a common pin (1-16 bytes)
• Step 2: Authentication key (128-bit link key)
generation
– Possibly permanent, generated based on the PIN, device
address, random numbers, etc.
• Step 3: Encryption key (128 bits, store
temporarily)
• Step 4: key stream generation for xor-ing the
payload
Security cont.
• The security of the whole system relies on
the PIN which may be too short
– Users intend to use 4-digit short PINs, or even a
null PIN
• Utilized new cryptographic primitives,
which have not gone through enough
security analysis. (E0,E1,E20,E22)
algorithms
E0 algorithm
• The E0 algorithm is designed specifically for
Bluetooth
• E0 has gone many security analysis. When used in
Bluetooth mode, the security of E0 is decreased
from 128-bit to 84-bit;
• when used outside of a Bluetooth system, its
effective security is only 39-bit
• A Bluetooth device resets the E0 key after every
240 output bits, severely limiting the amount of
known key stream that may be available to the
cryptanalyst.
Short Key Attacks
• we focus on .short key. attacks, that still manage to
recover the key despite this limitation.
• attacker can guess the content of the registers of
the three smaller LFSRs and of the E0 combiner
state registers with a probability of 2 to power 93.
• This attack requires a total of 128 bits of known
plaintext and ciphertext. The reverse engineering
and verication takes approximately 27 operations.
Making the total complexity of the attack 2to
power100.
Long Key Attacks
• an attack that recovers the session key in a
similar way to what showed, only that
assuming much more keystream is available
• within a packet and therefore the overall
complexity was closer to O(2 to power 93).
• Short range was a countermeasure to
force the attackers to be in close
proximity;
– now range extenders can be easily built
• Attackers grow since information is more
attractive
– People use Bluetooth not only for personal
information, but also for corporate information
Hacker Tools
• Bluesnarfing:
• is the theft of information from a wireless device through
a Bluetooth connection.
• By exploiting a vulnerability in the way Bluetooth is
implemented on a mobile phone, an attacker can access
information -- such as the user's calendar, contact list and
e-mail and text messages -- without leaving any evidence
of the attack.
• Other devices that use Bluetooth, such as laptop
computers, may also be vulnerable, although to a lesser
extent, by virtue of their more complex systems.
• Operating in invisible mode protects some devices, but
others are vulnerable as long as Bluetooth is enabled.
Hacker Tools
• Bluejacking
• is the sending of unsolicited messages over Bluetooth to
Bluetooth-enabled devices such as mobile phones, PDAs or
laptop computers, sending a vCard which typically contains a
message in the name field It is widely believed that the term
bluejacking comes from Bluetooth and hijacking.
• However, a bluejacker doesn't hijack anything: he or she merely
uses a feature on the sender and the recipient's device. Both
parties remain in absolute control over their devices, and a
bluejacker will not be able to take over your phone or steal your
personal information.
• Bluejacking is usually technically harmless, but because
bluejacked people don't know what is happening, they think
their phone is malfunctioning.
• Usually, a bluejacker will only send a text message, but with
modern phones it's possible to send images or sounds as well.
Most important security weaknesses
•
•
•
•
•
Problems with E0
PIN
Problems with E1
Location privacy
Denial of service attacks
Problems with E0
• Given all cryptographic primitives (E0,
E1, E21, E22) used in Bluetooth
Pairing/Bonding and authentication
process the Bluetooth PIN can be
cracked ? – Focus on short PIN now.
• Output (KC) = combination of 4 LFSRs
(Linear Feedback Shift Register)
• Key (KC) = 128 bits
• Best attack: guess some registers
PIN
• Some devices use a fixed PIN
(default=0000)
• Security keys = security PIN !!!!
• Possible to check guesses of PIN (SRES)
-> brut force attack
• Weak PINs (1234, 5555, …
Problems with E1
• E1 = SAFER+
• In cryptography, SAFER (Secure And Fast Encryption
Routine) is the name of a family of block ciphers The
early SAFER K and SAFER SK designs share the same
encryption function, but differ in the number of rounds
and the key schedule. More recent versions — SAFER+
and SAFER++ —
• All of the algorithms in the SAFER family are
unpatented and available for unrestricted use.
• Some security weaknesses (although not applicable to
Bluetooth)
– slow
Location privacy
• Devices can be in discoverable mode
• Every device has fixed hardware address
Addresses are sent in clear
– possible to track devices (and users)
Denial of service attacks
•
•
•
•
Radio jamming attacks
Buffer overflow attacks
Blocking of other devices
Battery exhaustion (e.g., sleep
deprivation torture attack)
Other weaknesses
•
•
•
•
No integrity checks
No prevention of replay attacks
Man in the middle attacks
Sometimes: default = no security
Advantages (+)
• Wireless (No Cables)
• No Setup Needed
• Low Power Consumption (1 Milliwat)
• Industry Wide Support
Disadvantages (-)
• Short range (10 meters)
• Small throughput rates
- Data Rate 1.0 Mbps
• Mostly for personal use (PANs)
• Fairly Expensive
Bluetooth’s Future
•The future of this technology becoming a standard is likely
•With a strong industry pushing behind it, success is inevitable.
•Bluetooth will soon be known as Bluetooth 2.2 as they are trying to
develop the product to better fulfill the needs of consumers
•Often, with new technology, early changes mean
reconstruction. Not With Bluetooth, instead, there will be
an improvement to the existing standard.
The End
• Thank You, for attending my presentation.
Download