Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.

Published byBenjamin Austin Modified over 8 years ago

Similar presentations

Presentation on theme: "“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with."— Presentation transcript:

1 “Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with increased possibilities, it also provide criminals with powerful weapon. This is true for a recently proposed standard for local wireless communication ---- Bluetooth. presented by: Shuping Cao

2 Outline A brief overview of three vulnerabilities in Bluetooth1.0B Introduction of Some bluetooth specifications and relevant attacks Counter-measures to these attacks Conclusion

3 An overview of vulnerabilities Three vulnerabilities in the Bluetooth 1.0 version: The first vulnerability opens up the system so that attackers can determine the key exchanged by two victim devices, this make eavesdropping and impersonation possible. The second vulnerability makes location attacks possible. Geographic location of victim devices can be known to the attacker. The third vulnerability concerns the cipher and the use of cipher, while attacks on the use of cipher is serious.

4 Key Management Specification and Related Attacks(1) Several keys are used to ensure secure transmission of data: Initialization key: Used to protect the exchange of link key, so establishing this key is the basis of link key generation. Computed as a function of a shared PIN, the BD_ADDR and the random number which is chosen by this device. Unit Key: Derived at the installation of bluetooth device. Link Key: Generated by both devices who want more secure communication The information transmitted during link key generation is encrypted by initialization key.

5 Key Management Specification and Related Attacks(2) Eavesdropping and Stealing Keys The secure generation of link key rely on the the initialization Key, and initialization key is a function of PIN code, so once attackers got weak PINS by guessing and stealing, the secure communication can’t be ensured. Middle-person Attack IF attacker knows the link key used by two devices, so he can pose one side to initiate contacts with the other side using the new link key. Consequence: Two devices will not see all the messages they send to each other, only those that attacker choose to send, so the attacker can impersonate the two devices to each other.

6 Specifications relevant to locations attacks Device Mode: discoverable and non-discoverable Attack: Victim device can disclose its identity by responding inquiries from attacker’s devices, then victim’s movements can be known. Addressing: Every device has a unique I.D. called BD_ADDR For each point-to-point, a channel with unique identifier(CAC) is used. CAC is a function of the master’s unique BD_ADDR. Each message sent has this CAC. CAC location Attack: The attackers intercept the network traffic in his proximity, extracting the CAC from message, using this to identify the master device of the piconet, so master device’s whereabouts.

7 Cipher Use Specification and Related Attacks Attacks(On the use of cipher): Encryption E.q. cipher B-A = data A-B XOR data B-A is used when B transmit data B-A to A., If an attacker eavesdrops on encrypted data -- cipher B- A -- and knows one of plaintext, the other will be derived easily. Cipher Use Specification: Cipher B_A Cipher A_B Data A_B KCKC KCKC Data B_A AB

8 Counter-Measures Attacks: Middle-person attack Eavesdropping PIN and keys Attacks against Cipher CAC location attack Defending Measures Application layer security Choose sufficiently long PINs( 64 bit) Using large set of keys Do not use plaintexts to encrypt plaintexts Using different and random pseudonyms for each session

9 Conclusion Three types of attacks (eavesdropping and impersonation, location attacks, attacks against the cipher) are addressed because of the vulnerabilities in the current version of bluetooth specification. Hope the future versions of the standard can be modified to defend against these attacks.

10 Questions? What keys have the bluetooth standard specified to ensure the secure transmission? How they can be generated? What is a effective way to defend middle- person attack?

11 Other Attacks Hopping Along Only a limited hoping frequencies bands(79), so a simple device with 79 listeners can be easily built to scan all bands, then attacker can eavesdropping a conversion in a piconet. A combined attack First, attacker can determine the master device’s I.D. and its clock through some methods, from this he can obtain the hopping sequence, then he intercept the traffic on these various bands and obtain large of information. A collection of devices connected via Bluetooth technology in an ad hoc fashion. A piconet starts with two connected devices, such as a portable PC and cellular phone, and may grow to eight connected devices. All Bluetooth devices are peer units and have identical implementations. However, when establishing a piconet, one unit will act as a master and the other(s) as slave(s) for the duration of the piconet connection. All devices have the same physical channel defined by the master device parameters (clock and BD_ADDR).masterslaveclockBD_ADDR

Download ppt "“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with."

Similar presentations

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
GSM Security Threats and Countermeasures Saravanan Bala Tanvir Ahmed Samuel Solomon Travis Atkison.

GSM Security Threats and Countermeasures Saravanan Bala Tanvir Ahmed Samuel Solomon Travis Atkison.
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
BLUETOOTH TM :A new radio interface providing ubiquitous connectivity Jaap C.Haartsen Ericssion Radio System B.V. 2000 IEEE.

BLUETOOTH TM :A new radio interface providing ubiquitous connectivity Jaap C.Haartsen Ericssion Radio System B.V IEEE.
A Preliminary Investigation of Worm Infections in a Bluetooth Environment PAPER REVIEW ANISH DUTTA- 50133679 RAGAVENDRAN SRINIVASAN-50134639 SABAREESWAR.

A Preliminary Investigation of Worm Infections in a Bluetooth Environment PAPER REVIEW ANISH DUTTA RAGAVENDRAN SRINIVASAN SABAREESWAR.
BLUETOOTH. INTRODUCTION A look around at the moment! Keyboard connected to the computer, as well as a printer, mouse, monitor and so on. What (literally)

BLUETOOTH. INTRODUCTION A look around at the moment! Keyboard connected to the computer, as well as a printer, mouse, monitor and so on. What (literally)
1 Introduction to Bluetooth v1.1 (Part I) Overview Radio Specification Baseband Specification LMP L2CAP.

1 Introduction to Bluetooth v1.1 (Part I) Overview Radio Specification Baseband Specification LMP L2CAP.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
Bluetooth Technology. What is Bluetooth? Bluetooth is a short- range communications technology that allows devices to communicate with each other without.

Bluetooth Technology. What is Bluetooth? Bluetooth is a short- range communications technology that allows devices to communicate with each other without.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
CPET 260 Bluetooth. What is Bluetooth? Not IEEE802.11 (Wi-Fi) or HomeRF Originally designed to replace wires Short-range, lower-power wireless technology.

CPET 260 Bluetooth. What is Bluetooth? Not IEEE (Wi-Fi) or HomeRF Originally designed to replace wires Short-range, lower-power wireless technology.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:
Security Weaknesses in Bluetooth by Markus Jakobsson and Susanne Wetzel Lucent Technologies – Bell Labs presented by Boris Kurktchiev.

Security Weaknesses in Bluetooth by Markus Jakobsson and Susanne Wetzel Lucent Technologies – Bell Labs presented by Boris Kurktchiev.
Bluetooth Security How security is implemented for services running on Bluetooth devices, and future security issues for this technology By Scott Anson.

Bluetooth Security How security is implemented for services running on Bluetooth devices, and future security issues for this technology By Scott Anson.

Similar presentations

Ads by Google