1. IWD2243 Wireless & Mobile Security Chapter 4 : Security in Wireless Ad Hoc Network Prepared by : Zuraidy Adnan, FITM UNISEL1

2. 4.1Introduction Prepared by : Zuraidy Adnan, FITM UNISEL2  Ad Hoc – On the fly, as needed basis.  Ad Hoc Wireless Net – Ad Hoc that use wireless medium for communication.  Mobile Ad Hoc Net (MANET) – nodes that forming ad hoc net are mobile.  See figure 19.1 : Examples of ad hoc network, page 446.  Classification for ad-hoc network :-  Geographical coverage – PAN, LAN, WAN  Capable acting as routers  2 limitation, 1. No dedicated routing devices, 2. Net topology change rapidly and unpredictable.

3. 4.1Introduction Prepared by : Zuraidy Adnan, FITM UNISEL3  2 groups of ad-hoc network – 1. Single hop ad-hoc networks and 2. Multihop ad hoc network.  Single hop – Node do not act as routers and therefore communication is possible only between nodes which are within each other RF range. Example, PAN, Bluetooth.  Multihop – node act as router and route the traffic of other nodes. Example, LAN & WAN.

4. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL4  Wireless ad hoc networking technology  Operates in unlicensed 2.4 GHz freq range  Geographical coverage limited to personal area network (PAN)  Point to point & Point to multipoint links  Supports synchronous and asynchronous traffic  Concentrates on single hop network  Freq hopping spread spectrum (FHSS) with Gaussian freq shift keying (GFSK) modulation at physical layer

5. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL5  Low power and low cost given important consideration  Adopted as the IEEE 802.15.1 standard for physical layer (PHY) and media access control (MAC) layers.  Bluetooth basics  See figure 19.2 : Bluetooth networks, page 449  Each piconet has 1 master and up to 7 slaves  Slave communicate with master, if 2 slave want to communicate each other, master should relay the traffic  Piconet = BSS, Master = AP, Slave = Station (STA)  Bluetooth device may participate in more than 1 piconet simultaneously

6. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL6  Bluetooth basics (cont.)  See figure 19.3 : Piconets and scatternets in bluetooth  Scatternets theoretically possible, rare in commercial deployment  Security modes  Define layer 1 & 2 of OSI stack to achieve comm in single hop ad hoc net  To ease interoperability problem, Bluetooth SIG defined application profiles.  Profile defines an unambiguous description of the comm interface between 2 bluetooth devices or one particular service or application

7. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL7  Security modes (cont.)  See figure 19.4 : Profiles in Bluetooth, page 451  Each service / app select appropriate profile depending on its needs – each profiles define different security modes.  Fundamental profile – Generic Access Profile (GAP)  GAP define 3 basic security mode :-  Security mode 1 – unsecured mode in bluetooth.  Security mode 2 – Lies between mode 1 & 2, left the decision to security policy manager.  Security mode 3 – Always on security mode, always initiate authentication procedure.  See Table 19.1 : Security features of Bluetooth connection.

8. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL8  Key Establishment  Most complex part in bluetooth security  Key hierarchy varies depends on whether unicast or broadcast connection  Pass key  See figure 19.5 : Bluetooth key hierarchy, page 454  Basically shared secret between 2 communication devices  Two types :- Variable PKEY, Fixed PKEY  Variable PKEY – PKEY that can be chosen at the time of pairing  “Pairing” – process by which 2 bluetooth devices establish a shared secret that they can used for securing communication.  128 bits  PKEY – shared secret between 2 comm endpoints that ensures the link key is known ONLY to the 2 comm endpoints.

9. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL9  Key Establishment (cont.)  Initialization key  Initialization key (IK or IK init ).  Short lived temporary key that is used (and exist only) during the pairing process when 2 comm devices start comm for the 1 st time.  Derived using E22 algorithm and 3 inputs : PKEY, IN_RAND, Lpkey.  PKEY – Pass key, Lpkey – Length of PKEY in bytes, IN_RAND – 128bit random number generated in devices.  See figure 19.6 : Bluetooth authentication, page 456.  Kinit = E22 (PKEY’,IN_RAND, Lpkey’)

10. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL10  Key Establishment (cont.)  Link Key  Link key (LK) – shared secret established between 2 comm devices when pairing sequence ends.  Two types :- unit key, combination key.  Unit key – deprecated  Combination key = link key – derived from either existing link key, or Kinit.  The end of pairing process in bluetooth should lead to the establishment of a link key which the 2 devices can use for securing their communication  3 sources :- existing link key, use of existing link key to establish new link key, use of Kinit to generate link key.

11. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL11  Key Establishment (cont.)  Encryption key  Link key is used for generating chipering key (CK, or Kc)  Use E3 algorithm  Kc = E3 (K, EN_RAND, COF)  K – link key, EN_RAND – 128bits random number, COF – 96bits chipering offset.  COF = Anthentication chipering offset (ACO), which derived from authentication process.

12. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL12  Key Establishment (cont.)  Constraint key  Constraint key (Kc’), constraint encryption key.  Export restrictions – hardware which is capable of encrypting above certain key strength is not exportable.  Bluetooth put in key strength constraining mechanism that reduces the 128bit Kc to 128bit Kc’ whose effective key length (strength) can be any value less than 128 bits  Kc’(x) = g 2 l (x) {Kc[mod g 2 l (x)]}

13. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL13  Key Establishment (cont.)  Payload key  Payload key (Pk) is actual key that is used to encrypt (decrypt) bluetooth packets.  Pk derived from Kc’ using E0 algorithm  Kp = E0 (Kc’,CK_VAL, BD_ADDR, EN_RAND)  BD_ADDR – 48bits bluetooth add for the device, EN_RAND – 128bits random number, CK_VAL – 26 bits of current clock value.

14. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL14  Key Establishment (cont.)  Broadcast key hierarchy  In braodcast key hierarchy, link key is replaced by the use of a master key (Kmaster).  Derived independently by master without involving any of the slaves  Using E22 algorithm  Kmaster = E22 (LK_RAND1, LK_RAND2,16)  Use overlay key to comm the master key to all slaves in piconet  Koverlay = E22 (K, RAND3, 16)

15. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL15  Key Establishment (cont.)  The Algorithms  Five algorithm used :-E0,E1, E3, E21, and E22.  E0 – stream chiper, and the other 4 use block chiper.  Use same underlying block chiper :- SAFER+

16. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL16  Authentication  Involve 2 endpoints – the claimant, the verifier  For mutual authentication – both end points take on the role of verifier one at a time.  See figure 19.8 : Bluetooth mutual authentication, page 462.  Confidentiality  See figure 19.9 : Bluetooth encryption, page 464  See figure 19.10 : Bluetooth packet format, page 464.

17. 4.2 Bluetooth Prepared by : Zuraidy Adnan, FITM UNISEL17  Integrity protection  Relies on CRC for integrity  Using linear noncryptographic integrity check mechanism like CRC leaves a lot to be desired as far as integrity protection is concerned.  By choosing CRC, bluetooth fails to provide any real integrity protection,