Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.

Published byClifton Waters Modified over 9 years ago

Similar presentations

Presentation on theme: "Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003."— Presentation transcript:

1 Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003

2 Outline of the talk 1. Introduction 2. Protocols in Bluetooth 3. Security problems 4. Recommendations / solutions 5. Conclusion

3 Outline of the talk 1. Introduction 2. Protocols in Bluetooth 3. Security problems 4. Recommendations / solutions 5. Conclusion

4 Personal Area Network (PAN) Small number of mobile devices Heterogeneous Ad-hoc network Wireless (WPAN) Small range

5 Personal Area Network (PAN)

6 Constraints Limited battery power Computational power Small amount of memory Small range Ad-hoc network Not always I/O-interface

7 Different technologies Infrared (IrDA) Radio propagation (Bluetooth) Human body (Body Area Networks) …

8 Different technologies Infrared (IrDA) Radio propagation (Bluetooth) Human body (Body Area Networks) …

9 Bluetooth 1998: Bluetooth SIG IEEE 802.15 Range < 10m 2.4 GHz ISM band Spread spectrum & frequency hopping 1 Mbit/s Piconets: 1 master and up to 7 slaves

10 Outline of the talk 1. Introduction 2. Protocols in Bluetooth 3. Security problems 4. Recommendations / solutions 5. Conclusion

11 My colour convention XXX = public value XXX = secret value XXX = sent in clear XXX = sent encrypted

12 Protocols in Bluetooth 1. Generation of unit key 2. Generation of initialization key 3. Generation of link key 4. Mutual authentication 5. Generation of encryption key 6. Generation of key stream 7. Encryption of data

13 1. Generation unit key E21 RAND A ADDR A KAKA

14 2. Generation initialization key E22 PIN IN_RAND PIN LL IN_RAND K init

15 3. Generation link key (1) K init K A = K link K K init K A = K link

16 3. Generation link key (2) K AB = K link LK_RAND A LK_RAND B E21 ADDR A ADDR B LK_RAND A LK_RAND B K AB = K link ADDR B ADDR A LK_RAND B LK A LK B

17 4. Mutual authentication ADDR B E1 ADDR B AU_RAND K link AU_RAND SRES AU_RAND K link ADDR B SRES ACO

18 5. Generation encryption key EN_RAND E3 EN_RAND K link ACO KCKC KCKC

19 6. Generation key stream E0 ADDR A clock MASTER KCKC K CIPHER ADDR A clock MASTER KCKC

20 7. Encryption of data K CIPHER DATA

21 Outline of the talk 1. Introduction 2. Protocols in Bluetooth 3. Security problems 4. Recommendations / solutions 5. Conclusion

22 Most important security weaknesses Problems with E0 Unit key PIN Problems with E1 Location privacy Denial of service attacks

23 Problems with E0 Output (K CIPHER ) = combination of 4 LFSRs Key (K C ) = 128 bits Best attack: guess some registers -> 2 66 (memory and complexity)

24 Unit key K A = K link AB

25 Unit key K A = K link A C B K A = K’ link

26 PIN Some devices use a fixed PIN (default=0000) Security keys = security PIN !!!! Possible to check guesses of PIN (SRES) -> brute force attack Weak PINs (1234, 5555, …)

27 Problems with E1 E1 = SAFER+ Some security weaknesses (although not applicable to Bluetooth) slow

28 Location privacy Devices can be in discoverable mode Every device has fixed hardware adress Adresses are sent in clear -> possible to track devices (and users)

29 Denial of service attacks Radio jamming attacks Buffer overflow attacks Blocking of other devices Battery exhaustion (e.g., sleep deprivation torture attack)

30 Other weaknesses No integrity checks No prevention of replay attacks Man in the middle attacks Sometimes: default = no security …

31 Outline of the talk 1. Introduction 2. Protocols in Bluetooth 3. Security problems 4. Recommendations / solutions 5. Conclusion

32 Recommendations Never use unit keys!!!! Use long and sufficiently random PINs Always make sure security is turned on …

33 Interesting solutions Replace E0 and E1 with AES Use MACs to protect integrity Pseudonyms Identity based cryptography Elliptic curves Use MANA protocols instead of PIN Use network layer security services (IPSEC) to provide end-to-end security

34 Outline of the talk 1. Introduction 2. Protocols in Bluetooth 3. Security problems 4. Recommendations / solutions 5. Conclusion

35 Conclusion Bluetooth has quite a lot of security weaknesses! Need for secure lightweight protocols More research needed!!

36 Questions ?

Download ppt "Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003."

Similar presentations

GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.

GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.
CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.

Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
Security Weaknesses in Bluetooth by Markus Jakobsson and Susanne Wetzel Lucent Technologies – Bell Labs presented by Boris Kurktchiev.

Security Weaknesses in Bluetooth by Markus Jakobsson and Susanne Wetzel Lucent Technologies – Bell Labs presented by Boris Kurktchiev.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part II.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
BLUETOOTH The Universal Radio Interface for ad hoc, Wireless Connectivity By Jeffrey Adams.

BLUETOOTH The Universal Radio Interface for ad hoc, Wireless Connectivity By Jeffrey Adams.
802.11b Vulnerabilities, Ad-Hoc Mode, RF Jamming and Receiver Design Ritesh H Shukla Graduate Student ECE Dept Under the Guidance of Prof. William R Michalson.

802.11b Vulnerabilities, Ad-Hoc Mode, RF Jamming and Receiver Design Ritesh H Shukla Graduate Student ECE Dept Under the Guidance of Prof. William R Michalson.

Similar presentations

Ads by Google