implementation - forside - det digitale projektbibliotek...

259
Security Improvement Of CNS 4 Students Emad Girges Ahmad Ayyoub SUPERVISOR Birger Andersen AALBORG UNIVERSITY COPENHAGEN Department of Electronic Systems

Upload: duonglien

Post on 26-Apr-2018

219 views

Category:

Documents


1 download

TRANSCRIPT

Implementation

Security Improvement

Of

RF

Baseband

Link Manager

Host Controller Interface Data control

L

2

CAP Layer

L

2

CAP

Resource

Manager

Channel

Manager

RFCOMM

PPP

IP

UDP

TCP

WAP

WAE

vCard

/

vCal

OBEX

AT

-

COMMANDS

TCS BIN

SDP

Security

Manager

Application

User Interface

General

Management

Entity

Service

Database

Service

Database

Physical Layer

Bluetooth Radio

Lower Baseband

Layer

Device

Manager

Upper Baseband

layer

CNS 4

Students

Emad Girges

Ahmad Ayyoub

SUPERVISOR

Birger Andersen

AALBORG UNIVERSITY COPENHAGEN

Department of Electronic Systems

Aalborg Universitet Kbenhavn, Lautrupvang 15

2750

Ballerup.

2009

Device in

connectable mode

Paging and

link setup

Link manager

connection request

Device

rejected

?

Connection request

accepted

Connection request

accepted

Authentication

pEncryption/p

p>

Authorized

?

Link setup

complete

Service

request

Check access

control list

Authentication

pEncryption/p

p>

Service

request accepted

Yes

No

Security mode

3

Security mode

1

and

2

Security

mode

2

Security mode

1

and

3

Yes

,

if auth

.

Rejected

Yes

,

no

auth

.

Security Improvement of

Table of Contents

Chapter 1

Introduction of Bluetooth

1.1. Introduction ...6

1.2. Structure of the thesis..7

1.3. Problem Formulation8

1.3.1. Situating the problem9

1.3.2. Diagnosing the problem.9

Chapter 2

Preliminary Research

2.1. What is Bluetooth .11

2.2. The Bluetooth SIG 11

2.3. The technology and SIG origins 12

2.4. The Bluetooth name .12

2.5. RF (radio frequency).. .13

2.6. Spread spectrum RF ..13

2.7. Bluetooth Address ..13

2.8. Layers 13

2.9. Bluetooth Links..14

2.10. Bluetooth Network .14

2.11. Piconet and Scatternet ..15

2.12. More details about Scatternet .16

2.13 Packet Format ..17

2.14. Bluetooth Stack ...19

2.15. Description the Bluetooth Layers....20

2.16. Summary ..21

Chapter 3

Security Principles

3.1. Introduction of Security....23

3.1.1. Bluetooth Address ...........23

3.1.2. Private authentication key ...........23

3.1.3. Private encryption key ..............23

3.1.4. Random number (RAND) ..............23

3.2. Security Modes .23

3.2.1. Security Mode 1. ....23

3.2.2. Security Mode 2...24

3.2.3 .Security Mode 3.. 24

3.3 Flowchart for different security modes ...............25

3.4. Trusted and Untrusted devices..........26

1. Trusted device26

2. Untrusted device...26

E

22

RAND

,

128

bits

PIN

,

max

128

bits

Length of PIN

Key

.

128

bits

Security Improvement of

3. Unknown Device...............................................................................................26

3.5 SAFER+ Algorithm. ...26

3.5.1 The key scheduling algorithm (KSA)......27

3.5.2 The SAFER+ Round ...27

3.6. Point to Point. ....28

3.7. Key Management......................................................................................28

1- Link Keys ..28

1.1 Key Time (life time) ..28

1.1.1Temporary key ...29

1.1.2.Unit keys ...........29

2- Combination key.29

3- Master keys..29

4-Initialization key

3.8. Personal Identification Number.29

3.9. Initialization key.. .29

3.10. Authentication key. . ....31

3.11. Authentication..33

3.12. Encryption.35

3.13. Encryption process..37

3.14. Weaknesses and Attacks37

1. Passive attacks38

2. Active attacks..39

3. Impersonation..39

4. Man in the middle...40

5. Modification of data and information 40

6. Pairing ..40

7. Improper key storage 40

8. Tampering with keys 41

9. DOS attack...41

10. Location tracking42

11. Implementation flaws42

12. Malware 43

3.15. Summary ..43

Chapter 4

The Program Language

4.1J2ME ..45

4.2. Configuration..46

4.2.1. CDC ...46

4.2.2. CLDC 46

4.3. Profiles..46

4.3.1. MIDP .46

4.4. MIDlets.47

4.5. API Bluetooth..49

4.6. Summary..50

message

verifier

claimant

Security Improvement of

Chapter 5

Analysis and Design

5.1. Solutions Analysis.51

5.2. Design...53

5.3. Summary..57

Chapter 6:

Description of Methods

6.1. Insert information for new customer...60

6.2. Server Main Form62

6.2.1. Blue main class .67

6.3. Testing.71

6.3.1. Test Login Form 71

6.3.2. Test Insert customer 73

6.3.3. Test Server..74

6.4.Security Testing .76

6.5.Access point..77

7. Results and discussion 78

8. Conclusion ..79

9. Recommendation ..80

10. Acknowledgements 80

11. References.81

12. Glossary 86

13. Appendix87

Appendix 1: Class description .87

Appendix 2: Java Files...95

Mobile connection (First connection)

Appendix 3: Java Files.113

Mobile connection (second connection)

Appendix 4: Java File...155

Server

message

claimant

verifier

Security Improvement of

List of figures

-Figure [1]12

Bluetooth Logo

-Figure [2] ...15

Scatternet Comprising 11 Piconets

-Figure [3]....16

Problem in Scatternet

-Figure [4]....19

Bluetooth stack

-Figure [5]25

Different between security modes

-Figure [6]27

Inner design of SAFER+

-Figure [7]....30

A Pairing Example between two devices

-Figure [8]31

Details of Algorithm E22

-Figure [9]33

Authentication process (both Devices

-Figure [10].34

Authentication Process

-Figure [11].36

Encryption negotiation

-Figure [12].37

Description of the encryption process

-Figure [13].45

Configurations and profiles of the J2me

-Figure [14].47

MIDP packages

-Figure [15].48

MIDlets make package and load to device

-Figure [16].48

MIDLet life cycle

-Figure [17].56

Paring + First Time Connection

-Figure [18].57

Normal Connection between the customer and shopping center

-Figure [19].59

This figure show how the connection happen between the customer

application and the server application

-Figure 20].60

Insert information for new customer:

-Figure [21]63

Server Main Form

verifier

claimant

IN

_

RAND

ACCEPT

message

(

from verifier

)

message from clamiant

V

_

RAND

V

_

SRES

C

_

RAND

C

_

SRES

{

generation of the init key

}

{

generation of the init key

}

{

generation of the authentication key

}

{

generation of the authentication key

}

{

authentication of the peer

}

{

authentication of the peer

}

Security Improvement of

Chapter 1

Introduction of Bluetooth

1.1. Introduction

Today we reach to point where people are using wireless communications everywhere Mobiles, computers, digital cameras and so on. Many technologies are used in purposes such as infrared, Bluetooth...Etc. people need not only a technology which can only replace the cable, but also have the same capabilities of the cable. The capabilities of transferring data and voice is required

In the past, special cable were needed to connect device together in order to transfer data and voice .We needed as many cable as devices this made , so we can imagine network of cables and many difficulties rise when number of devices grow because of interconnection . The Bluetooth technology is wireless, no cables in need for the communication. SIG (special interest group) is formatted in 1998 by many companies such as Ericsson, Intel, Toshiba in a purpose of developing a specification for short range wireless RF communication. This technology needs very low power, it can be used every where with low cost. Also SIG published Bluetooth profiles which are dealing with software protocols to make it possible for communications between kinds of device regardless of manufacture. Version 2.0 of the specification was published in 2004, the Bluetooth technology is still in developing, the version 3.0 specifications is published in 2009 .The specifications and profiles are expected to evolve as fare as Sig invents new methods to use this technology. There are many products in the markets until now using Bluetooth technology such as mobiles, headsets, computers... Etc. Most of information about Bluetooth can be found on www.bluetooth.com which is the website of SIG. . . . Bluetooth has its own strength side, but as other technologies has many weaknesses, so it underlies many kinds of attacks and risks.

Understanding this reality let us think how to implement a secure wireless Bluetooth communication to make it possible to communicate between customers and Server. looking on Bluetooth one can find that PIN code is short which means that it is easy to guess, the PIN code must physically entered so others can see the PIN code , the initialization number is also weak since it depends on random numbers which may be unsafe.

The unit key is reusable and is public to other side, so the encryption key can be calculated or the device can be impersonated, the same problem with the shared master key which can be disclosed or impersonated, Bluetooth connection has no user authentication and repeat attempts for authentication which leads to device embezzling and authentication can be disabling by legitimate devices, no separately defined authorization for services [1]

Unidirectional access but bidirectional traffic which leads to malicious verifier attack claimant by nasty massages. Also the channel is not secure to translate data There are also other weaknesses which this technology in need for security solutions

Login Form

Choose what to do

Server

Insert

information

for new

customer

Security Improvement of

before using it to send important or personal data. Securing the connection in the handle centre helps to secure applications in different applications and many other

services can be built on it. During the work on this problem, somebody else was trying to build Bluetooth handle centre in Austria but there are no information about what and how they solve this problem, but in general there are no other work

on this problem. Many theses were trying to search the weaknesses, other was working on comparisons between Bluetooth and other technologies like Wi-Fi ,

But one found to concern in this whole problem until now. There are many problems which are facing the solution since first : there are two kind of Bluetooth network , Piconet and scatternet , scatternet seems to be good solution since we can have big area covered by Bluetooth using this kind of network , but scatter net has it is own problems .

So Pico net is the chosen kind of network but the Pico net does not allow more than 7 slaves to be active; yes of course many more can be in park stat but only 7 can be in action, and in such centre are there too many customers. The other difficulties depend on that they need to implement an application to be solved. This project tried to solve the above mentioned weaknesses. In this thesis the design is implemented as planned, what is the thing which is added is that the channel and the connections between the master, server and slave are now more secure.

The customers are more safe and the information , data can be transferred more securely .This repot is of interesting for persons who want to know about Bluetooth implementation ,students are taken in considerations and industry petitioners

1.2. Structure of the thesis

Chapter1:

This chapter discusses the introduction of the report and then the structure which it follows with giving little idea about every chapter leaving to the summaries to tell about more details also discusses the problem formulation.

Chapter 2:

This chapter defines the Bluetooth, gives an idea about SIG group and how the name of Bluetooth comes from? It presents also the Bluetooth foundations, and goes through the Bluetooth stack, specifications then it gives an idea about RF (radio frequency).

Also this chapter gives an idea about networks kinds in Bluetooth and what the protocols uses by connections, discuses how to address a device and how the packets is formed, then it explains how to find a device and connects it.

Chapter 3:

Gives an overview on Bluetooth security principles, modes, It discusses attacks, strength and weaknesses of Bluetooth: eavesdropping, impersonation, pairing

improper key storage , disclosure of keys , tampering with keys , DOS attack , unit key , location tracking , Bluetooth device address and location tracking , Inquiry

attack, traffic monitoring attack, paging attack , frequency hopping attack , user friendly name attack , snarf attack , black door attack and jacking attack

SRES

claimant

verifier

Security Improvement of

Chapter4:

Discusses the J2ME, begins with configuration, profiles. It discusses CLDC, MIPD, MIDlets and the gives an idea about Bluetooth API

Chapter5:

This discusses solutions from analysis to design

Chapter 6:

Description some important methods and some Testing for the program

7. Discuss the results of the implementation

8. Discussion about future and conclusion

9. Recommendations

10. Acknowledgements

11. References

12. Glossary

1.3. Problem Formulation

The problem we are facing is that we are going to build wireless connection between a master and client, when we are going to make connection between them. The master is going to send data. But the Bluetooth technology suffers from many weaknesses in security side. If one sends data he or she risks to be attacked by adversaries, so that stealing the important data. Hackers can hack in and steal the information. Some times we need to send information for many clients since this problem can be in many areas like bank airport etc.

An example is taken to be implemented to prove the Bluetooth security. Shopping center was chosen in order to reduce the problem and make it more real. This choice makes one concentrate on main risks and weaknesses which can rise in this application and similar ones.

The master is going to connect to clients individually and send data to clients

The weaknesses which the Bluetooth suffer from can be used by hackers to break in to the connection.

These weaknesses are already known for people working with Bluetooth

The focus is going to be on the known weaknesses, how are these weaknesses , what are the effect of them , how to improve these risk and weaknesses coming from them especially during the connection not those which are rises because of interference between signals for example.

Shopping Center

Top Package

::

Customer

Every Time Connection

19

-

Start Connection

19

-

Please Enter

4

digits

19

-

4

digits

19

.

The Application encrypts the four digits

(

by using the encrypting system coming with the application

)

and sends them to the system

(

shopping center

)

together with the

9

encrypted numbers that received before

20

.

The system decrypts the

9

and

4

digits

,

hashes them and compare them to what is stored in the shopping centers data base

21

.

if they matches connection is established otherwise no connection

22

.

now the system can send data to client

Security Improvement of

1.3.1. Situating the problem:

The problems exist already outside since the weaknesses in the Bluetooth are already mentioned in most of Bluetooth websites and books, but the example taken is not implemented before. Yes during our work on the project we knew that there is

Shopping center in Australia, but they did not publish the technical information on the websites.

The thinking is where is the main weakness which if one improves, leads to improve most of known weaknesses.

In this example taken, the main subject is the connection between the server and the customer which is clients or slave.

The location of the customer is not taking in consideration, since one is not interesting if the customer can be tacked that he is inside the center or not, also the thinking is not going to concentrate on future risks like malware but it is going to be taken in consideration in general not in details.

What we mean by that the project is going to concentrate on data transmitting not on files or other things which mostly can be the source of malware, but the authentication and confidentially is going to be focused on , by that we can prevent most malware attacks and this can be the basement for other applications which are going to treat this part later .as a result the focus is going to be on the authentication and channel between the devices.

After limiting the problem, the next part of problem formulation is going to focus on diagnosing the problem.

1.3.2. Diagnosing the problem:

while reading and dealing with the problem. It is found that there are two kinds of Bluetooth network:

The piconet and the scatternet.

The piconet is built of one master and 7 clients where the master connects with 7 slaves. In the connection the sending of data takes two ways: multicast and Unicast, because of need to let the master connect the clients individually and as group.

During the connection many security problems arises:

Bluetooth is using weak PIN code and entering this code physically, and then the code can be guessed or watched.

The data is sent encrypted if the connection is forced to, but this cipher is not safe as it was before.

So the data can be read by the hacker if s/he breaks the cipher system. [40]

Breaking the cipher leads to eavesdropping the connection and then knowing the key to be used.

Also knowing the keys leads to impersonation the device.

The using of shared master key or unit key leads also to let the hacker monitor the device and as result break in the network.

The bad pairing leads to disclosing of the key.

Device

2

Device

1

encryption mode

Accept

{

negotiation of encryption mode

}

key

_

size

Accept

encryption

_

rand

Accept

{

negotiation of the encryption key size

}

{

generation of the encrption key

}

{

encryption traffic

}

Security Improvement of

How to make it possible to avoid malware attack in general?

If the hacker breaks in, s/he can modify the data or information.

The bad storing of the keys in database, also cause the problem of disclosing the keys.

Other problem rises how if the device stolen, what to do for that, since it can risk all the connection.

Then the questions riskes:

Question risks

How to authenticate securely?

How to prevent the hackers from breaking in to the connection, so one can send secure data?

How to secure the keys disclosing?

How to secure the channel?

How the connection is going to be between master and client: multicast, unicast?

How to be sure that the master is communicating with the right client?

How to safe the pairing between master and client?

How to send data secure?

