Focus On Bluetooth Security Presented by Kanij Fatema Sharme
What Is Bluetooth? ☼ Bluetooth is an open standard for short-range digital radio to interconnect a variety of devices Cell phones, PDA, notebook computers, modems, cordless phones, pagers, laptop computers, printers, cameras by developing a single-chip, low-cost, radio-based wireless network technology
Bluetooth Bluetooth is a PAN Technology –Offers fast and reliable transmission for both voice and data –Can support either one asynchronous data channel with up to three simultaneous synchronous speech channels or one channel that transfers asynchronous data and synchronous speech simultaneously –Support both packet-switching and circuit- switching
Security of Bluetooth Security in Bluetooth is provided on the radio paths only –Link authentication and encryption may be provided –True end-to-end security relies on higher layer security solutions on top of Bluetooth Bluetooth provides three security services –Authentication – identity verification of communicating devices –Confidentiality – against information compromise –Authorization – access right of resources/services
Security Modes (Authentication ) Exchange Business Cards –Needs a secret key A security manager controls access to services and to devices –Security mode 2 does not provide any security until a channel has been established Key Generation from PIN –PIN: 1-16 bytes. PINs are fixed and may be permanently stored. Many users use the four digit 0000
Creation of a link key Authentication Challenge-Response Based –Claimant: intends to prove its identity, to be verified –Verifier: validating the identity of another device –Use challenge-response to verify whether the claimant knows the secret (link key) or not. If fail, the claimant must wait for an interval to try a new attempt. –The waiting time is increased exponentially to defend the “try-and-error” authentication attack –Mutual authentication is supported Challenge (128-bit) Response (32-bit) 48-bit device address
Bluetooth Security Architecture Step 1: User input (initialization or pairing) –Two devices need a common pin (1-16 bytes) Step 2: Authentication key (128-bit link key) generation –Possibly permanent, generated based on the PIN, device address, random numbers, etc. Step 3: Encryption key (128 bits, store temporarily) Step 4: key stream generation for xor-ing the payload
Hacker Tools Bluesnarfing: is the theft of information from a wireless device through a Bluetooth connection. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and and text messages -- without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled.
Most important security weaknesses Problems with E0 PIN Problems with E1 Location privacy Denial of service attacks
Location privacy Devices can be in discoverable mode Every device has fixed hardware address Addresses are sent in clear – possible to track devices (and users)
Denial of service attacks Radio jamming attacks Buffer overflow attacks Blocking of other devices Battery exhaustion (e.g., sleep deprivation torture attack)
Other weaknesses No integrity checks No prevention of replay attacks Man in the middle attacks Sometimes: default = no security
Advantages (+) Wireless (No Cables) No Setup Needed Low Power Consumption (1 Milliwat) Industry Wide Support
Disadvantages (-) Short range (10 meters) Small throughput rates - Data Rate 1.0 Mbps Mostly for personal use (PANs) Fairly Expensive
The End Thank You, for attending my presentation.