“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.

Slides:

Advertisements

Similar presentations

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Advertisements

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

GSM Security Threats and Countermeasures Saravanan Bala Tanvir Ahmed Samuel Solomon Travis Atkison.

1 Security in Wireless Protocols Bluetooth, , ZigBee.

BLUETOOTH TM :A new radio interface providing ubiquitous connectivity Jaap C.Haartsen Ericssion Radio System B.V IEEE.

A Preliminary Investigation of Worm Infections in a Bluetooth Environment PAPER REVIEW ANISH DUTTA RAGAVENDRAN SRINIVASAN SABAREESWAR.

BLUETOOTH. INTRODUCTION A look around at the moment! Keyboard connected to the computer, as well as a printer, mouse, monitor and so on. What (literally)

1 Introduction to Bluetooth v1.1 (Part I) Overview Radio Specification Baseband Specification LMP L2CAP.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Bluetooth Technology. What is Bluetooth? Bluetooth is a short- range communications technology that allows devices to communicate with each other without.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wired Equivalent Privacy (WEP)

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

CPET 260 Bluetooth. What is Bluetooth? Not IEEE (Wi-Fi) or HomeRF Originally designed to replace wires Short-range, lower-power wireless technology.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:

Security Weaknesses in Bluetooth by Markus Jakobsson and Susanne Wetzel Lucent Technologies – Bell Labs presented by Boris Kurktchiev.

Bluetooth Security How security is implemented for services running on Bluetooth devices, and future security issues for this technology By Scott Anson.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part II.

What is Bluetooth? Bluetooth technology is a peripheral that connects to a variety of products in order to provide wireless connections.

BLUETOOTH The Universal Radio Interface for ad hoc, Wireless Connectivity By Jeffrey Adams.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Bluetooth Jennifer Portillo Thomas Razo Samson Vuong By Sonny Leung.

How secure is Darren Adams, Kyle Coble, and Lakshmi Kasoji.

A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless and Security CSCI 5857: Encoding and Encryption.

ECE 424 Embedded Systems Design Networking Connectivity Chapter 12 Ning Weng.

CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.

Bluetooth By Andrew Breen and Chris Backo. Presentation Overview Bluetooth overview Bluetooth vs. WiFi ProductsInstallationDemonstration Security Issues.

Bluetooth Background Ericsson, IBM, Intel, Nokia, and Toshiba

KAIS T In-Vehicle Secure Wireless Personal Area Network (SWPAN) Reference: S. M. Mahmud and Shobhit Shanker, “In-Vehicle Secure Wireless Personal Area.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

University of Virginia 1 Gregory LammGerlando Falauto Jorge EstradaJag Gadiyaram November 29, 2000 Identifying and Assessing Security Issues related to.

Distributed Topology Construction of Bluetooth Personal Area Networks Theodoros Salonidis, Pravin Bhagwat, Leandros Tassiulas and Richard LaMaire.

An Analysis of Bluetooth Security

Bluetooth Address or Name Sharing By Joseph Charboneau.

A Bluetooth Scatternet-Route Structure for Multihop Ad Hoc Networks Yong Liu, Myung J. Lee, and Tarek N. Saadawi 2003 IEEE Journal on Selected Areas in.

WEP Protocol Weaknesses and Vulnerabilities

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

BLUETOOTH Created By: Ajay Bahoriya. Agenda Introduction to Bluetooth Bluetooth Basics Mode of operation Technology Security Advantages Integrating BT.

발표자 : 현근수 Bluetooth. Overview wireless protocol short-range communications technology single digital wireless protocol connecting multiple devices mobile.

Topic 5: Basic Security.

BLUETOOTH WIRELESS TECHNOLOGY

An Analysis of Bluetooth Security Team A: Padmaja Sriraman Padmapriya Gudipati Sreenivasulu Lekkala.

Focus On Bluetooth Security Presented by Kanij Fatema Sharme.

1 Wireless Threats 1 – Cracking WEP Cracking WEP in Chapter 5 of Wireless Maximum Security by Peikari, C. and Fogie, S.

Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.

Dependability in Wireless Networks By Mohammed Al-Ghamdi.

Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.

Wireless Network Security CSIS 5857: Encoding and Encryption.

Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.

Key Management and Distribution Anand Seetharam CST 312.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Cryptography CSS 329 Lecture 13:SSL.