After we show the risks how can be in genral, we have found solution for most of this risks or we can say we had make a design that can cover all this risks and make the conecction secuer , we will explain later in this report how the application we made can cover all the risks

Shopping Center

Top Package

::

Actor

1

2

-

the system randomize automatically

9

digits

1

-

Registration

3

-

The customers will receive a Paper file containing all information

about how they can connect with the Bluetooth shopping center

Step

1

First Time Connection

4

-

first connection

4

-

In the first connection the Shopping center asks the customer

to enter the

9

digits

5

-

The costumer enter the

9

digits

6

-

the server send an application to client

7

-

the application can

Execute Diffie Hellman process between server and client

Encrypt the four digits that we going to used later using CBC encryption system

The application is going to be used as GUI to make connection with Bluetooth center

8

.

The server side choose two big prime numbers g and p and private number call it a

.

then it calculates the A value

9

.

The big prime numbers p

&

g and A are going to be included in the application

10

.

when the client start to use the application it will ask the client to choose number

(

two digits not including zero

)

11

-

Key is stored in the client device

(

application

)

and the

application is going to send the B to the server

12

.

Now both sides have secrete keys

,

which can be used for encryption

13

-

When using the application

,

the customer is asked to enter

the last four digits of his

/

her CPR number

14

-

The customer enter

4

digits

15

.

The system decrypt the

4

received digits and compare them with the information stored in the system

16

.

The system delete the

9

digits

,

randomize

9

new digits store them in the database

.

17

-

The system sends

the

9

digits

(

Encrypted

)

to the client

,

and it will

store in the client device

18

.

The shopping center hashes the

13

digits

(

the

9

numbers stored in the data base and the

4

numbers received from the customer

)

and store the hash in date base

Security Improvement of

Chapter 2:

Preliminary Research

Bluetooth wireless technology became of interest for many people all around the world, because of needing for low power, low cost and short range replacement. Technicians or users try to hide the cables of computers, printers, scanners and so on , but connecting more devices which need more and more cables, because of that we need wires replacement. Wireless technologies replace wires and keep same functionality in hand. Bluetooth was designed and all these need were in mind. Thousands of engineers, researchers, students, professionals, even people in street are interesting in Bluetooth technology.

2.1. What is Bluetooth?

The term Bluetooth is: an open specification for a technology that enables short-range wireless voice and data communications any where in the world. [2]

Open specification: the specifications of Bluetooth are available for public in order to make this technology accepted and spread .Most information about Bluetooth is published on SIG (special interest group) website www.Bluetooth.com. [33]

Short range wireless: Most of communications take place on cables. Many of users become quite burdensome, because of connectors, cables, and pins etc.

Wireless technologies such as infrared and Bluetooth (uses radio frequency) solve the problem which issued from using cables. The specifications of

Bluetooth tell about what are the means to replace serial cables and others like printers, scanners etc.

Voice and data: Bluetooth can carry voice and data, where other technologies can only carry one of them.

The use of RF needs a license and the transmission power is strict, but apart of the RF spectrum can be used without license, this part is exploited by Bluetooth.

This technology is adapted by SIG group.

2.2. The Bluetooth SIG

The specification of Bluetooth is a result of cooperation between SIG groupSIG is an organisation that develops the specification and defines technology of Bluetooth. The Bluetooth SIG itself does not make, manufacture, or sell Bluetooth enabled products. The SIG member companies are leaders in the telecommunications, computing, automotive, music, apparel, industrial automation, and network industries. The main tasks for the Bluetooth SIG are to publish Bluetooth specifications, administer the qualification program, protect the Bluetooth trademarks and publish Bluetooth and evangelize Bluetooth wireless technology [2]

The original SIG formed in 1998, consisted of five companies:

Client Application

Middleware

(

Security Solution

)

Bluetooth Stack

Server Application

Middleware

(

Security Solution

)

Bluetooth Stack

Security Improvement of

Ericsson

IBM

Intel

Nokia

Toshiba

And later four other companies joined the group:

Microsoft

3Com

Lucent

Motorola

And many others companies have since become part of the Bluetooth expanding on the original vision and helping drive the development of this new technology [2]

2.3. The technology and SIG Origins

The engineers in Ericsson were doing a project in a purpose of eliminating cables between phones and the accessories when they begin to benefit this technology of short range wireless communications .From beginning it was recognized that Bluetooth can be more accepted and spread if it is adopted by a group of companies which develop and refine an open specification. In 1998,

SIG group was founded for this purpose. When Bluetooth technology became of awareness many other companies joined SIG group and adopted this new born technology .Over 2100 companies around the world support this technology [IEEE] .Adopters have free license for implementing new products with Bluetooth, of course they use the specification. There are many groups in SIG .Some of them are focusing on interfacing, software, compliance, marketing, profiles, membership. Now more then 11500 pages of information is published by SIG [33]

2.4. The Bluetooth Name

The name of this technology was taken after a name of King Herald who unified Denmark and Norway .He was called bltand which is translated to Bluetooth. It seems that the people who named this technology wanted to refer to the origin and refer that as bltand could unify the two countries also SIG can unify the efforts of different companies around the world. [11]

Figure 1: Bluetooth Logo

Security Improvement of

After discussing what the purpose of Bluetooth is, what SIG group role is in development of Bluetooth and how the name is originated, the time come to discuss the foundations of this technology

2.5. RF (radio frequency)

Radio Frequency Wireless Communications

Transmitters and receivers are important units when radio frequency is used. The power of transmitter is important as well as the sensitivity of the receiver both characteristics determine how far the waves cover. When long distances need to be covered, transmitter uses a high power. Bluetooth covers a distance of few meters, so a battery can be used. RF can penetrate the obstacles such as walls while other waves like light waves can not do that because they require what is called line of sight. The receiver can receive the RF when it tunes to a certain frequency for example Bluetooth operate in 2.4 GHz spectrum. RF is finite, because of that the frequency is partitioned and need for license, fortunately Bluetooth does not need license because it operates within 2.4 GHz spectrum. The spectrum is divided into 70 channels; each channel is 1 MHz bandwidth. There are many technologies which are employing 2.4GHz, such as Home RF, (IEEE) 802.11 wireless LAN, Microwave ovens .One can expect new uses for this spectrum because it is unlicensed. The devices employ the frequency hopping spread spectrum to minimize interference. [1]

2.6. Spread Spectrum RF Communications

Spread spectrum can be divided according to time, frequency,The packets are sent across these divisions. Bluetooth spectrum is divided into frequencies when packet is sent, it is sent on a channel, and the next packet is going to be sent on other channel, and so on. The receivers much know the hopping pattern so it knows where to catch the packet sent by transmitter (Frequency-hopping spread spectrum).

Using FHSS, the interface in RF reduces and the collision does. [1]

2.7. Bluetooth Address

Bluetooth device has unique address (BD_ADDR), which is a 48-bit; this address constitutes the basis for identification of devices when connections are established.

The addressee must be known to the side that initiates, for first-time connections, this is accomplished by having the initiating side collect the device addresses of all nearby units and then individually addresses the one of interest.

The device addresses are usually represented in hexadecimal colon separated format such as 00:0f: fa: ad: ea: f0. [3]

2.8. Layers

The lowest Bluetooth core protocol layers are:

Security Improvement of

L2CAP (Logical Link Control and Adaptation Protocol) layer:

This layer has many roles:

Multiplexing of data between master and slave

Segments data, so it fits for max payload of ACL.

The base band does not provide reliable connection, many errors happen because of interference and fading of signals. At this layer the correction of errors are going to happen. L2cap does not deal with voice, only with data.

Responsible for managing the ordering of submission of PDU

Fragments to the baseband and scheduling

Link Manager Protocol layer

Responsible for all aspects of a Bluetooth connection, such as power

control, roles, encryption etc.

Link Controller layer

Responsible for the encoding and decoding of Bluetooth packets from

the data payload and parameters related to the physical channel,

logical transport and logical link

Radio layer

Responsible for the actual transmitting and receiving of packets of

Information on the physical channel [5]

2.9. Bluetooth Links

The Bluetooth links are the data transmission method to be used among devices, the Bluetooth support two types of links

Synchronous connection oriented (SCO)

Its point to point link between a master and single slave typically supports time bound information such as voice data.

The master support up to three SCO links to the same slave or different slaves, while a slave can support up to three links from the same master or two if from different masters [2]

Asynchronous connectionless (ACL)

It is a point to multipoint, packet switched link between the master and slave device connected on a Bluetooth piconet, but only a single synchronous connectionless link can exist between a master and a slave [2]

2.10. Bluetooth Network

The Bluetooth technology provides two connections

Point to Point

In point to point only to units share the connection

Security Improvement of

Point to Multipoint

In point to multipoint the channel is shared among several units

2.11. Piconet and Scatternet

Piconets

Piconet is an ad-hoc computer network of devices using Bluetooth

technology Protocols to allow one master device to connecting with up

to seven slave devices at any given time.

The master is the unit that transmissions and the slaves are

responding units, this type of Bluetooth network can have only one

master unit. [30]

If several of piconet overlap a physical area and members of the

various picnets communicate with each other it is call.

Scatternet

A scatternet is a number of interconnected piconets that supports

communication between more than 8 devices

Scatternets can be formed when a member of one piconet. [30]

Any unit in one piconet can communicate in a second picnet as long as

It serves as master for only one picnet at a time

Figure [2]

Scatternet Comprising 11 Piconets [36]

This Figure shown how the conection in piconet and scatternet

Security Improvement of

2.12. More Details about Scatternet

Currently there are very few actual implementations of scatternets, but let us take step by step the different between Piconet and Scatterner.

Piconet as we defined before have a 3-bit address space, which limits the maximum size of a piconet to 8 devices (23 = 8), i.e. 1 master and 7 slaves.

So this means it depends only on one master but Scatternet is different because its unlimited and practically it will be very difficult to be use , for example if any master in the network for any reason shut down or disconnected, the rest connected devices to this master will be disconnected also

Client Application

Middleware

(

Security Solution

)

Bluetooth Stack

Server Application

Middleware

(

Security Solution

)

Bluetooth Stack

Figure [3]

Problem in Scatternet

This figure shown the conection problem in Scatternet

RF

Baseband

Link Manager

Host Controller Interface Data control

L

2

CAP Layer

L

2

CAP

Resource

Manager

Channel

Manager

RFCOMM

PPP

IP

UDP

TCP

WAP

WAE

vCard

/

vCal

OBEX

AT

-

COMMANDS

TCS BIN

SDP

Security

Manager

Application

User Interface

General

Management

Entity

Service

Database

Service

Database

Physical Layer

Bluetooth Radio

Lower Baseband

Layer

Device

Manager

Upper Baseband

layer

Security Improvement of

2.13. Packet format

Data in piconet is encoded in packets and the general packet consists [34]

Shopping Center

Top Package

::

Actor

1

2

-

the system randomize automatically

9

digits

1

-

Registration

3

-

The customers will receive a Paper file containing all information

about how they can connect with the Bluetooth shopping center

Step

1

First Time Connection

4

-

first connection

4

-

In the first connection the Shopping center asks the customer

to enter the

9

digits

5

-

The costumer enter the

9

digits

6

-

the server send an application to client

7

-

the application can

Execute Diffie Hellman process between server and client

Encrypt the four digits that we going to used later using CBC encryption system

The application is going to be used as GUI to make connection with Bluetooth center

8

.

The server side choose two big prime numbers g and p and private number call it a

.

then it calculates the A value

9

.

The big prime numbers p

&

g and A are going to be included in the application

10

.

when the client start to use the application it will ask the client to choose number

(

two digits not including zero

)

11

-

Key is stored in the client device

(

application

)

and the

application is going to send the B to the server

12

.

Now both sides have secrete keys

,

which can be used for encryption

13

-

When using the application

,

the customer is asked to enter

the last four digits of his

/

her CPR number

14

-

The customer enter

4

digits

15

.

The system decrypt the

4

received digits and compare them with the information stored in the system

16

.

The system delete the

9

digits

,

randomize

9

new digits store them in the database

.

17

-

The system sends

the

9

digits

(

Encrypted

)

to the client

,

and it will

store in the client device

18

.

The shopping center hashes the

13

digits

(

the

9

numbers stored in the data base and the

4

numbers received from the customer

)

and store the hash in date base

Access Code

Access code is used for synchronization, DC offset compensation and identification. It is show below:

Device in

connectable mode

Paging and

link setup

Link manager

connection request

Device

rejected

?

Connection request

accepted

Connection request

accepted

Authentication

pEncryption/p

p>

Authorized

?

Link setup

complete

Service

request

Check access

control list

Authentication

pEncryption/p

p>

Service

request accepted

Yes

No

Security mode

3

Security mode

1

and

2

Security

mode

2

Security mode

1

and

3

Yes

,

if auth

.

Rejected

Yes

,

no

auth

.

There are three kinds of access codes.

Channel Access Code (CAC) is used to identify the piconet. All packets sent through one channel of the piconet carries the address of the master device.

Device Access Code (DAC) is used for special signaling procedures, such as paging and response to paging.

A DAC for paging carries the address of paged device.

The preamble is simply a fixed 0101 or 1010 sequence depending on whether the LSB of the following sync word is 0 or 1.

If there is no header following in the packet, the access code does not have a trailer.

Header

Header part of the packet is used by the Link Control (LC) logical channel. It has the following format:

AM_ADDR: temporary address assigned to active members of the piconet, used on all packets in both directions sent between the master and the addressed slave. An all-zero AM_ADDR is used to broadcast to all slaves.

Security Improvement of

TYPE: type of packet. There are 12 types of packets for each SCO and ACL physical links, and four types of common control packets for both.

FLOW: for flow control.

ARQN: for ACK.

SEQN: contains sequence number for packet ordering.

HEC: header error check for header integrity.

Payload

There can be two types of payload: voice and data. SCO packets only have voice field, while ACL packets only have data field

Security Improvement of

2.14. Bluetooth stack

E

22

RAND

,

128

bits

PIN

,

max

128

bits

Length of PIN

Key

.

128

bits

Figure [4]

Bluetooth stack

message

verifier

claimant

Security Improvement of

2.15. Description the Bluetooth layers

At the bottom of the Bluetooth system stack is the Physical Layer, which is basically the modem part where the radio signals are processed.

Above the Physical Layer is the Baseband Layer where the packets are formatted.

The Baseband Layer takes care of the header creation, checksum calculations, retransmission procedure and the encryption and decryption

In the Upper Baseband Layer links are managed by the Link Manager (LM) and are set up using the Link Manager Protocol (LMP).

The Logical Link Communication and Adaption Protocol (L2CAP) take care of reformatting the large chunks of user data into smaller units to be transmitted over the Bluetooth link. For example, a higher level TCP/IP traffic packet is too large to fit a Bluetooth baseband packet.

Therefore, it will be cut into smaller chunks of data, sent to the baseband for transmission and reassembled on the receiving side.

Since Bluetooth modules are integrated in different types of devices with different types of architecture and capabilities, the Bluetooth controller (radio part) can be separated from higher level protocol layers. The higher layers will then be implemented in the host entity and can communicate with lower layers of the Bluetooth module through the Host Controller Interface

(HCI), separating the radio hardware-related functions from higher layer protocols. Not all Bluetooth implementations run the lower and higher layer processing on separated processors.

Consequently, integrated implementations will not have the HCI.

The Bluetooth Security Manager forms the key component in the general security architecture on top of the link-level security features of Bluetooth. The security manager has the following tasks: [12]

Initiate pairing and query PIN entry by the user. The PIN entry can also be done by an application.

Answer access requests by protocol implementations or applications (access granted or refused).

Enforce authentication and/or encryption before connecting to the application.

Store security-related information on services and devices.

Initiate or process input from an External Security Control Entity (ESCE)

It could be a device user, or a utility application executed on behalf of

The user based on preprogrammed security policies. In the latter case, this

utility could reside within or outside a particular BT-enabled

Device, to set-up trusted relationships on device level.

Since this thesis concentrates on the (lower) link-level security, the Bluetooth Security Manager will not further be analyzed.

A brief description of some higher layer protocols:

Security Improvement of

SDP: Service Discovery Protocol. The (Bluetooth specific) Service Discovery Protocol makes it possible for Bluetooth enabled devices to get information about the device type and services so that a connection between devices can be set up.

RFCOMM. Emulates an RS-232 [Association69] serial connection and is thus a cablereplacement protocol. For a number of upper layer protocols (OBEX, TCP/UDP, IP,...) no separate standard has to be designed since they interface with the RFCOMM protocol layer, which in turn interfaces with the core Bluetooth protocols.

TCS Binary: Telephony Control Specification. TCS specifies the call control signaling necessary to establish voice and data calls between Bluetooth devices.

AT Command. The standard Audio/Telephony modem commands.

OBEX: OBject EXchange protocol. This protocol takes care of data exchange in a client/server model and file synchronization.

TCP/IP: Transmission Control Protocol / Internet Protocol. TCP/IP is a protocol for controlling Internet communications, package of protocols which regulate connections between computers and the Internet

PPP: Point-to-Point Protocol. This protocol defines how Internet Protocol (IP) is transmitted over serial point-to-point links.

WAP: Wireless Application Protocol[Forum01] is an open standard and application environment for wireless information and telephony

Services on digital mobile phones specified by WAP Forum. The WAE (Wireless Application Environment) is the topmost level in the WAP architecture.

To provide support for specific applications and to offer interoperability, the Bluetooth SIG has developed a set of profiles. Profiles for fundamental and advanced procedures define the communication interface between two units for a service. Efficient reuse of existing protocols and procedures is possible by building new profiles on existing ones.

The most fundamental profile relates to connection and channel setup and modes of operation and is defined in the Generic Access Profiles (GAP).

All other profiles make use of the GAP

The Serial Port Profiles defines the original purpose of Bluetooth: short-range cable replacement. The Generic Object Exchange Profiles is used for file transfer, push services, synchronization, etc. New profiles are constantly developed, independently of the core specification

2.16. Summary

This chapter defines the Bluetooth. It tells the reader how the Bluetooth solves the problems of wires and offer good solution for transmitting data and voice, and

message

claimant

verifier

Security Improvement of

the chapter gives us good idea about SIG group. This group which has an important role in developing the specification of Bluetooth technology

It presents also the Bluetooth foundations, and goes through the Bluetooth stack, specifications then it gives an idea about RF (radio frequency).

Also this chapter gives an idea about networks kinds in Bluetooth and what the protocols uses by connections, discuses how to address a device and how the packets is formed, then it explains how to find a device and connects it.

Security Improvement of

Chapter3:

Security Principles

3.1. Introduction of Security

There are four entities used for maintaining the security at the link level.

3.1.1.Bluetooth Address:

Which is a 48-bit; this address constitutes the basis for identification of

devices when connections are established.

3.1.2.Private authentication key:

Which is a 128-bit random number used for authentication purposes.

3.1.3.Private encryption key:

This is 8-128 bits in length that is used for encryption

3.1.4.Random number (RAND)

This number is 128 bit number which is issued from the master. It is sent as

text and transmitted on air. It is used to add more variance into generated

payload key

3.2. Security Modes

Bluetooth has three different security modes build in it and they are as follows:

3.2.1. Security Mode 1

A Bluetooth unit in security mode 1 never initiates any security procedures; that is, it never demands authentication or encryption of the Bluetooth link.

Security mode 1 is the unsecured mode in Bluetooth.

A unit that offers its service to all connecting devices operates in security mode 1; this implies that the unit does not demand authentication or encryption at connection establishment. For example, an access point that offers information services to anybody is a possible usage scenario for security mode 1. [1]

Supporting authentication is mandatory and a unit in security mode 1 must respond to any authentication challenge. However, the unit will never send an authentication challenge itself and mutual authentication is never performed.

A unit in security mode 1 that does not support encryption will refuse any request for that.

verifier

claimant

IN

_

RAND

ACCEPT

message

(

from verifier

)

message from clamiant

V

_

RAND

V

_

SRES

C

_

RAND

C

_

SRES

{

generation of the init key

}

{

generation of the init key

}

{

generation of the authentication key

}

{

generation of the authentication key

}

{

authentication of the peer

}

{

authentication of the peer

}

Security Improvement of

3.2.2. Security Mode 2

When a Bluetooth unit is operating in security mode 2, it shall not initiate any security procedures, that is, demand authentication or encryption of the Bluetooth link, at link establishment. Instead, security is enforced at channel (L2CAP) or connection (e.g., Service Discovery Protocol (SDP), RFCOMM, and TCS) establishment.

The security mode 2 has been defined in order to provide better flexibility in the use of Bluetooth link-level security. In security mode 2, no security procedures are initiated until a channel or connection request has been received.

This means that it is up to the application or service to ask for security. Only when the application or service requires it will the authentication and/or encryption mechanisms be switched on. A sophisticated authentication and encryption policy based on the baseband mechanisms can be implemented using this principle. [1]

3.2.3. Security Mode 3

When a Bluetooth unit is in security mode 3, it shall initiate security procedures before the link setup is completed. Two different security policies are possible: always demand authentication or always demand both authentication and encryption.

In security mode 3, on the other hand, security procedures (authentication and/or encryption) are enforced at connection establishment.

This is a simple, always-on security policy. The implementation is easy and that reduces the risks of any security implementation mistakes. The drawback is the lack of flexibility. [1]

The unit will not be generally accessible. All connecting units need to be authenticated.

Figure [7] shows the differents between security modes by route digram

Security Improvement of

SRES

claimant

verifier

3.3.The different between security modes

can be Summarized [1]

Figure [5]

Different between security modes

Device

2

Device

1

encryption mode

Accept

{

negotiation of encryption mode

}

key

_

size

Accept

encryption

_

rand

Accept

{

negotiation of the encryption key size

}

{

generation of the encrption key

}

{

encryption traffic

}

Security Improvement of

3.4. Trusted and Untrusted devices

The Bluetooth specification defines several possible relations between Bluetooth devices, mainly based on whether a link key has been established previously

1. Trusted device: The device has been previously authenticated, a link key is stored and the device is marked astrusted in the Device Database.

Also the Trusted Device with fixed relationship (paired) that is trusted and has unrestricted access to all services [41]

2. Untrusted device: The device has been previously authenticated, a link key is stored but the device is not marked as trusted in the Device Database.

Also the Untrusted Device with no permanent fixed relationship (but possibly a temporary one) or device that has a fixed relationship, but is not considered as trusted. The access to services is restricted [41]

3. Unknown Device: No security information is available for this device. This is also an untrusted device.

Pairing = device link key is storedTrusted = device link key is stored and the device is also authorizedUntrusted = link key not stored or stored, but device is not specifically authorized

From this I would interpret that if pairing successfully happens between two devices, then usually the target device should be marked as "trusted" in the device database.[41]

3.5. SAFER+ Algorithm

The Bluetooth pairing and authentication process uses three algorithms: E22, E21, E1. All of these algorithms are based on the SAFER+

SAFER+ is a block cipher with a block size of 128 bits and three different key lengths: 128, 192 and 256 bits.

Bluetooth uses SAFER+ with 128 bit key length. In this mode, SAFER+ consists of:

1. KSA - A key scheduling algorithm that produces 17 different 128-bit subkeys.

2. 8 identical rounds.

3. An output transformation - which is implemented as a xor between the output of the last round and the last subkey [14]

Security Improvement of

Figure [6]

Inner design of SAFER+

3.5.1. The key scheduling algorithm (KSA) [14]

The key scheduling algorithm used in SAFER+ produces 17 different 128-bit subkeys, denoted K1 to K17.

Each SAFER+ round uses 2 subkeys, and the last key is used in the SAFER+ output transformation. The important details for our discussion are that in each step of the KSA, each byte is cyclic-rotated left by 3 bit positions, and 16 bytes (out of 17) are selected for the output subkey. In addition, a 128 bit bias vector, different in each step, is added to the selected output bytes.

3.5.2. The SAFER+ Round

SAFER+ consists of 8 identical rounds. The plaintext block is divided into 16 byte length sub blocks B1 B15. Sub blocks go through r round. Each round uses two sub keys: K2i and K2i-1.At beginning sub blocks are either XOR or added with bytes of sub key K2i-1.

The sub blocks are subjected to one of the two nonlinear transformations:

Security Improvement of

Y=45power(x) mod257

Y=log45(X)

These operations in the finite field GF(257) and 45 is primary elements in that field.

Then sub blocks are either XOR or added with bytes of sub blob key K2i.

The results of operation are fed though 4 layers of linear operations designed to increase the avalanche effects. Each operation is called a Pseudo Hadamard Transform (PHT). If the inputs to a PHT are a1 and a2, then the outputs are:

b1=(2a1+a2)mod256

b2=(a1+a2)mod256

After r rounds, there is a final output transformation. This is the same as the fist step of each round. B1, B3, B4, B7, B8, B11, B12, b15 are XOR with the corresponding bytes of the last sub key, and B2,B5,B6,B9,B10,B13,b14 are added to the corresponding bytes of the last sub key. The result is the cipher text.

SAFER + is a safe algorithm, provided a sufficient number of rounds is used

3.6. Point to Point

Introduction:

The security in the Bluetooth is built upon the use of symmetric key cryptographic mechanisms for authentication and the transaction between two or more devices are handled by link key.

3.7. Key Management

Key types

There are several different types of keys defined in the Bluetooth

1- Link Keys

Is a 128-bit random number, also the link key can be combination

keys that is derived from information from two devices, the link key

used also in authentication process and as a parameter when the

deriving the encryption key

1.1. Key Time (life time)

In the link key there is two type of key semi- permanent: can be used after the session is over to authenticate Bluetooth units that share it.

Security Improvement of

1.1.1.Temporary key

It is a short-lived key that exists during the pairing of two devices and

can not be used again, normally temporary keys used in point to

multipoint connections (the same information is transmitted to several

recipients).

1.1.2.Unit keys

Is a link key that one unit generates by itself and uses as a link key

with any other Bluetooth

2- Combination key

Is derived information between two devices and its generated for each new pair of Bluetooth devices.

3- Master keys

Which replace the link key; it can be used when the master unit wants

to send information to more than one recipient, the master key is a

temporary key

4- Initialization key

The initialization key is a short-lived key that exists during the

pairing of two devices

3.8. Personal Identification Number

The personal identification number it is the PIN Code used in the Bluetooth devices, the length of personal identification number can be between 1 to 16 digits.

In most of devices the regular personal identification number is 4 digits codes are sufficient for some applications, but of course if you want higher security you need longer codes.

The PIN code of the device can be fixed (in some Known species) so that it

needs to be entered to the device wishing to connect another possibility is

that the pin code must be entered to the both devices during the

initialization.

3.9. Initialization key

The initialization key its the key created during the first connection

(Pairing) and is There to protect the transfer of initialization parameters,

Its also used to generate the Authentication key

Security Improvement of

Figure [7]

A Pairing Example between two devices (in the same security mode (mode 3))

Key consisted

Key = = SafferAlgorithm ((Bluetooth Address Device), (PIN code), (length (PIN), (IN Random))

Where

PIN: is a user provided sequence of bytes

IN Random: is a 128 bit random number exchanged during

the Pairing initiation

The Bluetooth device address: its the address of the device

that received the In Random value

Algorithm: its a cryptographic hash function (SAFER +)

Kinit = E22 (BD_ADDR, PIN, length (PIN), IN_RAND)

Security Improvement of

Figure [8]

Details of Algorithm E22

The initialization key is needed when two devices with no prior engagements need to communicate, during the initialization process.

The PIN code is entered to both devices; the initialization key itself is generated by the E22 (Version of SAFER+), which uses the pin code.

The Bluetooth device address of the claimant device and 128 bit random number generated by the verifier device as input

The resulting 128 bit initialization key is used for key exchange during the generation of a link key. [1]

3.10. Authentication key

Step by Step Authentication key between two devices:

The Initialization key is only generated at the first pairing attempt.

The authentication step of the protocol a common secret key is required for the parties; the key is generated during the pairing process.

When only two devices are involved, the authentication key is called a combination key and generated using a key exchange algorithm.

Now I will explain step by step the authentication key between two devices, for example I will call the first device (Verifier) and the second device (Claimant).

Security Improvement of

The verifier device sends this message to the claimant device that consists of:

Message = V_LK XOR K initialization

Where

V_LK = E21 (V_RAND, V_ADDR) Where

V_RAND is a random number known to verifier only

V_ ADDR is the verifier address

E21 is a cryptography hash function

2-

After the receipt of verifier message, the clamant responds with this message.

This consists of:

Message = C_LK XOR K initialization

Where

C_LK = E21 (C_RAND, C_ADDR) Where

C_RAND is a random number known to Claimant only

C_ ADDR is the Claimant address

E21 is a cryptography hash function

3-

After this exchange of the messages both parties can calculate a common

Authentication key as:

Verifier device

C_RAND = message (from Claimant) XOR K initialization

Key = V_Lk XOR E21 (C_RAND, C_ADDR)

Claimant device

V_RAND = message (from verifier) XOR K initialization

Key = C_Lk XOR E21 (V_RAND, V_ADDR)

Security Improvement of

Figure [9]

Authentication process (both Devices)

The authentication method can be executed twice in a pairing procedure, in order to authenticate both parties.

In the algorithm the knowledge of the common authentication key and the right addresses are the basis of authentication.

The knowledge of the common authentication key indirectly implies that parties have used the same PIN to produce it.

3.11. Authentication

In this section we discuss the Authentication part with all

details by picture and methods

Security Improvement of

Figure [10]

Authentication Process

In this figure:

RAND:

RAND

verifierclaimant

The device verifier sends message to the device claimant that

consists of an 128 bit random number

SRES:

After the Claimant receipt of RAND message, the Claimant responds

with this message

This consists of SRES that is calculated as the first 32 bits of

SRES = E1 (KEY, ADDR, RAND)

Shopping Center

Top Package

::

Customer

Every Time Connection

19

-

Start Connection

19

-

Please Enter

4

digits

19

-

4

digits

19

.

The Application encrypts the four digits

(

by using the encrypting system coming with the application

)

and sends them to the system

(

shopping center

)

together with the

9

encrypted numbers that received before

20

.

The system decrypts the

9

and

4

digits

,

hashes them and compare them to what is stored in the shopping centers data base

21

.

if they matches connection is established otherwise no connection

22

.

now the system can send data to client

Security Improvement of

Where

Key: is the authentication key that we calculated before

ADDR: is the device B address

SRES = E1 (KEY, ADDR, RAND)

= SAFER+ (KEY, expand 128(ADDR) + (SAFER+ (KEY, RAND)

XOR RAND))

SRES: is the calculates and if the output matches the received SRES the authentication is complete, in that case the rest 96(128= 32+96) bits of the output of E1 are assigned the name ACO and stored.

ACO is an Authenticated Ciphering Offset

3.12- Encryption:

Encryption is a separate process that starts after authentication is successfully finished. For encryption a different key is used, called the encryption key and it allows for sizes from 8 to 128 bits.

Same devices are constructed in countries with different laws about encryption of data, it was allowed in the specification for devices to negotiate the encryption key size.

The process of enabling encryption consists of the steps:

1- Encryption negotiation

In begin the device send an encryption mode request message to the Second device, the encryption mode can be either enable or not.

This negotiation may occur multiple times until an acceptable by both sides key size is negotiated.

The last phase includes the sending of random number by initiator device in order for both peers to calculate the encryption key.

After the key is calculated encryption is enabled

2- Generation of the encryption key

The encryption key is generated using the current authentication key, which exchanged during the encryption negotiation.

K encryption = E3 (KEY, ACO, RAND)

= SAFER+ (KEY, expand 128(ACO) + (SAFER+ (KEY, RAND) XOR RAND))

Login Form

Choose what to do

Server

Insert

information

for new

customer

Security Improvement of

Figure [11]

Encryption negotiation

Security Improvement of

3.13. Encryption process

Figure [12]

Description of the encryption process

The Bluetooth encryption system encrypts the payload of the packets, this done with the stream cipher call E0, the E0 stream cipher consists of the payload key generator

E0 It generates a sequence of pseudorandom numbers and combines it with the data using the XOR operator

3.14. Weaknesses and Attacks

Bluetooth is good technology that gives us many benefits. It replaces the wires which were big problem when we wanted to build big network. And it offers three modes of security mode one, mod two, mod three. The security offered by this technology is not enough to make the user safe. Bluetooth is suffering from many weaknesses although it has many strength sides. In this chapter we discuss how these weaknesses can be exploited to attack the devices which are using Bluetooth communication .Such attacks like eavesdropping on data or trying to modify these data, so many kinds of attacks are going to be discussed here.

Security Improvement of

The attacks are many different kinds

The CIA (confidentiality, integrity, availability) are the main requirements for security whether the connections is wired or wireless.

Confidentiality: means that the information can be accessed only by authorized persons. Attackers try to get to the information one does not want them to access to.

Integrity: means that the information did not change from time of sending until receiving. Attacker tries to change and violates the privacy of data.

Availability: means that the resources of information are available any time when needed. Attackers try to damage the source like: network, server in order to prevent one from resources

Furthermore authentication is very important to prevent non repudiation

When attackers want to attack a system, they exploit the vulnerabilities that exist in the system.

Because of wireless connection hackers can be the accidental users, script kiddies, causal and skilled hackers. All of these attackers make attacks on wireless communication, but of different level and purposes.

1. Passive attacksEavesdropping

When the data is sending by a device communicating with others, this data suffers the risk of being eavesdropped, if it sends data with no encryption. There are two types of eavesdropping:

Passive eavesdropping: the connection is eavesdropped by the attacker using sniffer which is assumed to be with no encryption. The attacker can read the data and gather information to be used later in analysis of the connection to apply other attacks. In this kind of attacks the privacy is violated.

In the Bluetooth technology the users transmit their IDS and their passwords, The person who is sniffing can catch this information and use them to compromise the link, which leads to control the traffic or control the device the after controlling the

device ,the attacker can ask for data from other devices and receive them.

The experience hacker, who gets the IDs and password of other devices, can apply active eavesdropping attack to the network where the other devices participate. [43]

Solution:

The design is making the eavesdropping impossible because:

1- the attacker has to break the Diffie Hellman encryption process

2- He has to break the encryption cipher using by Bluetooth.

Active eavesdropping:

The attacker not only eavesdrop the connection, but also drop massages into the connection to determine what is in the massage sent on connection. What is needed in such attack is to get partially to a plaintext. For example the attacker can change the IP address to any IP address he wants.

The attacker can replace payload data with others, this leads to the importance of encryption, but we are dreaming if we consider that encryption is the magic solution

Security Improvement of

because also the attackers are concentrating on how to break the encryption and the question which rises is how strong the cipher is. The complexity for E0 (Bluetooth encryption system which encrypts the payload of the packets) is O (2power128). E0 may undergo correlation attacks and algebraic attack. No attack known until now to break the encryption system, but the work done by cryptanalysts and led to reduce the cave between input and output, so big O becomes O (2apower 24), this result makes the future of this encryption system unsafe.

Eavesdropping violates confidentiality

Solution:

The solution offered is:

1- The massage is encrypted by Diffie Hellman process , is strongly difficult to read it

2- The encryption cipher uses by Bluetooth E0.both kind of encryption make nearly impossible to get in to the massage or eavesdrop the transmission

3- It is very hard for the attacker to introduce any payload also because of strong and long way authentication

2. Active attacks

Masquerade attack: in this attack the hackers pretends to be authorized user to access to a device or get to more services than he is authorized to. Weak authentication makes this attack easy to be accomplished, once the attacker can access to the device, s/he can modify, delete data or configure the network and change the information on net. The problem of Bluetooth is that the authentication executes device to device, so when the authentication is done the services can be accessed.

.

Solution:

In this kind of attack the solution must be with strong authentication, which can help to confirm the right device, and we will show later in this report how we can make strong authentication

3. Impersonation:

The receiver want to be sure that s/he receives data from the right sender .It means that authentication goes well. The attack here is impersonation of sender or receiver. Secondly the hacker can replace payload .first part is not realistic with Bluetooth, but the second is more realistic, but it only disrupt the communication.

Solution:

The client must to enter the right PIN code, which should be big PIN code and the client must confirm the PIN code by another PIN code.

In our solution for the Bluetooth Security we will show how we can make it easy for the client and hard for the attacker

Security Improvement of

4. Man in the middle:

The attacker gets the key which is used for encryption of data transmitted between two parties. The device needs to share the unit key .Using fake address, one can calculate the unit key and use it in attack.

Solution:

With two time authentication and big PIN code plus the hash function that can make the client save from the attacker

The authentication makes it hard to get the key:

5. Modification of data and information:

This kind of attack happens without the knowing of the user of administrator.

Attacker can change, delete and put new information. This result in destroying the integrity and cause loosing of trust in information and data, as a result the source becomes UN trusted.

Solution:

1-The authentication process makes it impossible since the adversary is not able to connect to the shopping centre without long way of authentication. S/he needs to introduce numbers which are only known for customer and the server has to compare all the information with what is stored in the database.

2- The massages are sent encrypted twice (Diffie Hellman and mode)

6. Pairing:

Pairing is done by sharing same PIN code, this code is the base unit of all key (authentication key, initialization key, encryption key) which are calculated from this code. Applying exhaustive search leads to guess the PIN code (9999)

The problem of short pass key value is considered as one of the main vulnerabilities in security, the suggestion is to make it long.

Solution:

For covering this kind of attacks we use application and big randomize PIN code and another conformation code known only by the customer

7. Improper key storage:

Disclosure of keys:

When the secret key is stored in plain text in such file for example on computer, the possibility of finding the key by the attacker is large. And knowing the address which uses this device, it become easy to impersonate the device .The possibility of

Losing the key is small for small devices because of need to read non-volatile memory. Trojan horse attack can participate in stealing secret keys. []

Solution:

Security Improvement of

With big PIN code and Encryption system and Hash algorithm.

We will explain all details later in our security solutions.

8. Tampering with keys:

Adding link key to key data base without proper pairing gives unauthorized access to a device using Bluetooth, so the attacker can benefit this to access as legal person, because LM (link manager) is going to consider that the attacker is trusted person. It is bad to have key as text in data base

Solution:

The design is taking in consideration this and made:

1- The connection encrypted

2- The keys are hashed when received by server.

3-The design makes it nearly impossible for the adversary to pair with the server (9 numbers and then 4(private number known only by the customer)).

9. DOS attack:

-Bluetooth is vulnerable to interference of signals with other kind of wireless communications .This cause that the attackers can overflow the channel with

data as a result routing protocol disruption and jamming of devices.

This DOS attack (interference and jamming) can be applied on physical layer.

Bluetooth is short distance technology, so the success of this attack is high.

-Continuously request for response from victims device leads to battery degradation and may disable the victims device

-Also DOS attack aims to destroy the key database. This destruction appears during authentication. The problem with Bluetooth is that the specification does not tell how to do when such destruction happen. An alert send to the user so s/he can initiate new pairing process, but LM (link manager) does not allow for authentication until certain expires, the waiting time increase after ever authentication because of destruction. No way to go out of this case except by deleting the old keys and begin new pairing. Integrity helps to avoid Dos attack.

Unit Key:

The device using one key in authentication or encryption is suffering big risk for attacks. Trusted device can eavesdrop and impersonate other devices.

Solution: Hardened the authentication and prevent the impersonation and make it very hard to sniff.

Security Improvement of

10. Location tracking:

Five different types of location tracking attack:

The problem with Bluetooth is that the wireless devices can be tracked and since the device is carried by certain person, the privacy of location for this person is violated. The attacker uses the CAC and DAC to identify the device-Inquiry attack: where the attacker tries to gather the addresses of the devices to know the location of certain person and who he has a relation with

-Paging attack: needs that the device in the area and can be connected. The attacker pages the victim device and waits for ID packet to return, if the ID returns then he knows that the victim is there

-Frequency hopping attack: gets information from repeating hopping frequency

-User friendly name attack: the attacker success only if the device is connectable and the victim has only one user friendly name

Solution:

The project was not interesting about this kind of attacks, the meaning by that the design is not interesting if the location of the customer is known for others.

11. Implementation flaws:

Blue snarfing attack: where the attacker can access to the device without the permission of the user, then he can access the data such as calendar, phonebook

Solution:

If the attacker gets to the customer device, the design offer such next to has secure connection between customer and the server:

1-The jar file which is going to search for the server

2- The application is asking for 4 numbers which are known only by the customer, and are not stored in the device

3- The 9 encrypted digits which are stored in the application, the attacker has to break Diffie Hellman encryption system in order to get the 9 digits

Blue jacking attack: sending text messages (business card) by users, makes the person who accept this kind of messages suffer from receiving messages which open automatically because it is received from trusted contact, this kind of attack is not serious but annoying

Solution:

The design does not allow for text messages(business card) between the sever and the customer.

Security Improvement of

Blue bugging: in this attack the hacker access the victims mobile remotely where the attacker can send messages and make calls, use the internet and eavesdrop the calls without the permission of the owner.

Solution:

The attacker can use the customer device, but this does not effect the connection between the shopping centre and the device

12. Malware:

Mobile are connected to network where the user can install software and because of the automated nature of Bluetooth connection, Bluetooths user receive file from others , this cause that the mobile suffers from malicious software attacks and as a result can affect the Bluetooth connection or may be destroy it. Until now the virus is not a real threat, because of small memory.

authentication and authorization helps to prevent some attacks because the sender needs to be trusted by user, but the experience in this field (malware) shows that the hackers have many ways to go beyond these obstacles, this means that future is full with surprises..

Solution:

The design is not offering a solution for the customer device to avoid the malware. There is some AV software for mobiles at market, but the confidentiality and authentication make it hard for a person to do such attacks on the connection between customer and shopping centre.

Other vulnerabilities for hand held

The mobile or other hand held devices can be stolen, lost, and cause a risk to use the device for attacking other devices, because the stolen one is trusted

Solution:

If the device is stolen the 4 numbers gives temporary solution and chance for the customer until he connects the shopping centre

3.15. Summary

Since the transmitting of data and other information massages on Bluetooth technology suffer from being discloses, because of many security vulnerabilities There are many risks that some body who interest to steal these information or who interest in making destruction to attack the connection, so the security solutions are very important to prevent such attacks and strength these weaknesses and vulnerabilities.

This chapter gives an overview on Bluetooth security principles. It discusses the security modes. The Bluetooth has 3 security modes:

Mode1: where data is sent with no security. Mode2: where the connection is not going to be established securely, but only when

Security Improvement of

the application or service requires that, the authentication and/or encryption mechanisms are switched on.

Mode3: security procedures (authentication and/or encryption) are enforced at connection establishment

After discussing security modes, the chapter gives an idea about trusted and non trusted devices, so this leads to discus the key management. In the key management discussion, the temporary keys and link keys etc are discussed

Then it discuses the authentication how it can be accomplished .further more it discuss the encryption which is very important to secure the channel and hide the data from adversaries.

This chapter goes to other part later which discusses the weaknesses of the Bluetooth and the attacks applied on this technology and how the implemented design treated these vulnerabilities. It discusses the attack and what is the solution for that attack.

It discusses :eavesdropping , impersonation , pairing , improper key storage , disclosure of keys , tampering with keys , DOS attack , unit key , location tracking , Bluetooth device address and location tracking , Inquiry attack , traffic monitoring attack , paging attack , frequency hopping attack , user friendly name attack , snarf attack , black door attack and jacking attack .

This chapter leads to discuss the next chapter to tell about the language o programming used for implementation

Security Improvement of

Chapter 4:

The Program Language

4.1J2ME

Looking to devices in the market, we see different kind of devices with different capabilities and performances. The computer, mobiles and PDA are examples of these devices. One of the important things which make the functionality differs is the memory. The pc has big memory where the mobile is with small memory. Taking this in consideration means that the applications which run on the pc is different from these which run on the PDA or mobiles , because of that designers have to think about how much memory the device has ,when s/he is going to build an application or even when to install an application .This reason leads to discussion of the programming language which is going to be used to implement an application. Bluetooth technology is used by devices with small memories, so the designers think about programming language with small library and can give good results.

The j2me is nothing but java for small devices. The j2me is divided into profiles, configurations and optional APIs [38] [7]

Figure [13]

Configurations and profiles of the j2me [38]

Security Improvement of

4.2. Configuration

Configuration is designed for devices based on memory constrains and processor power [44].

Device manufactures are responsible to port their devices with configuration needed to their device. Profiles depend on configurations and offer all what is needed to develop an application. The profiles, configurations and the optional API which are implemented on a device are called stack. There are two kinds of configurations in j2me first is CLDC (Connected, Limited Device Configuration) and other is CDC (Connected Device Configuration). These kinds of configurations are used depending on the memorys capacity of a device. [38]

4.2.1. CDC

This kind of configuration has to have at least 256KB RAM and 512KB ROM. this kind of configuration supports full JVM. There are many versions 1.0.1 and 1.1. The last version is supporting personal profile1.1 and presents APIs which matches JDK 1.4. [38]

4.2.2. CLDC

This kind is of configuration is suitable to be used with mobiles, pagers and PDA. The L letter means limited, the limitation is on display memory, input, network connection, CPU power, battery life etc.

C means connected and this shows that it has connection to network, but this network is not very fast, one can see this with mobiles.

The CLDC is not like CDC it does not support full JVM. JVM is small and called KVM. [38]

4.3. Profiles

The profiles are layered on the top of the configurations. The profiles which are layered on CDC are the foundation profile which is responsible for network; there are other profiles which are layered on the top of the foundation profile: personal basic profile and personal profile

There are other profile build on CLDC: MIDP (Mobile Information Device Profile) and PDAP (Personal Digital Assistant Profile). [39]

4.3.1. MIDP

This profile will provide a standard platform for small, resource-limited, wireless-connected mobile information devices characterized as follows: [45]

512K total memory (ROM + RAM) available for Java runtime and libraries

Limited power, typically battery operated

Connectivity to some type of wireless network with possibly limited bandwidth

User interfaces with varying degrees of sophistication

Security Improvement of

Also this profile will utilize the core functionality provided by the "J2ME Connected, Limited Device Configuration." Potential APIs that will need to be created, extended, or enhanced include the following: [7]

Display toolkit suitable for limited size and depth displays.

User input methods such as pen, buttons, keyboard, etc.

Persistent data storage for applications, data, and configuration information.

Messaging (e.g., SMS, e-mail, etc.)

Networking, such as datagram and connection oriented services.

Security, as it applies to mobile information devices. (e.g., protecting the integrity of the devices and networks from rogue applications, end-to-end security and data integrity, etc.)

Wireless telephony (i.e., functions for placing and receiving voice calls, tracking call states, etc.).

Figure [14]

MIDP packages

We can see in the above figure how CLDC took the APIs from J2SE.The java.lang , input output stream classes java.io and collection of java.util . One can see also the CLDC is combined with MID 2.0 [39]

4.4. MIDlets

The MIDlets is the application in j2me.It operates on the MIDP of device.

Down in the figure one can see how the MIDlets grouped to form a package

Which is the MIDlets suite before it loads to small computing device. [42]

The MIDlet is derived from javax.microedition.midlet.MIDlet abst. Class

Security Improvement of

Figure [15]

MIDlets make package and load to device

The MIDlets suit run in the same JVM, if they run the same class then only one instance is created at a time and share the same data. [7]

The name of MIDlet suit is using to identify the data related to the suit, this mean that the MIDLets can not share the data of the other suit.

The application manager is responsible for install, execute and remove the suit. The files needed to implement the suit a