CMPE 209 NETWORK SECURITY Spring 2009 Research Paper An Analysis of Bluetooth Security Submitted by Team: Elite Members Jaymin Shah (0063894482) Sushma Kamuni (005833945) DUE DATE: 04/21/2009 I. Introduction Bluetooth is an open wireless protocol for exchanging data over short distances from fixed and mobile devices, creating personal area network. [2] It can be used as one of the alternative for RS232 data cables. Low-cost, low-power and robustness are the main features of the technology. Bluetooth can be act as a reliable source of transmission for voice and data. Bluetooth is operated in the unlicensed ISM (Industrial, Scientific and Medical) band that is most probably available in most part of the world. Gaussian frequency-shift keying (GFSK) is generally used with the basic mode of operation. With the operation of this mode, we can achieve 1 Mb/s of data rate. [1] We can use Bluetooth to exchange data or voice over different electronic devices such as mobile phones, telephones, GPS, personal computers, digital cameras and PDA. Class Range Max. Power (mW) 1 100 meters 100 2 10 meters 2.5 3 1 meter 1 Table 1: Device classes for power management II. Security of Bluetooth We can provide security to Bluetooth at the wireless links for the radio path only. So, we can provide the link authentication and encryption, but it is impossible to make it secure without providing the security to the higher levels. Three basic goals of the security are: 1) Confidentiality: Confidentiality means the assurance of the data privacy – ensuring that none can read the data except for the specific quantity and intended quantities [4]. 2) Authentication: Authentication is the assurance that the entity is what it claims to be [4]. 3) Integrity: Integrity is the assurance of no alteration, meaning that the data either in transit or in storage has not been altered [4]. Bluetooth has frequency hopping scheme with 1600 hops/sec with radio link power control (to constraint the transmit range). This feature may be helpful to avoid eavesdropping and malicious access [3]. The frequency hopping scheme is a technique to avoid the interference that makes it somewhat difficult to locate Bluetooth transmission from adversary. III. Security feature of Bluetooth Bluetooth has three modes of security. At a time, Bluetooth device can operate in one mode only. 1) Mode 1 – Non-secure mode: There won’t be any authentication or encryption in this mode. Bluetooth device can easily be connected with the other devices. The mode is applicable when the security is not required. 2) Mode 2 – Service level enforced security mode (Flexible/Policy Based): In the 2nd mode of operation, channel is established at the Logical Link Control and Adaption Protocol (L2CAP) and then the security procedure is initiated. L2CAP serves for the upper layers by sending either connectionless or connection oriented data. The management of the access control and interfaces with other protocols and device users is handled by the centralized security manager. Different types of policies and ‘trust’ levels can be defined for the different kind of security needs operating in parallel. This makes it possible to access any particular device with some specific rights without providing access to the other devices. So, ultimately we are categorizing the services that can access to some particular services. 3) Mode 3 – Link level enforced security mode (Fixed): Here, contrast to mode 2, security procedure is initiated before the channel is established. This is a built in security mechanism that offers the authentication (unidirectional or mutual) and encryption based on the secret key shared by the pair of devices. Key is generated by the pairing procedure when two devices communicate with each other. Mode 1 Authentication Mode 2 Security Modes Confidentiality Authorization Authentication Mode 3 Confidentiality Figure #1: Taxonomy of Bluetooth security Mode IV. Link Key Generation – Bluetooth Bonding Bluetooth Device 1 Bluetooth Device 2 PIN PIN E2 E2 For Authentication Procedure Link Key Link Key E3 E3 KEY For Encryption Procedure Encryption Key Encryption Key Figure #2(A): Bluetooth Key Generation from PIN [3] Combination – Pairwise Key Semi transparent Unit – Unit specific Key Initialization- Used during initialization only Master – Used for broadcast Figure #2(B) Link key is generated at the initialization phase. Two devices bond each other and derive link keys when user enters an identical key to both the devices. It is shown in the figure. At the end of initialization, devices authenticate each other and perform encryption of links. The PIN used in the initialization may have length from 1 byte to 16 bytes where longer code may provide more security. Authentication Radio Interface Bluetooth Device 1(Claimant) Bluetooth Device 2 (Verifier) Random Number Generator (RNG) BD_ADDR ADDR AU_RAND E1 Algorithm E1 Algorithm ACO ACO SRES =? NO Abort connection Figure # 3: Bluetooth Authentication [3] YES Allow Connection Authentication scheme is basically of a challenge-response type. One device acts as a claimant and the other acts as a verifier. Claimant is the one who tries to prove its identity and verifier verifies the identity of the device that want to prove its identity. Devices are validated by the challenge-response protocol by verifying the secret key – a Bluetooth link key. The scheme is shown the Figure 3. Authentication Process [3]: 1) First, Claimant transmits its 48 bit address to the verifier. (BD_ADDR) 2) Verifier responses it by sending 128 bit random challenge. (AU_RAND) 3) Now with the help of some algorithm E1, the verifier compute the authentication response using the address, link key and random challenge as input. Claimant performs the same operation. 4) The claimant returns the response, SRES, to the verifier. 5) The verifier compares the own response with the response of the claimant. 6) If both the 32 bit SRES values get equal, then the verifier will continue the connection. If authentication failed, then Bluetooth device wait for some time and then try for the new connection. This time interval increases exponentially to prevent an adversary to access the device. However, this suspension technique won’t provide security against sophisticated adversaries. Confidentiality Bluetooth provides the confidentiality security service to protect eavesdropping attack on air-interface. Data is passed in the encrypted forms when it is transformed from one device to another. Bluetooth encryption process is based on the stream cipher. Pay load bits are exclusivelyOR-ed with key stream output and then send to the receiving device. The master identity (BD_ADDR), the random number (EN_RAND), a slot number and encryption key are passed as inputs to the encrypted function. Although other variables are remaining as it is, ciphering engine will reinitialized as slot number used in the stream cipher changes with each packet. Internal key generator generates the encryption key for algorithm based on the link key, random number and ACO value. The 128 bit secret link key is held with the device itself and inaccessible to user. This element will not transmit outside the Bluetooth device. The encryption key is generated from the current link key where the key size may vary from 8 bits to 128 bits. Negotiation process occurs at the time of communication between two devices [3]. There are three different modes of encryption modes to support the confidentiality service [3]: 1) Encryption mode 1 - No encryption is performed on any traffic. 2) Encryption mode 2 - Broadcast traffic goes unprotected (not encrypted), but individually addressed traffic is encrypted according to individual link keys. 3) Encryption mode 3 - All traffic is encrypted according to master link key. V. Trust Level, Service Level and Authorization There are two types of trust levels for service security. (1) Trusted: Trusted devices are the one that have the full access to the device due to fixed kind of relationship. (2) Untrusted: Untrusted devices maintain temporary relationship with Bluetooth device that results in a restricted service. Three types of security levels: 1) Service Level 1: Level 1 provides authentication and authorization. Trusted devices can access the device automatically while untrusted devices need manual authorization. 2) Service Level 2: Level 2 provides authentication only. Here, authorization is not compulsory and access is permissible only after authentication procedure. 3) Service Level 3: All devices are allowed to access the Bluetooth device. No authentication is required and automatically access is granted to the device. VI. Sr. Problems with the standard Bluetooth Security [3] Security Issue Remarks No 1 Strength of the Random Number RNG may produce periodic numbers that Generator (RNG) is unknown. reduces the strength of authentication mechanism. 2 Short PINs are allowed. Such weak PINs are used to generate link and encryption keys that are easily predictable. 3 Encryption key length is negotiable. More robust initialization key generation procedure should be developed. 4 No user authentication exists. As only device authentication is provided, application security and user authentication can be employed. 5 Stream cipher is weak and key length is Robust encryption procedure and minimum negotiable. key length should be decided and passed as an agreement. 6 Unit key sharing may eavesdropping results in If the corrupt user may have communicated with other users, then corrupt user is able to compromise the security among the other users. 7 Privacy can be compromised if the Once the BD_ADDR is associated with a BD_ADDR is captured and associated particular user, that user’s activity can be with a particular user. logged. So, loss of privacy can be compromised. 8 Device authentication is simple shared One-way authentication may be subjected to key challenge response. man-in-middle attacks. Mutual authentication is a good idea to provide verification. VII. Security Threats Denial of service: This type of attack makes the device to connect to the interface unusable and drains the mobile battery. These attacks are not common, when the battery drains the simplest way is to simply walking away. Fuzzing attacks: This type of attack is an abnormal attack that is carried out to a device Bluetooth radio. When this type of attack exists, the device response will become slow or stop which indicates that a problem exists in the protocol [6]. Blue jacking: In this type of attack, the attacker sends the unwanted messages to the user Bluetooth device. The messages are not directly getting attacked to the device but it causes effect in some other way like adding a new contact. When a user sends message to the other user then the message is sent with a harmful intent [6]. Blue snarfing: In this type of attack, the attacker accesses the Bluetooth device by exploiting to fix a small program flaws internally in the older devices. This attack connects to the Bluetooth device to access the data stored and the device’s international mobile equipment identity (IMEI) [6]. The attacker tracks the incoming messages from user’s device to their devices by using IMEI. Man-in-the-middle: Is a threat to Bluetooth devices between the unit keys. In this type of attack, device A has separately shares the unit keys to communicate with the other devices B and C respectively. The messages shared between devices A and B and devices A and C are different. Suppose the man-in-the –middle, the attacker is at the device C know the secret key of device A, it can use a fake secret key to trap the messages which transmitting between the devices A and B [3]. To generate the encrypted data, the man-in-the-middle can misuse the secret key with device B saying that it is device A. Bluetooth Device A PDA 1 Laptop PDA 2 Bluetooth Device B Bluetooth Device C Figure #4: The man-in-the-middle attack [3] The figure above explains this attack clearly: Step 1: Device A shares a unit key with device B (trusted device) and shares some trusted information. Step 2: Device A share a unit key with device C (untrusted device), which is separate from device A and device B. Step 3: The man-in-the-middle that is Device C fakes the secret key to encrypt the messages that are transmitting between Devices A and B. Step 4: Device C traces the whole data that is transmitting between devices A and B. Users should be aware of security risks that occur while transmitting the sensitive data. It is not a direct threat but the users should be aware of these security threats while using Bluetooth devices [3]. Each Bluetooth device will have its unique address (BD_ADDR) and this address is used as login into the network. It allows all the organizations to login in a secured way and track what an each organization doe on the network. VIII. Future Broadcast Channel: Allows the adoption of Bluetooth in the mobile phones from the Bluetooth information points. Topology Management: Allowing the configuration for the piconet topologies which should be invisible go all the users but the information must be passed in the piconet topology [2]. Quality of Service: Allows video and audio data transmitting over the piconet network users with high quality IX. Conclusion In this report, we tried to discuss about Physical layer frequency band, Data and Network security some possible aspects and some negative aspects. There are many improvements taken since last few years to provide an inexpensive wireless solution still some inherent loopholes exist. Devices like Zigbee and Wibree provides the same functions with less power consumption. So we should work in the direction of improving the security and reducing the power consumption as well. References: [1] http://www.bluetooth.com/Bluetooth/Technology/Basics.htm [2] http://en.wikipedia.org/wiki/Bluetooth [3] http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf [4] Software Security Technologies, A programmable approach, By Prof. Richard Sinn. [5] http://www.urel.feec.vutbr.cz/ra2008/archive/ra2006/abstracts/085.pdf [6] http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf