1. BLUETOOTH TECHNOLOGY/SECURITY

2. What’s With the Name?
The name ‘Bluetooth’ was named after 10th century Viking king in Denmark Harald Bluetooth who united and controlled Denmark and Norway.
The name was adopted because Bluetooth wireless technology is expected to unify the telecommunications and computing industries

3. Who Started Bluetooth? Bluetooth Special Interest Group (SIG)
Founded in Spring 1998
By Ericsson, Intel, IBM, Nokia, Toshiba;
Now more than 2000 organizations joint the SIG

4. What Is Bluetooth?
☼ Bluetooth is an open standard for short-range digital radio to interconnect a variety of devices Cell phones, PDA, notebook computers, modems, cordless phones, pagers, laptop computers, printers, cameras by developing a single-chip, low-cost, radio-based wireless network technology

5. Bluetooth Simplifying communications between:
- devices and the internet
- data synchronization
Operates in licensed exempt ISM band at 2.4ghz
Uses frequency hoping spread spectrum
Omni directional, no requiring line of sight
Bluetooth offers data speeds of up to 1 Mbps up to 10 meters (Short range wireless radio technology )
Unlike IrDA, Bluetooth supports a LAN-like mode where multiple devices can interact with each other.
The key limitations of Bluetooth are security and interference with wireless LANs.
Short range wireless radio technology

6. Bluetooth Bluetooth is a PAN Technology
Offers fast and reliable transmission for both voice and data
Can support either one asynchronous data channel with up to three simultaneous synchronous speech channels or one channel that transfers asynchronous data and synchronous speech simultaneously
Support both packet-switching and circuit-switching

7. Bluetooth
Personal Area Network (PAN) Bluetooth is a standard that will …
Eliminate wires and cables between both stationary and mobile devices
Facilitate both data and voice communications
Offer the possibility of ad hoc networks and deliver synchronicity between personal devices

8. Bluetooth Topology
Bluetooth-enabled devices can automatically locate each other
Topology is established on a temporary and random basis
Up to eight Bluetooth devices may be networked together in a master-slave relationship to form a Piconet

9. Cont. One is master, which controls and setup the network
All devices operate on the same channel and follow the same frequency hopping sequence
Two or more piconet interconnected to form a scatter net
Only one master for each piconet
A device can’t be masters for two piconets
The slave of one piconet can be the master of another piconet

10. Ad-hoc
is a network connection method which is most often associated with wireless devices.
The connection is established for the duration of one session and requires no base station.
Instead, devices discover others within range to form a network for those computers.
Devices may search for target nodes that are out of range by flooding the network with broadcasts that are forwarded by each node.
Connections are possible over multiple nodes (multihop ad hoc network).
Routing protocols then provide stable connections even if nodes are moving around

11. A piconet
is an ad-hoc computer network of devices using Bluetooth technology protocols to allow one master device to interconnect with up to seven active slave devices
Up to 255 further slave devices can be inactive, or parked, which the master device can bring into active status at any time.

12. A Typical Bluetooth Network Piconet
Master sends its globally unique 48-bit id and clock
Hopping pattern is determined by the 48-bit device ID
Phase is determined by the master’s clock
Why at most 7 slaves?
(because a three-bit MAC adress is used).
Parked and standby nodes
Parked devices can not actively participate in the piconet but are known to the network and can be reactivated within some milliseconds
8-bit for parked nodes
No id for standby nodes
Standby nodes do not participate in the piconet

14. Security Protocol There are five phases of Simple Pairing:
· Phase 1: Public key exchange
· Phase 2: Authentication Stage 1
· Phase 3: Authentication Stage 2
· Phase 4: Link key calculation
· Phase 5: LMP Authentication and Encryption
Phases 1, 3, 4 and 5 are the same for all protocols whereas phase 2 (Authentication Stage 1) is different depending on
the protocol used. Distributed through these five phases are 13 steps.

16. Communicates on the 2.45 GHz frequency
Bluetooth Frequency
Has been set aside by the ISM( industrial ,sientific and medical ) for exclusive use of Bluetooth wireless products
Communicates on the 2.45 GHz frequency

17. Frequency Selection
FH is used for interference mitigation and media access;
TDD (Test-Driven Development) is used for separation of the transmission directions In 3-slot or 5-slot packets

18. FH-CDMA (Frequency Hopping - Code Division Multiple Access)
Frequency hopping (FH) is one of two basic modulation techniques used in spread spectrum signal transmission.
It is the repeated switching of frequencies during radio transmission, often to minimize the effectiveness of the unauthorized interception or jamming of telecommunications.
It also is known as frequency- hopping code division multiple access (FH-CDMA).
Bluetooth uses a technique called spread-spectrum frequency hopping.

19. Avoiding Interference : Hopping
In this technique, a device will use 79 individual, randomly chosen frequencies within a designated range
Transmitters change frequency 1600 times a second

20. Cont. Each channel is divided into time slots 625 microseconds long
Packets can be up to five time slots wide
Data in a packet can be up to 2,745 bits in length

21. Cont. More piconets within a scatter net degrades performance
FH-CDMA to separate piconets within a scatternet
More piconets within a scatter net degrades performance
Possible collision because hopping patterns are not coordinated
At any instant of time, a device can participate only in one piconet
If the device participates as a slave, it just synchronize with the master’s hop sequence

22. Cont.
The master for a piconet can join another piconet as a slave; in this case, all communication within in the former piconet will be suspended .
When leaving a piconet, a slave notifies the master about its absence for certain amount of time.
Communication between different piconets takes place by devices jumping back and forth between these nets

24. Simplified Bluetooth stack

25. Bluetooth Profile Structure

26. The information is then transmitted to your device
How Does It Work?
Bluetooth is a standard for tiny, radio frequency chips that can be plugged into your devices
These chips were designed to take all of the information that your wires normally send, and transmit it at a special frequency to something called a receiver Bluetooth chip.
The information is then transmitted to your device

27. Bluetooth Chip RF
Baseband
Controller
Link
Manager
Bluetooth Chip

28. Bluetooth specifications are divided into two:
Core Specifications This bluetooth specification contains the Bluetooth Radio Specification as well as the Baseband, Link Manager, L2CAP, Service Discovery, RFCOMM and other specifications.

29. SPECIFICATIONS Application Specifications
These specifications include the following
Profiles Cordless Telephony
Serial Port
Headset
Intercom
Dialup Networking
Fax
File Transfer
Service Discovery Application
Generic Access

30. RADIO POWER CLASSES
The Bluetooth specification allows for three different types of radio powers:
Class 1 = 100mW
Class2 = 2.5mW
Class 3 = 1mW
These power classes allow Bluetooth devices to connect at different ranges
High power radius have longer ranges. The maximum range for a Class 1, 100mW is about 100 meters. There is also a minimum range for a Bluetooth connection. The minimum range is around 10cm.

31. Power Management Benefits
Cable Replacement
Replace the cables for peripheral devices
Ease of file sharing
Panel discussion, conference, etc.
Wireless synchronization
Synchronize personal information contained in the address books and date books between different devices such as PDAs, cell phones, etc.
Bridging of networks
Cell phone connects to the network through dial-up connection while connecting to a laptop with Bluetooth.

32. Bluetooth Devices Bluetooth will soon be enabled in everything from:
Telephones
Headsets
Computers
Cameras
PDAs
Cars
Etc …

33. Bluetooth Products 1
Bluetooth-enabled PC Card

34. Bluetooth Products 2
Bluetooth-enabled PDA

35. Bluetooth Products 3
Bluetooth-enabled Cell Phone

36. Bluetooth Products 4
Bluetooth-enabled Head Set

37. Usage Models Cordless computer Ultimate headset Three-in-one phone
Interactive conference (file transfer)
Direct network access
Instant postcard

39. Wireless Technologies
There are two technologies that have been developed as wireless cable replacements: Infrared (IRDA) and radio (Bluetooth).

40. Why Not Infrared? Intended for point to point links
Limited to line of sight
have a narrow angle (30 degree cone),
Low penetration power
Distance covered is low(1 meter approx)
have a throughput of 9600 bps to 4 Mbps
IrDA has proven to be a popular technology with compliant ports currently available in an array of devices including: embedded devices, phones, modems, computers (PCs) and laptops, PDAs, printers, and other computer peripherals

41. Compare Infrared, Bluetooth
Connection Type
Spread Spectrum
Infrared, narrow beam
Spectrum
2.4GHz
Optical 850 nano meters
Data Rate
1Mbps
16Mbps
Range
30 Feet
3 Feet
Supported Devices
Upto 8 2

42. Cont….. Voice Channels 3 1 Data Security 8-128bit Key
No special security
Addressing
48 bit MAC
32 bit ID

43. Our Focus
Bluetooth security

44. Security of Bluetooth
Security in Bluetooth is provided on the radio paths only
Link authentication and encryption may be provided
True end-to-end security relies on higher layer security solutions on top of Bluetooth
Bluetooth provides three security services
Authentication – identity verification of communicating devices
Confidentiality – against information compromise
Authorization – access right of resources/services
Fast FH together with link radio link power control provide protection from eavesdropping and malicious access
Fast FH makes it harder to lock the frequency
Power control forces the adversary to be in relatively close proximity

45. Security Modes (Authentication )
Exchange Business Cards
Needs a secret key
A security manager controls access to services and to devices
Security mode 2 does not provide any security until a channel has been established
Key Generation from PIN
PIN: 1-16 bytes. PINs are fixed and may be permanently stored. Many users use the four digit 0000

46. Bluetooth Key Generation From PIN
Bluetooth Initialization Procedure (Pairing)
Creation of an initialization key (ki)
Creation of a link key Authentication (ka)

47. Creation of an Initialization Key
PIN and its length (ki)

48. Creation of a link key Authentication
Challenge-Response Based
Claimant: intends to prove its identity, to be verified
Verifier: validating the identity of another device
Use challenge-response to verify whether the claimant knows the secret (link key) or not . If fail, the claimant must wait for an interval to try a new attempt.
The waiting time is increased exponentially to defend the “try-and-error” authentication attack
Mutual authentication is supported
Challenge (128-bit)
Response (32-bit)
48-bit device address

49. Confidentiality
ACO (Authenticated Cipher Offset) is 96-bit, generated during the authentication procedure
ACO and the link key are never transmitted
Encryption key Kc is generated from the current link key
Kc is 8-bit to 128-bit, negotiable between the master and the slave Master suggests a key size Set the “minimum acceptable” key size parameter to prevent a malicious user from driving the key size down to the minimum of 8 bits
The key stream is different for different packet since slot number is different

50. Three Encryption Modes for Confidentiality
Encryption Mode 1: -- No encryption is performed on any traffic
Encryption Mode 2: -- Broadcast traffic goes unprotected
while uni cast traffic is protected by the unique key
Encryption Mode 3: -- All traffic is encrypted

51. Trust Levels, Service Levels (authorization )
Two trust levels: trusted and untrusted
Trusted devices have full access right
Untrusted devices have restricted service access

52. Bluetooth Security Architecture
Step 1: User input (initialization or pairing)
Two devices need a common pin (1-16 bytes)
Step 2: Authentication key (128-bit link key) generation
Possibly permanent, generated based on the PIN, device address, random numbers, etc.
Step 3: Encryption key (128 bits, store temporarily)
Step 4: key stream generation for xor-ing the payload

53. Security cont.
The security of the whole system relies on the PIN which may be too short
Users intend to use 4-digit short PINs, or even a null PIN
Utilized new cryptographic primitives, which have not gone through enough security analysis. (E0,E1,E20,E22) algorithms

54. E0 algorithm The E0 algorithm is designed specifically for Bluetooth
E0 has gone many security analysis. When used in Bluetooth mode, the security of E0 is decreased from 128-bit to 84-bit;
when used outside of a Bluetooth system, its effective security is only 39-bit
A Bluetooth device resets the E0 key after every 240 output bits, severely limiting the amount of known key stream that may be available to the cryptanalyst.

55. Short Key Attacks
we focus on .short key. attacks, that still manage to recover the key despite this limitation.
attacker can guess the content of the registers of the three smaller LFSRs and of the E0 combiner state registers with a probability of 2 to power 93.
This attack requires a total of 128 bits of known plaintext and ciphertext. The reverse engineering and verication takes approximately 27 operations. Making the total complexity of the attack 2to power100.

56. Long Key Attacks
an attack that recovers the session key in a similar way to what showed, only that assuming much more keystream is available
within a packet and therefore the overall complexity was closer to O(2 to power 93).

57. Attackers grow since information is more attractive
Short range was a countermeasure to force the attackers to be in close proximity;
now range extenders can be easily built
Attackers grow since information is more attractive
People use Bluetooth not only for personal information, but also for corporate information

58. Hacker Tools Bluesnarfing:
is the theft of information from a wireless device through a Bluetooth connection.
By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and and text messages -- without leaving any evidence of the attack.
Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems.
Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled.

59. Hacker Tools Bluejacking
is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field It is widely believed that the term bluejacking comes from Bluetooth and hijacking.
However, a bluejacker doesn't hijack anything: he or she merely uses a feature on the sender and the recipient's device. Both parties remain in absolute control over their devices, and a bluejacker will not be able to take over your phone or steal your personal information.
Bluejacking is usually technically harmless, but because bluejacked people don't know what is happening, they think their phone is malfunctioning.
Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well.

60. Most important security weaknesses
Problems with E0
PIN
Problems with E1
Location privacy
Denial of service attacks

61. Problems with E0
Given all cryptographic primitives (E0, E1, E21, E22) used in Bluetooth Pairing/Bonding and authentication process the Bluetooth PIN can be cracked ? – Focus on short PIN now.
Output (KC) = combination of 4 LFSRs (Linear Feedback Shift Register)
Key (KC) = 128 bits
Best attack: guess some registers

62. PIN Some devices use a fixed PIN (default=0000)
Security keys = security PIN !!!!
Possible to check guesses of PIN (SRES) -> brut force attack
Weak PINs (1234, 5555, …

63. Problems with E1 E1 = SAFER+
In cryptography, SAFER (Secure And Fast Encryption Routine) is the name of a family of block ciphers The early SAFER K and SAFER SK designs share the same encryption function, but differ in the number of rounds and the key schedule. More recent versions — SAFER+ and SAFER++ —
All of the algorithms in the SAFER family are unpatented and available for unrestricted use.
Some security weaknesses (although not applicable to Bluetooth)
slow

64. Location privacy Devices can be in discoverable mode
Every device has fixed hardware address Addresses are sent in clear
possible to track devices (and users)

65. Denial of service attacks
Radio jamming attacks
Buffer overflow attacks
Blocking of other devices
Battery exhaustion (e.g., sleep deprivation torture attack)

66. Other weaknesses No integrity checks No prevention of replay attacks
Man in the middle attacks
Sometimes: default = no security

67. Advantages (+) Wireless (No Cables) No Setup Needed
Low Power Consumption (1 Milliwat)
Industry Wide Support

68. Disadvantages (-) Short range (10 meters) Small throughput rates
- Data Rate 1.0 Mbps
Mostly for personal use (PANs)
Fairly Expensive

69. Bluetooth’s Future
The future of this technology becoming a standard is likely
With a strong industry pushing behind it, success is inevitable.
Bluetooth will soon be known as Bluetooth 2.2 as they are trying to develop the product to better fulfill the needs of consumers
Often, with new technology, early changes mean reconstruction. Not With Bluetooth, instead, there will be an improvement to the existing standard.

70. The End
Thank You, for attending my presentation.