Whatsapp Security Ahmad Hijazi Systèmes de Télécommunications & Réseaux Informatiques (STRI) 20 April 2016.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

Bluetooth for Ad-Hoc Networking

Channel Control Interim substates for adding new slaves

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

“I don’t have to be careful, I’ve got a gun.”

Security in Wide Area Networks

Presentation transcript:

“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with increased possibilities, it also provide criminals with powerful weapon. This is true for a recently proposed standard for local wireless communication ---- Bluetooth. presented by: Shuping Cao

Outline A brief overview of three vulnerabilities in Bluetooth1.0B Introduction of Some bluetooth specifications and relevant attacks Counter-measures to these attacks Conclusion

An overview of vulnerabilities Three vulnerabilities in the Bluetooth 1.0 version: The first vulnerability opens up the system so that attackers can determine the key exchanged by two victim devices, this make eavesdropping and impersonation possible. The second vulnerability makes location attacks possible. Geographic location of victim devices can be known to the attacker. The third vulnerability concerns the cipher and the use of cipher, while attacks on the use of cipher is serious.

Key Management Specification and Related Attacks(1) Several keys are used to ensure secure transmission of data: Initialization key: Used to protect the exchange of link key, so establishing this key is the basis of link key generation. Computed as a function of a shared PIN, the BD_ADDR and the random number which is chosen by this device. Unit Key: Derived at the installation of bluetooth device. Link Key: Generated by both devices who want more secure communication The information transmitted during link key generation is encrypted by initialization key.

Key Management Specification and Related Attacks(2) Eavesdropping and Stealing Keys The secure generation of link key rely on the the initialization Key, and initialization key is a function of PIN code, so once attackers got weak PINS by guessing and stealing, the secure communication can’t be ensured. Middle-person Attack IF attacker knows the link key used by two devices, so he can pose one side to initiate contacts with the other side using the new link key. Consequence: Two devices will not see all the messages they send to each other, only those that attacker choose to send, so the attacker can impersonate the two devices to each other.

Specifications relevant to locations attacks Device Mode: discoverable and non-discoverable Attack: Victim device can disclose its identity by responding inquiries from attacker’s devices, then victim’s movements can be known. Addressing: Every device has a unique I.D. called BD_ADDR For each point-to-point, a channel with unique identifier(CAC) is used. CAC is a function of the master’s unique BD_ADDR. Each message sent has this CAC. CAC location Attack: The attackers intercept the network traffic in his proximity, extracting the CAC from message, using this to identify the master device of the piconet, so master device’s whereabouts.

Cipher Use Specification and Related Attacks Attacks(On the use of cipher): Encryption E.q. cipher B-A = data A-B XOR data B-A is used when B transmit data B-A to A., If an attacker eavesdrops on encrypted data -- cipher B- A -- and knows one of plaintext, the other will be derived easily. Cipher Use Specification: Cipher B_A Cipher A_B Data A_B KCKC KCKC Data B_A AB

Counter-Measures Attacks: Middle-person attack Eavesdropping PIN and keys Attacks against Cipher CAC location attack Defending Measures Application layer security Choose sufficiently long PINs( 64 bit) Using large set of keys Do not use plaintexts to encrypt plaintexts Using different and random pseudonyms for each session

Conclusion Three types of attacks (eavesdropping and impersonation, location attacks, attacks against the cipher) are addressed because of the vulnerabilities in the current version of bluetooth specification. Hope the future versions of the standard can be modified to defend against these attacks.

Questions? What keys have the bluetooth standard specified to ensure the secure transmission? How they can be generated? What is a effective way to defend middle- person attack?

Other Attacks Hopping Along Only a limited hoping frequencies bands(79), so a simple device with 79 listeners can be easily built to scan all bands, then attacker can eavesdropping a conversion in a piconet. A combined attack First, attacker can determine the master device’s I.D. and its clock through some methods, from this he can obtain the hopping sequence, then he intercept the traffic on these various bands and obtain large of information. A collection of devices connected via Bluetooth technology in an ad hoc fashion. A piconet starts with two connected devices, such as a portable PC and cellular phone, and may grow to eight connected devices. All Bluetooth devices are peer units and have identical implementations. However, when establishing a piconet, one unit will act as a master and the other(s) as slave(s) for the duration of the piconet connection. All devices have the same physical channel defined by the master device parameters (clock and BD_ADDR).masterslaveclockBD_ADDR