Focus On
Bluetooth Security Presented by
Kanij Fatema Sharme
What Is Bluetooth?☼ Bluetooth is an open standard for short-range digital radio to interconnect a variety of devices Cell phones, PDA, notebook computers, modems, cordless phones, pagers, laptop computers, printers, cameras by developing a single-chip, low-cost, radio-based wireless network technology
Bluetooth
• Bluetooth is a PAN Technology– Offers fast and reliable transmission for
both voice and data– Can support either one asynchronous data
channel with up to three simultaneous synchronous speech channels or one channel that transfers asynchronous data and synchronous speech simultaneously
– Support both packet-switching and circuit-switching
Security of Bluetooth
• Security in Bluetooth is provided on the radio paths only– Link authentication and encryption may be provided– True end-to-end security relies on higher layer security
solutions on top of Bluetooth
• Bluetooth provides three security services– Authentication – identity verification of communicating
devices– Confidentiality – against information compromise– Authorization – access right of resources/services
Security Modes (Authentication )
• Exchange Business Cards– Needs a secret key
• A security manager controls access to services and to devices– Security mode 2 does not provide any security
until a channel has been established
• Key Generation from PIN– PIN: 1-16 bytes. PINs are fixed and may be
permanently stored. Many users use the four digit 0000
Creation of a link key Authentication
• Challenge-Response Based– Claimant: intends to prove its identity, to be verified– Verifier: validating the identity of another device– Use challenge-response to verify whether the claimant
knows the secret (link key) or not . If fail, the claimant must wait for an interval to try a new attempt.
– The waiting time is increased exponentially to defend the “try-and-error” authentication attack
– Mutual authentication is supported• Challenge (128-bit)• Response (32-bit)• 48-bit device address
Bluetooth Security Architecture
• Step 1: User input (initialization or pairing)– Two devices need a common pin (1-16 bytes)
• Step 2: Authentication key (128-bit link key) generation– Possibly permanent, generated based on the PIN, device
address, random numbers, etc.
• Step 3: Encryption key (128 bits, store temporarily)
• Step 4: key stream generation for xor-ing the payload
Hacker Tools
• Bluesnarfing:• is the theft of information from a wireless device through
a Bluetooth connection. • By exploiting a vulnerability in the way Bluetooth is
implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and e-mail and text messages -- without leaving any evidence of the attack.
• Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems.
• Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled.
Most important security weaknesses
• Problems with E0
• PIN
• Problems with E1
• Location privacy
• Denial of service attacks
Location privacy
• Devices can be in discoverable mode
• Every device has fixed hardware address Addresses are sent in clear
– possible to track devices (and users)
Denial of service attacks
• Radio jamming attacks
• Buffer overflow attacks
• Blocking of other devices
• Battery exhaustion (e.g., sleep deprivation torture attack)
Other weaknesses
• No integrity checks
• No prevention of replay attacks
• Man in the middle attacks
• Sometimes: default = no security
Advantages (+)
• Wireless (No Cables)
• No Setup Needed
• Low Power Consumption (1 Milliwat)
• Industry Wide Support
Disadvantages (-)
• Short range (10 meters)
• Small throughput rates
- Data Rate 1.0 Mbps
• Mostly for personal use (PANs)
• Fairly Expensive
The End
• Thank You, for attending my presentation.