Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.

Slides:



Advertisements
Similar presentations
GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.
Advertisements

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Wired Equivalent Privacy (WEP)
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:
IEEE Wireless Local Area Networks (WLAN’s).
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
Security Weaknesses in Bluetooth by Markus Jakobsson and Susanne Wetzel Lucent Technologies – Bell Labs presented by Boris Kurktchiev.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part II.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
BLUETOOTH The Universal Radio Interface for ad hoc, Wireless Connectivity By Jeffrey Adams.
802.11b Vulnerabilities, Ad-Hoc Mode, RF Jamming and Receiver Design Ritesh H Shukla Graduate Student ECE Dept Under the Guidance of Prof. William R Michalson.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
1/17 Bluetooth Security Ain Shams University Faculty of Engineering Integrated Circuits Lab Presented by: Mohammed Abdelsattar Ismail Sameh Talal Magd-El-Din.
Bluetooth Jennifer Portillo Thomas Razo Samson Vuong By Sonny Leung.
WLAN What is WLAN? Physical vs. Wireless LAN
How secure is Darren Adams, Kyle Coble, and Lakshmi Kasoji.
1 Chapter Overview Wireless Technologies Wireless Security.
Wireless Network Security By Patrick Yount and CIS 4360 Fall 2009 CIS 4360 Fall 2009.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
ECE 424 Embedded Systems Design Networking Connectivity Chapter 12 Ning Weng.
“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.
Bluetooth By Andrew Breen and Chris Backo. Presentation Overview Bluetooth overview Bluetooth vs. WiFi ProductsInstallationDemonstration Security Issues.
KAIS T In-Vehicle Secure Wireless Personal Area Network (SWPAN) Reference: S. M. Mahmud and Shobhit Shanker, “In-Vehicle Secure Wireless Personal Area.
University of Virginia 1 Gregory LammGerlando Falauto Jorge EstradaJag Gadiyaram November 29, 2000 Identifying and Assessing Security Issues related to.
An Analysis of Bluetooth Security
IWD2243 Wireless & Mobile Security Chapter 4 : Security in Wireless Ad Hoc Network Prepared by : Zuraidy Adnan, FITM UNISEL1.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Guided by: Jenela Prajapati Presented by: (08bec039) Nikhlesh khatra.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
WEP Protocol Weaknesses and Vulnerabilities
Network Security David Lazăr.
TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.
Lecture 2: Introduction to Cryptography
발표자 : 현근수 Bluetooth. Overview wireless protocol short-range communications technology single digital wireless protocol connecting multiple devices mobile.
Team Topic Presentation Team 6 BLUETOOTH What is Bluetooth? Cable Replacement Automatic Connectivity Hidden Computing Few Examples: 1.Automatic Door.
An Analysis of Bluetooth Security Team A: Padmaja Sriraman Padmapriya Gudipati Sreenivasulu Lekkala.
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Focus On Bluetooth Security Presented by Kanij Fatema Sharme.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
IWD2243 Wireless & Mobile Security Chapter 1 : Wireless Fundamentals Prepared by : Zuraidy Adnan, FITM UNISEL1.
Wireless security Wi–Fi (802.11) Security
Dependability in Wireless Networks By Mohammed Al-Ghamdi.
SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
Abdul Rahman Al-Refai Zavnura Pingkan. Introduction Bluetooth is a wireless technology for short range data and/ or voice communication The communication.
Bluetooth Technology. History The name ‘Bluetooth’ was named after 10th century Viking king in Denmark Harald Bluetooth who united and controlled Denmark.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Respected Ma’am & Dear friends
Presented by Khaled Al Otaishan
Zahra Ahmadian Recursive Linear and Differential Cryptanalysis of Ultra-lightweight Authentication Protocols Zahra Ahmadian
Technology, Issues, and Solutions by David Clark
“I don’t have to be careful, I’ve got a gun.”
BLUETOOTH AND ITS APPLICATION IN MOBILE PHONES
Bluetooth.
WLAN Security Antti Miettinen.
Wireless LAN (WLAN) Wireless Ethernet Bluetooth.
Antti Miettinen (modified by JJ)
Presentation transcript:

Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003

Outline of the talk 1. Introduction 2. Protocols in Bluetooth 3. Security problems 4. Recommendations / solutions 5. Conclusion

Outline of the talk 1. Introduction 2. Protocols in Bluetooth 3. Security problems 4. Recommendations / solutions 5. Conclusion

Personal Area Network (PAN) Small number of mobile devices Heterogeneous Ad-hoc network Wireless (WPAN) Small range

Personal Area Network (PAN)

Constraints Limited battery power Computational power Small amount of memory Small range Ad-hoc network Not always I/O-interface

Different technologies Infrared (IrDA) Radio propagation (Bluetooth) Human body (Body Area Networks) …

Different technologies Infrared (IrDA) Radio propagation (Bluetooth) Human body (Body Area Networks) …

Bluetooth 1998: Bluetooth SIG IEEE Range < 10m 2.4 GHz ISM band Spread spectrum & frequency hopping 1 Mbit/s Piconets: 1 master and up to 7 slaves

Outline of the talk 1. Introduction 2. Protocols in Bluetooth 3. Security problems 4. Recommendations / solutions 5. Conclusion

My colour convention XXX = public value XXX = secret value XXX = sent in clear XXX = sent encrypted

Protocols in Bluetooth 1. Generation of unit key 2. Generation of initialization key 3. Generation of link key 4. Mutual authentication 5. Generation of encryption key 6. Generation of key stream 7. Encryption of data

1. Generation unit key E21 RAND A ADDR A KAKA

2. Generation initialization key E22 PIN IN_RAND PIN LL IN_RAND K init

3. Generation link key (1) K init K A = K link K K init K A = K link

3. Generation link key (2) K AB = K link LK_RAND A LK_RAND B E21 ADDR A ADDR B LK_RAND A LK_RAND B K AB = K link ADDR B ADDR A LK_RAND B LK A LK B

4. Mutual authentication ADDR B E1 ADDR B AU_RAND K link AU_RAND SRES AU_RAND K link ADDR B SRES ACO

5. Generation encryption key EN_RAND E3 EN_RAND K link ACO KCKC KCKC

6. Generation key stream E0 ADDR A clock MASTER KCKC K CIPHER ADDR A clock MASTER KCKC

7. Encryption of data K CIPHER DATA

Outline of the talk 1. Introduction 2. Protocols in Bluetooth 3. Security problems 4. Recommendations / solutions 5. Conclusion

Most important security weaknesses Problems with E0 Unit key PIN Problems with E1 Location privacy Denial of service attacks

Problems with E0 Output (K CIPHER ) = combination of 4 LFSRs Key (K C ) = 128 bits Best attack: guess some registers -> 2 66 (memory and complexity)

Unit key K A = K link AB

Unit key K A = K link A C B K A = K’ link

PIN Some devices use a fixed PIN (default=0000) Security keys = security PIN !!!! Possible to check guesses of PIN (SRES) -> brute force attack Weak PINs (1234, 5555, …)

Problems with E1 E1 = SAFER+ Some security weaknesses (although not applicable to Bluetooth) slow

Location privacy Devices can be in discoverable mode Every device has fixed hardware adress Adresses are sent in clear -> possible to track devices (and users)

Denial of service attacks Radio jamming attacks Buffer overflow attacks Blocking of other devices Battery exhaustion (e.g., sleep deprivation torture attack)

Other weaknesses No integrity checks No prevention of replay attacks Man in the middle attacks Sometimes: default = no security …

Outline of the talk 1. Introduction 2. Protocols in Bluetooth 3. Security problems 4. Recommendations / solutions 5. Conclusion

Recommendations Never use unit keys!!!! Use long and sufficiently random PINs Always make sure security is turned on …

Interesting solutions Replace E0 and E1 with AES Use MACs to protect integrity Pseudonyms Identity based cryptography Elliptic curves Use MANA protocols instead of PIN Use network layer security services (IPSEC) to provide end-to-end security

Outline of the talk 1. Introduction 2. Protocols in Bluetooth 3. Security problems 4. Recommendations / solutions 5. Conclusion

Conclusion Bluetooth has quite a lot of security weaknesses! Need for secure lightweight protocols More research needed!!

Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.