Presentation is loading. Please wait.

Presentation is loading. Please wait.

“I don’t have to be careful, I’ve got a gun.”

Published byKäthe Bachmeier Modified over 6 years ago

Similar presentations

Presentation on theme: "“I don’t have to be careful, I’ve got a gun.”"— Presentation transcript:

1 “I don’t have to be careful, I’ve got a gun.”
security Bluetooth Lauri Mikkola “I don’t have to be careful, I’ve got a gun.” -Homer Simpson

2 About Bluetooth Developed by a group called Bluetooth Special Interest Group (SIG), formed in may 1998 Founding members were Ericsson, Nokia, Intel, IBM and Toshiba Bluetooth connects different wireless devises, like laptops, mobile phones, PDAs, refrigerators etc. Bluetooth is intended to distances about 10 meters (piconet)

3 Bluetooth details Utilizes the 2.45Ghz ISM-band
Uses fast frequency-hopping spread spectrum (FHSS) technique between 79 frequencies 1600/s Can give bit rates up to 1 Mbps Piconet consist of max 8 nodes Low cost ( ~5€ ) and small size

4 Bluetooth components Radio unit Baseband unit
TDD and FHSS Baseband unit Voice to data conversion, packet segmentation, master/slave communication, identification of parties, control authorization Link Management Protocol (LMP) Set up connections and implement security features like key exchanges and encryption Logical Link Control and Adaptation Protocol (L2CAP) Multiplexing, packer segmentation/reassemly, QoS Service Discovery Protocol (SDP) Queries a Bluetooth devise and checks what services it supports

5 Bluetooth protocol Architecture

6 Bluetooth security features
The Bluetooth specification include security features at the link level Supports authorization, authentication and encryption Based on a secret link key that is shared by a pair of devices Link key generated by a pairing procedure when two devices communicate for the first time

7 Security modes of Bluetooth(1)
No security, for testing only. Allows other Bluetooth devices initiate connections with it, PUSH messages Security mode 2 A device does not initiate security procedures before establishment of the link between the devices at the L2CAP level. Trusted and untrusted devices Security polices can flexible impose different trust levels: authentication, authorisation and encyrption

8 Security modes of Bluetooth (2)
Security at the Baseband level Security manager imposes security policies LMP makes encryption and key exchanges

9 Key Management (1) Link keys
All keys are 128bit random numbers and are either temporary or semi-permanent Unit key KA , unique long-term private key of a device Combination key KAB derived from units A and B. Generated for each pair of devices Master key Kmaster ,used when master device wants to transmit to several devices at once Initialization key Kinit ,used in the initialization process.

10 Key Management (2) Encryption key PIN Code
Derived from the current link key. Each time encryption is needed the encryption key will be automatically changed Separated from authentication key PIN Code Fixed or selected by the user Usually 4 digits, can be 8 to 128 bits Shared secret

11 Establishment of Initialization Key (Pairing)

12 Verification of Initialization Key (Pairing)

13 Establishment of Link Key (1) (Pairing)
Link key of devices A and B = unit key KA of device A

14 Establishment of Link Key (2) (Pairing)
Link key of devices A and B = combination key KAB

15 Authentication and Encryption
Authentication by issuing a challenge to another device The other device replies to challenge with a message based on the challenge, the Device address and the shared link key. The device that issued the challenge verifies the response and authenticates if the response is equals to it’s own calculations. Encryption is based on the 4 LFSR algorithm

16 Bluetooth security weaknesses (1)
Unlike in b WLAN, the security algorithms of Bluetooth are considered strong. However there are some attack possibilities PIN weakness Initial authentication is based on a PIN that can be anywhere between bits. If poorly chosen can be easy to guess Impersonation A hacker can scan the MIN and ESN and pretend to be someone else Stealing the Unit Key Only the device is authenticated, not the user Replay attacks A hacker can record Bluetooth transmissions in all 79 frequencies and then in some way figure out frequency hopping sequence and then replay the whole transmission.

17 Bluetooth security weaknesses (2)
Man in the middle Bluetooth authentication is not based on public key certificates. It is possible to play man in the middle Location attack A Bluetooth device has (globally) a unique identification number, therefore it is possible to identify and locate users position Denial-of-Service attack Jamming the whole ISM band, takes lot of energy Put so many Bluetooth devices that the band is consumed Try to connect, authentication fails, but a legal client will not get through either

18 How to avoid being attacked
Paring is the most critical moment of a attack Paring should be performed in a most secure place Long PIN numbers are strongly encouraged Avoid using unit keys. Use combination keys To check default settings of device Chose to respond only to inquiries of known devices Do not save PIN permanently in memory

19 For the paranoid MobileCloak Cloaktec Shied (fabric) Nylon Shell
Blocks 10Mhz to 20Ghz signal Nylon Shell Lightweight Only $34 mCloak r5TM for Bluetooth

Download ppt "“I don’t have to be careful, I’ve got a gun.”"

Similar presentations

Bluetooth.

Bluetooth.
BLUETOOTH. INTRODUCTION A look around at the moment! Keyboard connected to the computer, as well as a printer, mouse, monitor and so on. What (literally)

BLUETOOTH. INTRODUCTION A look around at the moment! Keyboard connected to the computer, as well as a printer, mouse, monitor and so on. What (literally)
1 Introduction to Bluetooth v1.1 (Part I) Overview Radio Specification Baseband Specification LMP L2CAP.

1 Introduction to Bluetooth v1.1 (Part I) Overview Radio Specification Baseband Specification LMP L2CAP.
Sattam Al-Sahli – Emad Al-Hemyari –

Sattam Al-Sahli – Emad Al-Hemyari –
Bluetooth Technology. What is Bluetooth? Bluetooth is a short- range communications technology that allows devices to communicate with each other without.

Bluetooth Technology. What is Bluetooth? Bluetooth is a short- range communications technology that allows devices to communicate with each other without.
Mohamed Mokdad Ecole d’Ingénieurs de Bienne

Mohamed Mokdad Ecole d’Ingénieurs de Bienne
Bluetooth Still Waiting for the Tsunami!. Bluetooth History Ericsson initiative Special Industry Group: (Promoters) Ericsson, IBM, Intel, Nokia, and Toshiba.

Bluetooth Still Waiting for the Tsunami!. Bluetooth History Ericsson initiative Special Industry Group: (Promoters) Ericsson, IBM, Intel, Nokia, and Toshiba.
By Abdullah M. Dalloul…20020447. Abdullah M. Dalloul…20020447. Salman Y. Mansour...20020826. Salman Y. Mansour...20020826. Supervisor. Supervisor. Dr.

By Abdullah M. Dalloul… Abdullah M. Dalloul… Salman Y. Mansour Salman Y. Mansour Supervisor. Supervisor. Dr.
CPET 260 Bluetooth. What is Bluetooth? Not IEEE802.11 (Wi-Fi) or HomeRF Originally designed to replace wires Short-range, lower-power wireless technology.

CPET 260 Bluetooth. What is Bluetooth? Not IEEE (Wi-Fi) or HomeRF Originally designed to replace wires Short-range, lower-power wireless technology.
BLUETOOTH.

BLUETOOTH.
A Comparison of Bluetooth and competing technologies

A Comparison of Bluetooth and competing technologies
How secure is Darren Adams, Kyle Coble, and Lakshmi Kasoji.

How secure is Darren Adams, Kyle Coble, and Lakshmi Kasoji.
Bluetooth Introduction The Bluetooth Technology

Bluetooth Introduction The Bluetooth Technology
By: Trevor Parker, Minh-Tri Le. Bluetooth is a wireless technology that is a low-cost, low-power, short-range radio for ad-hoc wireless communication,

By: Trevor Parker, Minh-Tri Le. Bluetooth is a wireless technology that is a low-cost, low-power, short-range radio for ad-hoc wireless communication,
Distributed systems – Part 2  Bluetooth – 2 nd set of slides Anila Mjeda.

Distributed systems – Part 2  Bluetooth – 2 nd set of slides Anila Mjeda.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
Bluetooth & WPAN. 2 Bluetooth/WPAN WPAN (Wireless Personal Area Network) has a smaller area of coverage, say, 2.5 mW transmitter power, distance

Bluetooth & WPAN. 2 Bluetooth/WPAN WPAN (Wireless Personal Area Network) has a smaller area of coverage, say, 2.5 mW transmitter power, distance
“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.

“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.
EE625 Research Presentation By Ryan Dillon September, 2014.

EE625 Research Presentation By Ryan Dillon September, 2014.
By Santosh Sam Koshy. Agenda Need for Bluetooth Brief History of Bluetooth Introduction to Bluetooth Bluetooth System Specifications Commercial Bluetooth.

By Santosh Sam Koshy. Agenda Need for Bluetooth Brief History of Bluetooth Introduction to Bluetooth Bluetooth System Specifications Commercial Bluetooth.

Similar presentations

Ads by Google