CMPE 209
NETWORK SECURITY
Spring 2009
Research Paper
An Analysis of Bluetooth Security
Submitted by Team: Elite
Members
Jaymin Shah
(0063894482)
Sushma Kamuni (005833945)
DUE DATE: 04/21/2009
I.
Introduction
Bluetooth is an open wireless protocol for exchanging data over short distances from fixed and
mobile devices, creating personal area network. [2] It can be used as one of the alternative for
RS232 data cables. Low-cost, low-power and robustness are the main features of the technology.
Bluetooth can be act as a reliable source of transmission for voice and data. Bluetooth is operated
in the unlicensed ISM (Industrial, Scientific and Medical) band that is most probably available in
most part of the world. Gaussian frequency-shift keying (GFSK) is generally used with the basic
mode of operation. With the operation of this mode, we can achieve 1 Mb/s of data rate. [1] We
can use Bluetooth to exchange data or voice over different electronic devices such as mobile
phones, telephones, GPS, personal computers, digital cameras and PDA.
Class
Range
Max. Power (mW)
1
100 meters
100
2
10 meters
2.5
3
1 meter
1
Table 1: Device classes for power management
II.
Security of Bluetooth
We can provide security to Bluetooth at the wireless links for the radio path only. So, we can
provide the link authentication and encryption, but it is impossible to make it secure without
providing the security to the higher levels.
Three basic goals of the security are:
1) Confidentiality: Confidentiality means the assurance of the data privacy – ensuring that
none can read the data except for the specific quantity and intended quantities [4].
2) Authentication: Authentication is the assurance that the entity is what it claims to be [4].
3) Integrity: Integrity is the assurance of no alteration, meaning that the data either in transit
or in storage has not been altered [4].
Bluetooth has frequency hopping scheme with 1600 hops/sec with radio link power
control (to constraint the transmit range). This feature may be helpful to avoid eavesdropping
and malicious access [3]. The frequency hopping scheme is a technique to avoid the interference
that makes it somewhat difficult to locate Bluetooth transmission from adversary.
III.
Security feature of Bluetooth
Bluetooth has three modes of security. At a time, Bluetooth device can operate in one mode only.
1) Mode 1 – Non-secure mode:
There won’t be any authentication or encryption in this mode. Bluetooth device
can easily be connected with the other devices. The mode is applicable when the security
is not required.
2) Mode 2 – Service level enforced security mode (Flexible/Policy Based):
In the 2nd mode of operation, channel is established at the Logical Link Control
and Adaption Protocol (L2CAP) and then the security procedure is initiated. L2CAP
serves for the upper layers by sending either connectionless or connection oriented data.
The management of the access control and interfaces with other protocols and device
users is handled by the centralized security manager. Different types of policies and
‘trust’ levels can be defined for the different kind of security needs operating in parallel.
This makes it possible to access any particular device with some specific rights without
providing access to the other devices. So, ultimately we are categorizing the services that
can access to some particular services.
3) Mode 3 – Link level enforced security mode (Fixed):
Here, contrast to mode 2, security procedure is initiated before the channel is
established. This is a built in security mechanism that offers the authentication
(unidirectional or mutual) and encryption based on the secret key shared by the pair of
devices. Key is generated by the pairing procedure when two devices communicate with
each other.
Mode 1
Authentication
Mode 2
Security
Modes
Confidentiality
Authorization
Authentication
Mode 3
Confidentiality
Figure #1: Taxonomy of Bluetooth security Mode
IV.
Link Key Generation – Bluetooth Bonding
Bluetooth Device 1
Bluetooth Device 2
PIN
PIN
E2
E2
For Authentication
Procedure
Link Key
Link Key
E3
E3
KEY
For Encryption
Procedure
Encryption
Key
Encryption
Key
Figure #2(A): Bluetooth Key Generation from PIN [3]
Combination – Pairwise Key
Semi transparent
Unit – Unit specific Key
Initialization- Used during initialization only
Master – Used for broadcast
Figure #2(B)
Link key is generated at the initialization phase. Two devices bond each other and derive
link keys when user enters an identical key to both the devices. It is shown in the figure. At the
end of initialization, devices authenticate each other and perform encryption of links. The PIN
used in the initialization may have length from 1 byte to 16 bytes where longer code may provide
more security.
 Authentication
Radio Interface
Bluetooth Device 1(Claimant)
Bluetooth Device 2 (Verifier)
Random Number
Generator (RNG)
BD_ADDR
ADDR
AU_RAND
E1
Algorithm
E1
Algorithm
ACO
ACO
SRES
=?
NO
Abort
connection
Figure # 3: Bluetooth Authentication [3]
YES
Allow
Connection
Authentication scheme is basically of a challenge-response type. One device acts as a
claimant and the other acts as a verifier. Claimant is the one who tries to prove its identity and
verifier verifies the identity of the device that want to prove its identity. Devices are validated by
the challenge-response protocol by verifying the secret key – a Bluetooth link key. The scheme is
shown the Figure 3.
Authentication Process [3]:
1) First, Claimant transmits its 48 bit address to the verifier. (BD_ADDR)
2) Verifier responses it by sending 128 bit random challenge. (AU_RAND)
3) Now with the help of some algorithm E1, the verifier compute the authentication
response using the address, link key and random challenge as input. Claimant performs
the same operation.
4) The claimant returns the response, SRES, to the verifier.
5) The verifier compares the own response with the response of the claimant.
6) If both the 32 bit SRES values get equal, then the verifier will continue the connection.
If authentication failed, then Bluetooth device wait for some time and then try for the new
connection. This time interval increases exponentially to prevent an adversary to access the
device. However, this suspension technique won’t provide security against sophisticated
adversaries.
 Confidentiality
Bluetooth provides the confidentiality security service to protect eavesdropping attack on
air-interface. Data is passed in the encrypted forms when it is transformed from one device to
another.
Bluetooth encryption process is based on the stream cipher. Pay load bits are exclusivelyOR-ed with key stream output and then send to the receiving device. The master identity
(BD_ADDR), the random number (EN_RAND), a slot number and encryption key are passed as
inputs to the encrypted function. Although other variables are remaining as it is, ciphering
engine will reinitialized as slot number used in the stream cipher changes with each packet.
Internal key generator generates the encryption key for algorithm based on the link key, random
number and ACO value. The 128 bit secret link key is held with the device itself and inaccessible
to user. This element will not transmit outside the Bluetooth device.
The encryption key is generated from the current link key where the key size may vary
from 8 bits to 128 bits. Negotiation process occurs at the time of communication between two
devices [3].
There are three different modes of encryption modes to support the confidentiality service [3]:
1) Encryption mode 1
-
No encryption is performed on any traffic.
2) Encryption mode 2
-
Broadcast traffic goes unprotected (not encrypted), but
individually addressed traffic is encrypted according to individual link keys.
3) Encryption mode 3
-
All traffic is encrypted according to master link key.
V.
Trust Level, Service Level and Authorization
There are two types of trust levels for service security.
(1) Trusted: Trusted devices are the one that have the full access to the device due to fixed kind
of relationship.
(2) Untrusted: Untrusted devices maintain temporary relationship with Bluetooth device that
results in a restricted service.
Three types of security levels:
1) Service Level 1: Level 1 provides authentication and authorization. Trusted devices can
access the device automatically while untrusted devices need manual authorization.
2) Service Level 2: Level 2 provides authentication only. Here, authorization is not
compulsory and access is permissible only after authentication procedure.
3) Service Level 3: All devices are allowed to access the Bluetooth device. No
authentication is required and automatically access is granted to the device.
VI.
Sr.
Problems with the standard Bluetooth Security [3]
Security Issue
Remarks
No
1
Strength
of
the
Random
Number RNG may produce periodic numbers that
Generator (RNG) is unknown.
reduces the strength of authentication
mechanism.
2
Short PINs are allowed.
Such weak PINs are used to generate link
and
encryption
keys
that
are
easily
predictable.
3
Encryption key length is negotiable.
More robust initialization key generation
procedure should be developed.
4
No user authentication exists.
As only device authentication is provided,
application security and user authentication
can be employed.
