![Page 1: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/1.jpg)
An Analysis of Bluetooth SecurityAn Analysis of Bluetooth Security
Jaymin Shah Sushma
Kamuni
![Page 2: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/2.jpg)
IntroductionIntroductionBluetooth
◦It is an open wireless protocol for exchanging data over short distances from fixed and mobile devices, creating personal area network.
◦Act as a reliable source of transmission for voice and data
![Page 3: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/3.jpg)
Designed to operate in the ISM bandGaussian Frequency Shift Keying is usedData rate of 1Mb/sec can be achieved
Features: Low cost, low power and robustness
Class Range (meters) Max. Power (mW)
1 100 100
2 10 2.5
3 1 1
![Page 4: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/4.jpg)
Bluetooth SecurityBluetooth SecurityAuthentication: Verifies the identification of the devices
that are communicating in the channel.
Confidentiality: Protecting the data from the attacker by allowing only authorized users to access the data.
Authorization: Only authorized users have control over the resources.
![Page 5: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/5.jpg)
Security features of BluetoothSecurity features of BluetoothSecurity Mode 1: Non-Secure Mode
Security Mode 2: Service level enforced security mode
Security Mode 3: Link-level enforced security mode
![Page 6: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/6.jpg)
Link Key GenerationLink Key Generation
![Page 7: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/7.jpg)
AuthenticationAuthentication
![Page 8: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/8.jpg)
Authentication SummaryAuthentication Summary
Parameter Length Secrecy parameter
Device Address 48 Bits Public
Random Challenge 128 Bits Public
Authentication (SRES) Response
32 Bits Public
Link Key 128 Bits Secret
BD_ADDRBVerifier Claimant
Calculates SRES’
Authentication Process
AU_RAND
SRES
Success if match
![Page 9: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/9.jpg)
ConfidentialityConfidentialityConfidentiality security service protects the eavesdropping attack on air-interface.
![Page 10: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/10.jpg)
Bluetooth Encryption ProcessBluetooth Encryption ProcessEncryption Mode 1: No encryption is needed.
Encryption Mode 2: Encrypted using link key keys.
Encryption Mode 3: All traffic is encrypted.
![Page 11: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/11.jpg)
Trust levels, service levels and Trust levels, service levels and authenticationauthenticationService level 1: Requires authentication and
authorization.
Service level 2: Requires only authentication.
Service level 3: Open to all bluetooth devices.
![Page 12: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/12.jpg)
Problems with the standard Problems with the standard Bluetooth SecurityBluetooth Security
Security Issue Remarks
Strength of the Random Number Generator (RNG) is unknown.
RNG may produce periodic numbers that reduces the strength of authentication mechanism.
Short PINs are allowed. Such weak PINs are used to generate link and encryption keys that are easily predictable.
Encryption key length is negotiable. More robust initialization key generation procedure should be developed.
No user authentication exists. As only device authentication is provided, application security and user authentication can be employed.
Stream cipher is weak and key length is negotiable.
Robust encryption procedure and minimum key length should be decided and passed as an agreement.
![Page 13: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/13.jpg)
Security Issue RemarksPrivacy can be compromised if the BD_ADDR is captured and associated with a particular user.
Once the BD_ADDR is associated with a particular user, that user’s activity can be logged. So, loss of privacy can be compromised.
Device authentication is simple shared key challenge response.
One-way authentication may be subjected to man-in-middle attacks. Mutual authentication is a good idea to provide verification.
![Page 14: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/14.jpg)
Security ThreatsSecurity ThreatsDenial of service: Makes the device unusable and
drains the mobile device battery.
Fuzzing attacks: Sending malformed messages to the bluetooth device.
Blue jacking: Causes harm when the user sends the data to the other user.
Blue snarfing: Uses IMEI identifier to route all the incoming calls.
![Page 15: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/15.jpg)
Man-in-the-middleMan-in-the-middle
![Page 16: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/16.jpg)
FutureFutureBroadcast Channel: Adoption of Bluetooth in the
mobile phones from the Bluetooth information points.
Topology Management: Configuration should be invisible and the messages to the users in the scatternet.
Quality of Service: Video and audio transmission of data with high quality.
![Page 17: An Analysis of Bluetooth Security Jaymin Shah Sushma Kamuni](https://reader034.vdocument.in/reader034/viewer/2022050819/56649e905503460f94b953d6/html5/thumbnails/17.jpg)
ReferencesReferences http://www.bluetooth.com/Bluetooth/Technology/Basics.htm http://en.wikipedia.org/wiki/Bluetooth http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf Software Security Technologies, A programmable approach, By Prof.
Richard Sinn. http://www.urel.feec.vutbr.cz/ra2008/archive/ra2006/abstracts/085.pdf http://en.wikipedia.org/wiki/Bluetooth http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf