1. Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10: Bluetooth Security Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu

2. Kemal AkkayaWireless & Network Security 2 Bluetooth Overview  A standard and communications protocol primarily designed for low power consumption, with a short range (1-50 meters) based on low-cost microchips in each device.  Essentially it is a mini wireless network between communicating nodes called Piconet.  Piconet allows one master device to interconnect with up to seven active slave devices  Operate on same channel  Follow same frequency hopping sequence  Series of piconets  Scatter-nets  There are two modes of operation:  Discoverable – nodes respond to queries made by unknown devices and begin negotiations  Non-discoverable – nodes only respond to devices that it has communicated with previously

3. Kemal AkkayaWireless & Network Security 3 Bluetooth

4. Kemal AkkayaWireless & Network Security 4 Security  Cryptography in Bluetooth is based on the SAFER+ algorithm.  It defines 4 different cryptography functions E1, E21, E22, E3.  When communication is initiated between nodes, which just discovered each other:  they begin by negotiating a link key which is later used for purposes of encryption.  How does it work?  Generation of unit key  Generation of initialization key  Generation of link key  Mutual authentication  Generation of encryption key  Generation of key stream  Encryption of data  Link Key  handles all transactions between two or more parties  Encryption Key  generated from current link key

5. Kemal AkkayaWireless & Network Security 5 1. Generation of unit key E21 RAND A ADDR A KAKA  XXX = public value  XXX = secret value  XXX = sent in clear  XXX = sent encrypted

6. Kemal AkkayaWireless & Network Security 6 2. Generation of initialization key E22 PIN IN_RAND PIN Length IN_RAND K init Length

7. Kemal AkkayaWireless & Network Security 7 3. Generation of link key (1)‏ K init K A = K link K K init K A = K link

8. Kemal AkkayaWireless & Network Security 8 3. Generation link key (2)‏ K AB = K link LK_RAND A LK_RAND B E21 ADDR A ADDR B LK_RAND A LK_RAND B K AB = K link ADDR B ADDR A LK_RAND B LK A LK B

9. Kemal AkkayaWireless & Network Security 9 4. Mutual authentication ADDR B E1 ADDR B AU_RAND K link AU_RAND SRES AU_RAND K link ADDR B SRES ACO

10. Kemal AkkayaWireless & Network Security 10 5. Generation of encryption key EN_RAND E3 EN_RAND K link ACO KCKC KCKC

11. Kemal AkkayaWireless & Network Security 11 6. Generation of key stream E0 ADDR A clock MASTER KCKC K CIPHER ADDR A clock MASTER KCKC

12. Kemal AkkayaWireless & Network Security 12 7. Encryption of data K CIPHER DATA

13. Kemal AkkayaWireless & Network Security 13 Threats  A lot of data is transmitted in clear  If an attacker can obtain an initialisation key he/she is able to compute the link key and thus mount Man-in- The Middle attacks.  Sniffing can be done as well to an extent.  Devices that are being sniffed need to be in discoverable mode.  With proper equipment distribution an attacker is able to pin point the location of a node.  If an attacker is able to guess a correct PIN and initialisation key pair then he is able to perform a MitM attack on the network.  Bluebugging  Car Whisperer