5
Stream cipher is weak and key length is Robust encryption procedure and minimum
negotiable.
key length should be decided and passed as
an agreement.
6
Unit
key
sharing
may
eavesdropping
results
in If the corrupt user may have communicated
with other users, then corrupt user is able to
compromise the security among the other
users.
7
Privacy can be compromised if the Once the BD_ADDR is associated with a
BD_ADDR is captured and associated particular user, that user’s activity can be
with a particular user.
logged. So, loss of privacy can be
compromised.
8
Device authentication is simple shared One-way authentication may be subjected to
key challenge response.
man-in-middle
attacks.
Mutual
authentication is a good idea to provide
verification.
VII. Security Threats
Denial of service: This type of attack makes the device to connect to the interface unusable and
drains the mobile battery. These attacks are not common, when the battery drains the simplest
way is to simply walking away.
Fuzzing attacks: This type of attack is an abnormal attack that is carried out to a device
Bluetooth radio. When this type of attack exists, the device response will become slow or stop
which indicates that a problem exists in the protocol [6].
Blue jacking: In this type of attack, the attacker sends the unwanted messages to the user
Bluetooth device. The messages are not directly getting attacked to the device but it causes effect
in some other way like adding a new contact. When a user sends message to the other user then
the message is sent with a harmful intent [6].
Blue snarfing: In this type of attack, the attacker accesses the Bluetooth device by exploiting to
fix a small program flaws internally in the older devices. This attack connects to the Bluetooth
device to access the data stored and the device’s international mobile equipment identity (IMEI)
[6]. The attacker tracks the incoming messages from user’s device to their devices by using
IMEI.
Man-in-the-middle: Is a threat to Bluetooth devices between the unit keys. In this type of attack,
device A has separately shares the unit keys to communicate with the other devices B and C
respectively. The messages shared between devices A and B and devices A and C are different.
Suppose the man-in-the –middle, the attacker is at the device C know the secret key of device A,
it can use a fake secret key to trap the messages which transmitting between the devices A and B
[3]. To generate the encrypted data, the man-in-the-middle can misuse the secret key with device
B saying that it is device A.
Bluetooth Device A
PDA 1
Laptop
PDA 2
Bluetooth Device B
Bluetooth Device C
Figure #4: The man-in-the-middle attack [3]
The figure above explains this attack clearly:
Step 1: Device A shares a unit key with device B (trusted device) and shares some
trusted information.
Step 2: Device A share a unit key with device C (untrusted device), which is separate
from device A and device B.
Step 3: The man-in-the-middle that is Device C fakes the secret key to encrypt the
messages that are transmitting between Devices A and B.
Step 4: Device C traces the whole data that is transmitting between devices A and B.
Users should be aware of security risks that occur while transmitting the sensitive data. It is not a
direct threat but the users should be aware of these security threats while using Bluetooth devices
[3]. Each Bluetooth device will have its unique address (BD_ADDR) and this address is used as
login into the network. It allows all the organizations to login in a secured way and track what an
each organization doe on the network.
VIII. Future
Broadcast Channel: Allows the adoption of Bluetooth in the mobile phones from the Bluetooth
information points.
Topology Management: Allowing the configuration for the piconet topologies which should be
invisible go all the users but the information must be passed in the piconet topology [2].
Quality of Service: Allows video and audio data transmitting over the piconet network users
with high quality
IX.
Conclusion
In this report, we tried to discuss about Physical layer frequency band, Data and Network
security some possible aspects and some negative aspects. There are many improvements
taken since last few years to provide an inexpensive wireless solution still some inherent
loopholes exist. Devices like Zigbee and Wibree provides the same functions with less power
consumption. So we should work in the direction of improving the security and reducing the
power consumption as well.
References:
[1] http://www.bluetooth.com/Bluetooth/Technology/Basics.htm
[2] http://en.wikipedia.org/wiki/Bluetooth
[3] http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
[4] Software Security Technologies, A programmable approach, By Prof. Richard Sinn.
[5] http://www.urel.feec.vutbr.cz/ra2008/archive/ra2006/abstracts/085.pdf
[6] http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf