Upload File

cracking the bluetooth pin by yaniv shaked and avishai wool (2005)

  • Home
  • Documents
  • Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)
26
Cracking the Bluetooth PIN1 Cracking the Bluetooth PIN Yaniv Shaked and Avishai Wool School of Electrical Engineering Systems Supported in part by a grant from Intel Corporation. Abstract: This paper describes the implementation of an attack on the Bluetooth security mechanism. Specifically , we describe a passive attack, in which an attacker can find the PIN used during the pairing process. We then describe the cracking speed we can achieve through three optimizations methods. Our fastest optimization employs an algebraic representation of a central cryptographic primitive (SAFER+) used in Bluetooth. Our results show that a 4-digit PIN can be cracked in less than 0.3 sec on an old Pentium III 450MHz computer, and in 0.06 sec on a Pentium IV 3Ghz HT computer. 1 Introduction 1.1 Background Bluetooth, a technology used for short range fast communication s, has quickly spread worldwide. Bluetooth technology is used in a large set of wired and wireless devices: mobile phones, PDA's, desktop and mobile PC's, printers, digital cameras, and dozens of other devices. Being wireless, Bluetooth is potentially vulnerable to many attacks. It is very difficult to avoid Bluetooth signals from leaking outside the desired boundaries. The possible damage of a successful wireless attack starts with the ability to eavesdrop on the data transferred during the communication of two devices, and ends with the ability to fully impersonate other devices. The Bluetooth technology has a significant security component, which includes key management, authentication and secrecy. However, the security of the whole system relies on the user's choice of a secret Personal Identification Number (PIN) - which is often much too short. Moreover, the Bluetooth designers invented several new cryptographic primitives, which were incorporated into the system. Cryptographers consider fielding new primitives to be risky, because new cryptograp hy is less tested and may contain hidden flaws. Furthermore , Bluetooth is designed for short-range communica tion (nominal range of about 10m). This short-range is perceived as a security feature, since an attacker is supposed to be quite near the attack target - but recent history with IEEE 802.11 has shown that effective range-exten ders can be built very cheaply [ Reh03]. Finally, as Bluetooth gains popularity on PDAs and laptops, the information that lures attackers grows from cell-phone address books to valuable corporate data. 1.2 Related work http://www.eng.tau.ac.il /~yash/shaked-wool-mobisys05/ (1 of 26)10/14/2007 2:37:49 AM

Upload: dhruv-jain

Post on 08-Apr-2018

220 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 1/26

Page 2: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 2/26

Page 3: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 3/26

Page 4: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 4/26

Page 5: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 5/26

Page 6: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 6/26

Page 7: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 7/26

Page 8: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 8/26

Page 9: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 9/26

Page 10: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 10/26

Page 11: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 11/26

Page 12: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 12/26

Page 13: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 13/26

Page 14: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 14/26

Page 15: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 15/26

Page 16: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 16/26

Page 17: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 17/26

Page 18: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 18/26

Page 19: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 19/26

http://www.bluejackq.com/
http://www.bluetooth.org/spec
http://eprint.iacr.org/2002/191/
Page 20: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 20/26

http://eprint.iacr.org/2005/107
http://www.bluestumbler.org/
http://eprint.iacr.org/2002/068/
Page 21: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 21/26

http://www.cansecwest.com/csw04/csw04-Whitehouse.pdf
http://www.atstake.com/research/reports/acrobat/atstake_war_nibbling.pdf
http://www.turnpoint.net/wireless/has.html
Page 22: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 22/26

Page 23: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 23/26

Page 24: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 24/26

Page 25: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 25/26

Page 26: Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

8/7/2019 Cracking the Bluetooth PIN by Yaniv Shaked and Avishai Wool (2005)

http://slidepdf.com/reader/full/cracking-the-bluetooth-pin-by-yaniv-shaked-and-avishai-wool-2005 26/26


Name: Haim Shaked Date: July 2019 CURRICULUM VITAE Contact ... · Shaked, C.V. July 2019 1 Name: Haim Shaked Date: July 2019 CURRICULUM VITAE Contact Information Mailing Address:

Avishai Cohen - Smash

AN EVENING WITH AVISHAI COHEN

Yaniv Waissa

Yaniv Janson Sales Catalogue July 2011

Strength Based Lean Sigma (David Hansen & David Shaked)

Shaked Uzrad Portfolio 2011 / 2012

Avishai Cohen - Songbook Vol I.pdf

ML2012 Fp Yaniv Bar

Yaniv brousset trabajo 4

the work of avishai

Remembering Avishai Cohen

Cracking the Buetooth Pin by Shaked and Wool

Yaniv Janson Sales Catalogue March 2011

A story that shaked people. Truman Capote The author

ACCOUNTING RESEARCH: NOTES AND PERSPECTIVES …faculty.haas.berkeley.edu/yaniv/files/Papers_Publications/Konchitchki... · ACCOUNTING RESEARCH: NOTES AND PERSPECTIVES Professor Yaniv

Margalit, Avishai

WELCOME [] · Avishai Cohen - “An Evening with Avishai Cohen

Kuluoz: Malware and botnet analysis - IDCportal.idc.ac.il/en/schools/cs/research/documents/shaked-bar.pdf · Kuluoz – malware and botnet analysis Shaked Bar, IDC, Hertzelia,

SHAKED LAW GROUP, NY - Join Class Action Lawsuits · SHAKED LAW GROUP, P.C. Dan Shaked (DS-3331) 44 Court Street, Suite 1217 Brooklyn, NY 11201 ... browse, select, and buy online

Avishai Resume 2015

Avishai Cohen - Remembering

Yaniv Grinstein - HEC UNIL

About DS/CX - Yaniv Michaeli

Gilad M. Guttmann and Yaniv Gelbstein

Yaniv Janson Sales Catalogue June 2011

A story that shaked

Radical Nature - Yaniv Peer

CollectiveAction2.0 by Shaked Spier 2011

Avishai Cohen - Songbook Vol. 1 Minimized

Name: Haim Shaked Date: September 2019 CURRICULUM VITAE ... · Shaked, C.V. July 2019 1 Name: Haim Shaked Date: September 2019 CURRICULUM VITAE Contact Information Mailing Address:

Yaniv Erlich Hannon Lab

Nissim Shaked Certification For Clean Rooms Qa Ra

Avishai Cohen - Gently Disturbed Songbook

Processing Characterization of Bio-Plastics Yanir Shaked