An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni
Introduction Bluetooth It is an open wireless protocol for exchanging data over short distances from fixed and mobile devices, creating personal area network. Act as a reliable source of transmission for voice and data
Designed to operate in the ISM band Gaussian Frequency Shift Keying is used Data rate of 1Mb/sec can be achieved Features: Low cost, low power and robustness Class Range (meters) Max. Power (mW) 1 100 2 10 2.5 3
Bluetooth Security Authentication: Verifies the identification of the devices that are communicating in the channel. Confidentiality: Protecting the data from the attacker by allowing only authorized users to access the data. Authorization: Only authorized users have control over the resources.
Security features of Bluetooth Security Mode 1: Non-Secure Mode Security Mode 2: Service level enforced security mode Security Mode 3: Link-level enforced security mode Mode 1 – Non-secure mode: There won’t be any authentication or encryption in this mode. Bluetooth device can easily be connected with the other devices. Mode 2 – Service level enforced security mode (Flexible/Policy Based): The management of the access control and interfaces with other protocols and device users is handled by the centralized security manager. Different types of policies and ‘trust’ levels can be defined for the different kind of security needs operating in parallel. Mode 3 – Link level enforced security mode (Fixed): contrast to mode 2, security procedure is initiated before the channel is established. This is a built in security mechanism that offers the authentication (unidirectional or mutual) and encryption based on the secret key shared by the pair of devices. Key is generated by the pairing procedure when two devices communicate with each other.
Link Key Generation Link key is generated at the initialization phase. Two devices bond each other and derive link keys when user enters an identical key to both the devices. It is shown in the figure. At the end of initialization, devices authenticate each other and perform encryption of links. The PIN used in the initialization may have length from 1 byte to 16 bytes where longer code may provide more security.
Authentication First, Claimant transmits its 48 bit address to the verifier. (BD_ADDR) Verifier responses it by sending 128 bit random challenge. (AU_RAND) Now with the help of some algorithm E1, the verifier compute the authentication response using the address, link key and random challenge as input. Claimant performs the same operation. The claimant returns the response, SRES, to the verifier. The verifier compares the own response with the response of the claimant. If both the 32 bit SRES values get equal, then the verifier will continue the connection.
Authentication Summary BD_ADDRB Verifier Claimant AU_RAND SRES Calculates SRES’ Success if match Authentication Process Parameter Length Secrecy parameter Device Address 48 Bits Public Random Challenge Bits Authentication (SRES) Response 32 Bits Link Key 128 Bits Secret
Confidentiality Confidentiality security service protects the eavesdropping attack on air-interface.
Bluetooth Encryption Process Encryption Mode 1: No encryption is needed. Encryption Mode 2: Encrypted using link key keys. Encryption Mode 3: All traffic is encrypted.
Trust levels, service levels and authentication Service level 1: Requires authentication and authorization. Service level 2: Requires only authentication. Service level 3: Open to all bluetooth devices.
Problems with the standard Bluetooth Security Security Issue Remarks Strength of the Random Number Generator (RNG) is unknown. RNG may produce periodic numbers that reduces the strength of authentication mechanism. Short PINs are allowed. Such weak PINs are used to generate link and encryption keys that are easily predictable. Encryption key length is negotiable. More robust initialization key generation procedure should be developed. No user authentication exists. As only device authentication is provided, application security and user authentication can be employed. Stream cipher is weak and key length is negotiable. Robust encryption procedure and minimum key length should be decided and passed as an agreement.
Security Issue Remarks Privacy can be compromised if the BD_ADDR is captured and associated with a particular user. Once the BD_ADDR is associated with a particular user, that user’s activity can be logged. So, loss of privacy can be compromised. Device authentication is simple shared key challenge response. One-way authentication may be subjected to man-in-middle attacks. Mutual authentication is a good idea to provide verification.
Security Threats Denial of service: Makes the device unusable and drains the mobile device battery. Fuzzing attacks: Sending malformed messages to the bluetooth device. Blue jacking: Causes harm when the user sends the data to the other user. Blue snarfing: Uses IMEI identifier to route all the incoming calls.
Man-in-the-middle Step 1: Device A shares a separate unit key with device B (trusted device) and shares some trusted information. Step 2: Device A share a unit key with device C (untrusted device), which is separate from device A and device B. Step 3: The man-in-the-middle that is Device C fakes the secret key to encrypt the messages that are transmitting between Devices A and B. Step 4: Device C traces the whole data that is transmitting between devices A and B.
Future Broadcast Channel: Adoption of Bluetooth in the mobile phones from the Bluetooth information points. Topology Management: Configuration should be invisible and the messages to the users in the scatternet. Quality of Service: Video and audio transmission of data with high quality.
References http://www.bluetooth.com/Bluetooth/Technology/Basics.htm http://en.wikipedia.org/wiki/Bluetooth http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf Software Security Technologies, A programmable approach, By Prof. Richard Sinn. http://www.urel.feec.vutbr.cz/ra2008/archive/ra2006/abstracts/085.pdf http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf