Presentation is loading. Please wait.

Presentation is loading. Please wait.

Simple Bluetooth Security Manager based on the Open Bluetooth stack Dec. 18. 2001 Jongbae Park (+82-42-866-6162 )

Published byLawrence Crawford Modified over 9 years ago

Similar presentations

Presentation on theme: "Simple Bluetooth Security Manager based on the Open Bluetooth stack Dec. 18. 2001 Jongbae Park (+82-42-866-6162 )"— Presentation transcript:

1 Simple Bluetooth Security Manager based on the Open Bluetooth stack Dec. 18. 2001 Jongbae Park (+82-42-866-6162 ) (jbpark@icu.ac.kr)jbpark@icu.ac.kr

2 2 Contents Bluetooth Introduction Bluetooth security architecture Axis Bluetooth stack Simple Security Manager Implementation Result

3 What Is A Emerging Technology Called bluetooth ?

4 4 Bluetooth Nobody loves wires! Forget Plug and Play - just Play 1Mbps(Sync), 723kbps(Async) 2.4GHz ISM band 1 or 100mW, 10 m, $4 @2003 ~ 4 3 voice channels 8 participants in a piconet : a short-range radio technology for integration into mobile and handheld devices that is targeted to replace cables.

5 5 What Does Bluetooth Wireless Technology Do For You? Landline Data/Voice Access Points Personal Ad-hoc Networks Cable Replacement

6 6 PAN WG

7 7 IF/RF (BT1/BT2) Baseband (BT1/BT2) Bluetooth Protocol Stack

8 8 Bluetooth Products T39 T28 w/ Adapter R520

9 9 Products 3Com PC Card, USB Adapter - CSR, Parthus ATO Headset - Ericsson Axis AP Brain Boxes – PC Card, RS232 Adapter, CF Card - CSR, Socket Comm.

10 Bluetooth security architecture

11 11 Bluetooth security architecture 3 Security modes are defined Security Mode 1: non-secure Security Mode 2: service level enforced security Security Mode 3: link level enforced security Security Mode 2 Bluetooth device initiates security procedures after the channel is established (at the higher layers) Security Mode 3 Bluetooth device initiates security procedures before the channel is established (at the lower layers).

12 12 Bluetooth security architecture Example Bluetooth Security Architecture

13 13 Bluetooth security architecture 1. Store security-related information on services & devices 2. Answer access requests by protocol implementations or applications (either access granted or refused) 3. Enforce authentication and/or encryption before connecting to the application. 4. Initiate or process input from the device user to set- up trusted relationships on device level. 5. Initiate pairing and query PIN entry by the user. PIN entry might also be done by an application.

14 14 AXIS BLUETOOTH STACK The AXIS OpenBT Stack Implementation of Bluetooth stack for Linux. Bluetooth Driver for Linux Kernel v2.0, v2.2 and v2.4 http://sourceforge.net/projects/openbt/

15 15 AXIS BLUETOOTH STACK Structure of AXIS Openbt bluetooth Stack

16 16 AXIS BLUETOOTH STACK- Security

17 17 AXIS BLUETOOTH STACK- Sec_manager 함수명 설명 sec_client_shutdown static void sec_client_shutdown() security_query.originator = KERNEL Kernel version 이 정의되어 있을 경우 “ wake_up process~~ ” 문장을 출력 sec_man_init static void sec_man_init(enum security_requests user) Kernel version 이 정의되어 있을 경우 open_socket() 함수를 호출.open_socket()

18 18 AXIS BLUETOOTH STACK- Sec_manager sec_man_check static void sec_man_check(enum security_requests user, BD_ADDR bd_addr, u32 service_data, u32 user_data) Kernel version 이 정의되어 있을 경우 sec_man_sock 이 0 보다 작을 경우 (security manager 가 있지 않을 경우 error 메시지를 출력 ) Kernel version 이 정의되어 있지 않은 경우 sec_man_doquery() 함수를 호출. sec_man_doquery() sec_man_event static void sec_man_event(enum security_requests user, BD_ADDR bd_addr, u8 event, u8 *param, u8 param_len)

19 19 AXIS BLUETOOTH STACK- Sec_manager param_len 과 MAX_EVENT_DATA_LENGTH 의 크기를 비교해서 param_len 이 더 큰 경우는 “ event data length too long ” 을 찍고 param 의 MAX_EVENT_DATA_ LENGTH 값만큼을 security_query.event_param 에 memcpy 해줌. 그 반대의 경우는 param_len 을 memcpy. sec_man_doquery()sec_man_doquery() 함수를 호출 open_socket int open_socket(char *name) Socket 을 open 함. Connection 이 0 보다 작으면 socket 을 열수 없으므로 security manager 를 사용할 수 없다는 에러 메시지를 출력. sec_man_proc_dir_entry_read

20 20 AXIS BLUETOOTH STACK- Sec_manager static s32 sec_man_proc_dir_entry_read(char *buf, char **start, off_t offset, s32 len, s32 unused) sec_man_read()sec_man_read() 함수를 호출. sec_man_read static s32 sec_man_read(struct inode *inode, struct file * file, char * buf, s32 count) security_query.originator 가 BT_SEC_MAN 이 아닌 경우 no response 라는 메시지를 출력하고 interruptible_sleep_on() 함수를 호출.

21 21 AXIS BLUETOOTH STACK- Sec_manager sec_man_write static s32 sec_man_write(struct inode *inode, struct file * file, const char * buf, s32 count) sec_hdl->originator == BT_SEC_MAN( 새로운 request 를 받을 수 있으면 ) 인 경우 security_query.originator = SEC_CLIENT 로 하고 sec_hdl->request_type 가 L2CAP 인 경우  l2cap_process_sec_man_response() 함수 호출 sec_hdl->request_type 가 RFCOMM 경우  rfcomm_process_sec_man_response() 함수 호출 sec_man_doquery static s32 sec_man_doquery(s32 fd, u8 *request) sec_man_sock 에서 security_query 크기만큼 읽어서 request 에 저장

22 22 AXIS BLUETOOTH STACK- Sec_manager n= sec_man_sock 에서 BUFFER_SIZE 만큼 읽어와서 tmpbuf 에 저장 한 수. n 이 security_query 의 크기보다 작으면 db_hdl  len 만큼 response 했다고 출력 sec_hdl->request_type 가 L2CAP 인 경우  l2cap_process_sec_man_response() 함수 호출 sec_hdl->request_type 가 RFCOMM 경우  rfcomm_process_sec_man_response() 함수 호출 sec_client_shutdown static void sec_client_shutdown ( ) Wait_up process 가 awaikening 하다는 문장을 출력

23 23 AXIS BLUETOOTH STACK- Sec_manager init_link_key_list static void init_link_key_list ( ) link_key_list.first = NULL; link_key_list.last = NULL; link_key_list.cur = NULL; link_key_list.count = 0; free_link_key_list static void free_link_key_list ( ) delete_link_key ( )delete_link_key ( ) 함수를 호출

24 24 AXIS BLUETOOTH STACK- Sec_manager create_link_key link_key_information_type* create_link_key(unsigned char *bd_addr, unsigned char *link_key_str) Link key list 크기를 보고 새로운 link key element 를 할당할 수 있는지 없는지를 출력 link_key_list.count 값이 MAX_LINKKEYLISTSIZE 면 connection list full 에러 메시지가 뜸 get_next_link_key link_key_information_type* get_next_link_key(link_key_information_type* link_key) link_key_list.first 값이 link_key->next 값과 같으면 Null 을 return

25 25 AXIS BLUETOOTH STACK- Sec_manager insert_link_key static void insert_link_key(link_key_information_type *new_link_key) List 가 빈 경우 link_key_list.first = new_link_key; link_key_list.cur = new_link_key; link_key_list.last = new_link_key; link_key_list.count++; new_link_key->next = link_key_list.first; /* Pos32 at itself new_link_key->prev = link_key_list.first

26 26 AXIS BLUETOOTH STACK- Sec_manager List 가 비어있지 않은 경우 old_link_key = link_key_list.first; /* mark oldlink_key first new_link_key->next = old_link_key; link_key_list.last->next = new_link_key; old_link_key->prev = new_link_key; new_link_key->prev = link_key_list.last; link_key_list.cur = new_link_key; /* Set current to new element */ link_key_list.first = new_link_key; /* Set first to new element */ link_key_list.count++; delete_link_key Static s32 delete_link_key(link_key_information_type *link_key)

27 27 AXIS BLUETOOTH STACK- Sec_manager Element 를 지우고 pointer 를 update 함 Last element 인 경우 (link_key_list.count == 1) link_key_list.count--; link_key_list.first = NULL; link_key_list.cur = NULL; link_key_list.last = NULL; kfree(link_key);

28 28 AXIS BLUETOOTH STACK- Sec_manager sec_man_create_proc_file Static s32 sec_man_create_proc_file(void) Wait queue 를 초기화시켜줌.  init_waitqueue_head () 함수를 호출 Proc entry 가 성공적으로 register 되면 (create_proc_entry () 함수 호출 ) 필요한 structure 정보를 set 함 sec_man_remove_proc_file Static s32 sec_man_remove_proc_file (void) LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0) 인 경우 remove_proc_entry () 함수를 호출. 그렇지 않은 경우 proc_unregister() 함수를 호출.

29 29 AXIS BLUETOOTH STACK- Sec_manager sec_man_get_cached_link_key Static void sec_man_get_cached_link_key(u8 *param) get_first_link_key () 함수를 호출 link key 가 null 이 아닐 경우 link_key->bd_addr 를 param 으로 BD_ADDRESS_SIZE 만큼 memcpy 해 줌. 그 후 link_key- >link_key 를 param + BD_ADDRESS_SIZE 에다 LINK_KEY_SIZE 만큼 memcpy 해 줌. Link key 가 null 인 경 우는 memset 을 해줌.

30 30 AXIS BLUETOOTH STACK- Sec_manager HCI: process_event, REMOTE_NAME_REQUEST_COMPLETE AXIS 9010 (129.132.164.116) HCI: send_cmd_queue, start: Num_HCI_Command_Packets=1 BT DATA <--|X| 8 HCI: send_cmd_queue, end : 0 cmds left in queue HCI: send_acl_data_task, 0 bytes BT DATA -->|X| 9 hci_receive_data, hci-9 HCI: hci_receive_data, WAIT_FOR_PACKET_TYPE HCI: hci_receive_data, WAIT_FOR_EVENT_TYPE HCI: hci_receive_data, WAIT_FOR_EVENT_LENGTH HCI: process_event, COMMAND_COMPLETE HCI: process_return_param, WRITE_LINK_POLICY_SETTINGS HCI: update_nhcp, Num_HCI_Command_Packets=1 HCI: send_cmd_queue, start: Num_HCI_Command_Packets=1 HCI: send_cmd_queue, end : 0 cmds

31 31 Result left in queue BT DATA -->|X| 9 hci_receive_data, hci-9 HCI: hci_receive_data, WAIT_FOR_PACKET_TYPE HCI: hci_receive_data, WAIT_FOR_EVENT_TYPE HCI: hci_receive_data, WAIT_FOR_EVENT_LENGTH HCI: process_event, PIN_CODE_REQUEST forwarding event to security manager Called my_sec_man We are in SEC_MAN_LOOPBACK mode...

32 32 Result  We are in SEC_MAN_LOOPBACK mode... hci_pin_code_request_reply New pin is (3): 0x31 0x32 0x33 hci_pin_code_request_reply BD_addr (6): 0x73 0x85 0x58 0x8c 0x40 0x00 hci_pin_code_request_reply, pin (3): 0x31 0x32 0x33 HCI: start_cmd_timer HCI: insert_cmd Aiee: scheduling in interrupt 90066664 Aiee: scheduling in interrupt 90066664 Aiee: scheduling in interrupt 90066664 Aiee: scheduling in interrupt 90066664 Aiee: scheduling in interrupt 90066664 Aiee: scheduling in interrupt 90066664 Aiee: scheduling in interrupt 90066664

33 33 Result my sec_manager: --------------------------------------------------- --void my_sec_man(BD_ADDR bd_addr) { BD_ADDR address; char pin[ ]="123"; char len = 3; printk("We are in SEC_MAN_LOOPBACK mode...\n"); memcpy(address, bd_addr, BD_ADDRESS_SIZE); hci_pin_code_request_reply(address, pin, len); }

Download ppt "Simple Bluetooth Security Manager based on the Open Bluetooth stack Dec. 18. 2001 Jongbae Park (+82-42-866-6162 )"

Similar presentations

USERSPACE I/O Reporter: R98922086 張凱富.

USERSPACE I/O Reporter: R 張凱富.
1 MICSSA 2003 Bluetooth in the defence industry The quest for single chip point to multipoint Presented by David Johnson TFA leader – Mobile Platform Technologies.

1 MICSSA 2003 Bluetooth in the defence industry The quest for single chip point to multipoint Presented by David Johnson TFA leader – Mobile Platform Technologies.
BLUETOOTH. INTRODUCTION A look around at the moment! Keyboard connected to the computer, as well as a printer, mouse, monitor and so on. What (literally)

BLUETOOTH. INTRODUCTION A look around at the moment! Keyboard connected to the computer, as well as a printer, mouse, monitor and so on. What (literally)
1 Introduction to Bluetooth v1.1 (Part I) Overview Radio Specification Baseband Specification LMP L2CAP.

1 Introduction to Bluetooth v1.1 (Part I) Overview Radio Specification Baseband Specification LMP L2CAP.
Mohamed Mokdad Ecole d’Ingénieurs de Bienne

Mohamed Mokdad Ecole d’Ingénieurs de Bienne
IEEE Wireless 2002 Conference - Seattle2/25/02 How To Use Bluetooth: Implementation of Current Technology Copyright 2002 Stonestreet One, Inc Tim Reilly.

IEEE Wireless 2002 Conference - Seattle2/25/02 How To Use Bluetooth: Implementation of Current Technology Copyright 2002 Stonestreet One, Inc Tim Reilly.
Doc.: IEEE 802.15-01/046r1 Submission January 2001 Tom Siep, Texas InstrumentsSlide 1 Bluetooth Architecture Presentation Chatschik Bisdikian IBM Research.

Doc.: IEEE /046r1 Submission January 2001 Tom Siep, Texas InstrumentsSlide 1 Bluetooth Architecture Presentation Chatschik Bisdikian IBM Research.
Bluetooth: an Introduction

Bluetooth: an Introduction
By Abdullah M. Dalloul…20020447. Abdullah M. Dalloul…20020447. Salman Y. Mansour...20020826. Salman Y. Mansour...20020826. Supervisor. Supervisor. Dr.

By Abdullah M. Dalloul… Abdullah M. Dalloul… Salman Y. Mansour Salman Y. Mansour Supervisor. Supervisor. Dr.
CPET 260 Bluetooth. What is Bluetooth? Not IEEE802.11 (Wi-Fi) or HomeRF Originally designed to replace wires Short-range, lower-power wireless technology.

CPET 260 Bluetooth. What is Bluetooth? Not IEEE (Wi-Fi) or HomeRF Originally designed to replace wires Short-range, lower-power wireless technology.
Overview The Basics Core Specification Version Spectrum International Radio Frequency Allocation Range Power Benefits Protocol Stack Bluetooth Architecture.

Overview The Basics Core Specification Version Spectrum International Radio Frequency Allocation Range Power Benefits Protocol Stack Bluetooth Architecture.
1 Overview of Bluetooth technology Bluetooth protocol stack The Ericsson Bluetooth module Alternate solutions Wireless LANs Conclusions References Networking.

1 Overview of Bluetooth technology Bluetooth protocol stack The Ericsson Bluetooth module Alternate solutions Wireless LANs Conclusions References Networking.
1 Mini Course Programming Context-aware Mobile Phones Thomas Bodin IT University of Copenhagen.

1 Mini Course Programming Context-aware Mobile Phones Thomas Bodin IT University of Copenhagen.
Bluetooth Jennifer Portillo Thomas Razo Samson Vuong By Sonny Leung.

Bluetooth Jennifer Portillo Thomas Razo Samson Vuong By Sonny Leung.
Bluetooth Introduction The Bluetooth Technology

Bluetooth Introduction The Bluetooth Technology
Presented by Selim Dursun

Presented by Selim Dursun
Data Structures in the Kernel Sarah Diesburg COP 5641.

Data Structures in the Kernel Sarah Diesburg COP 5641.
2011 Embedded Systems Software Training Center BluRapport SDK.

2011 Embedded Systems Software Training Center BluRapport SDK.
Hacking the Bluetooth Pairing Authentication Process Graduate Operating System Mini Project Siyuan Jiang and Haipeng Cai.

Hacking the Bluetooth Pairing Authentication Process Graduate Operating System Mini Project Siyuan Jiang and Haipeng Cai.
BLUETOOTH. Introduction Bluetooth technology discussed here aims at so-called ad- hoc piconets, which are local area networks with a very limited coverage.

BLUETOOTH. Introduction Bluetooth technology discussed here aims at so-called ad- hoc piconets, which are local area networks with a very limited coverage.

Similar presentations

Ads by Google